Presentación de Oscar Lopez, de Nextel S.A., durante la XV Jornada de Seguridad TI de Nextel S.A. en la Alhóndiga de Bilbao el jueves 27 de junio de 2013.
1 of 25
More Related Content
Seguridad: sembrando confianza en el cloud
1. Sembrando confianza en el CLOUD
Oscar López
Área I+D+i
XV Jornadas de Seguridad NEXTEL S.A.
27/06/2013
2. SEED4C. Sembrando confianza en el CLOUD
Servicios en CLOUD
IaaS PaaS SaaS
Cloud provider
Cloud customer
¿Seguridad TI y ahorro de costes es posible?
3. SEED4C. Sembrando confianza en el CLOUD
• Coordinación del proyecto: Alcatel-Lucent Bell Labs
• Inicio: Abril 2012
• Cierre: Septiembre 2014
• Duración: 30 meses
• 4 países: Finlandia, Francia, Corea y España
4. SEED4C. Sembrando confianza en el CLOUD
• How to increase the Trust in Cloud Services ?
Up to
80%of problems may be
solved with a protected
execution & a proper
policy enforcement.
5. SEED4C. Sembrando confianza en el CLOUD
• Can we “plant” SEEDs in the Cloud
to increase trust ?
Building a
Trusted Cloud Computing Base
TCCB
Based on
A Cloud of minimal Trusted Computing Bases:
the SEEDs managed by the NoSE
6. SEED4C. Sembrando confianza en el CLOUD
• Security Embedded Element and Data
Privacy for Cloud infraestructures
Introduction of NoSE. Network of Secure elements
10. SEED4C. Sembrando confianza en el CLOUD
• Deliver Trusted Services in a multi-nodes
Trusted Cloud Execution Enviroment
10
Policy
Execution
Trust &
Assurance
• Network
• Servers
• more…
Trusted
Execution
Trust &
Assurance
11. SEED4C. Sembrando confianza en el CLOUD
SECURITY PLANE / NoSEUSER’S
DEVICE
END to END TRUSTED SERVICESEND to END TRUSTED SERVICES
User’s SEED enrolled in NoSE
Trust &
Assurance
• And deliver End to End security to users
12. SEED4C. Sembrando confianza en el CLOUD
Infra
Provider
SaaS
Provider
User /
Tenant
PaaS
Provider
Device
Provider
• In a multi-party policy driven architecture
13. SEED4C. Sembrando confianza en el CLOUD
• And provide compliance and evidence
• Logs and audit features enforced by
the NoSE
• Change Management of the Trusted
Architecture tracked down thanks to
the NoSE and central management
• Change workflow may be enforced
too by trusted actors
14. SEED4C. Sembrando confianza en el CLOUD
• Cómo distribuir los elementos seguros dentro de
una infraestructura para que proporcionen valor
añadido a la plataforma y los servicios.
• Cómo conseguir un balance de carga y
comunicación seguros entre y desde los
elementos seguros (SE) a las máquinas
integradas.
• Cómo abordar la ejecución de políticas
(centradas en la Identidad y Privacidad),
trazabilidad y garantía de los servicios finales.
• Retos de investigación
16. SEED4C. Sembrando confianza en el CLOUD
• SEEDs planting: Granularity
– Network, hypervisors, servers, storage, devices
– Strategic places IaaS, PaaS, SaaS
• Multiple form factors required to match physical constraints
– Secure Embedded Elements, TPM, Software in a TEE,
Dedicated VM, OS Component
• Network of Secure Elements (NoSE)
– Communication protocols across SEEDs
• Scalability of the architecture
• Enrollment & Lifecycle of equipment, VMs, SEEDs in the
NoSE
– Enroll equipment, attach them to SEEDs
• Credential management
• Valor añadido
17. SEED4C. Sembrando confianza en el CLOUD
• Mapeo de los casos de uso
Net
aaS
PaaS
IaaS
SaaS
NoSE
Client
Access
Device
1: BYOD /
protection
of corp data
2: Airport equipment Mgt.
3: HSM+Key
Ceremony
4: Enterprise
Collaboration
5:
ePayment,
PCI/DSS
6: IAM
Auth +
Auditing
7: Security at
IaaS Level
8: Monitoring Security at
PaaS Layer
9: Admin Access & Audit
management/logs
10: Telco Services in
the cloud, multi
tenancy protection
11: eGov.
Services,
Data
protection
12: SVPDC, Virtual
Data Center
management
20. SEED4C. Sembrando confianza en el CLOUD
Before SEED4C After SEED4C
•Security solutions based on
independent, proprietary and
independent elements to secure data in
the cloud
•Enhanced security related functionality
to control, access and store protected
data in the cloud
•Adopt the seeds developed for the e-
Government service to manage and
store this protected data in their own
infrastructure
•Add more layers of security using a
network of secure elements: Compliance,
Traceability and Auditability.
• eGoverment services data protection
22. SEED4C. Sembrando confianza en el CLOUD
Before SEED4C After SEED4C
•Security solutions based on
independent, proprietary and
independent elements to secure data in
the cloud
•Enhanced security related
functionalities
•Add more layers of security using a
network of secure elements
•Provide a NoSE interconnected
generating a trusted network that
provides a layer of security to the
entire system: Compliance, Traceability
and Auditability.
• Centralized cloud services for airport
management