• No results found

Releasing the potential of cloud computing in Europe Building the secure environment for big and small partners

N/A
N/A
Protected

Academic year: 2021

Share "Releasing the potential of cloud computing in Europe Building the secure environment for big and small partners"

Copied!
14
0
0

Loading.... (view fulltext now)

Full text

(1)

Releasing the potential of cloud computing in Europe –

Building the secure environment for big and small partners

Dr. Ladislav Hudec, Associate Professor

http://www2.fiit.stuba.sk/~lhudec/

Faculty of Informatics and Information Technologies Slovak University of Technology

Prepared for V4S – VISEGRAD 4 FOR SECURE DATA Meeting held on May 28, 2015 in Brussels

(2)

Introduction of the FIIT STU

We cover a wide range of the Informatics and Information Technologies (IIT) in

both the research and education.

We are the first faculty with a such mission in Slovak republic.

We offer modern study programs accredited study programs by the IET (Institution

of Engineering and Technology) community, which is established in London.

Staff

o More than 15 professors and associate professsors, allmost all full time o More than 30 teachers

o More than 5 research fellows

Students

o More than 1100 (full time only), including 50 PhD students

(3)

A baseline of study at the FIIT STU

BSc. (Bc.)FIIT 3 years PhD. FIIT 3 years university degree in

another field MSc.(Ing.)

FIIT 3 years Graduation

from high school

practice practice MSc.(Ing.) FIIT 2 years BSc. (Bc.)FIIT 4 years practice

(4)

Accredited study programs at the FIIT STU

3

rd.

level

Doctoral degree study

COMPUTER AND COMMUNICATIO N SYSTEMS AND NETWORKS INFORMATICS COMPUTER AND COMMUNICATION SYSTEMS AND NETWORKS

1

st

. level

Bachelor degree study

2

nd.

level

Master (Engineer) degree study

SOFTWARE ENGINEERING INFORMATION SYSTEMS SOFTWARE SYSTEMS APPLIED INFORMATICS INFORMATION SECURITY

(5)

Research in security at the FIIT STU

Security evaluation model based on the score of security mechanisms

o Information security risks pose a serious threat to organizations dependent on their

information systems.

o The main process that is supposed to help in security decisions is a risk analysis.

Outputs of a risk analysis are essential inputs for risk management. It provides a risk manager with a set of significant risks and with data to assist in treatment of these risks.

Quantitative methods are usually preferred because, if following a proper methodology, they

can provide us with more accurate results.

Qualitative methods are influenced by subjective perception of a risk analyst that conducts this

process, so they tend to be biased.

o Risk managers and security professionals need formalized quantitative risk

measures and metrics, so they can efficiently and correctly measure risks.

o Our goal is to bring the objectivity into the process of the risk assessment and

evaluation and to express the security score in an organization in three basic security attributes.

 We used the security mechanisms implementation score to measure the quality of

implemented security controls and the Analytic Hierarchy Process technique to express the importance of particular mechanisms.

 Security controls are originated from the ISO/IEC 27002:2005 standard and we propose security

mechanisms for each control objective from this standard.

o Designed approach specifies how to use the standard with selected security

mechanisms and defines a methodology on determining weighted relations between

four layers of the proposed security model. The lowest layer are security

mechanisms, then control objectives, followed by security clauses and the upper layer consists of security attributes.

(6)

Research in security at the FIIT STU

Security mechanisms implement security controls desired by control objectives in

standard in order to improve the overall score of information security attributes,

depicted at the bottom.

(7)

Research in security at the FIIT STU

Overall score of security mechanisms implementation.

One security mechanism can contribute to one or more control objectives and one

control objective can be supported by one or more security mechansims. These

relations are weighted, so we can adjust the influence of each assignment. We

can express this part of a model with the weighted sum, where Mi is the score of

the security mechanism i and W(Mi) is its weight.

(8)

Research in security at the FIIT STU

The evaluation should be done in the following way.

o First, the security administrator or manager selects the organization type. Then he

inputs available statistics data into the evaluation system together with the security

mechanisms' implementation score, which can be obtained by security metrics or by the expert judgement.

o The system then evaluates the security clauses with respect to these specific data and

show the result in main security attributes.

For more detailed information see:

BREIER, J., HUDEC, L.: On selecting critical security controls. In: ARES 2013 : Proceedings 2013 international conference on availability, reliability and security, 2-6 September

2013, Regensburg, Germany. - Los Alamitos : IEEE Computer Society, 2013. - ISBN 978-0-7695-5008-4

(http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=6656131). - p. 582-588 BREIER, J., HUDEC, L.: On identifying proper security mechanisms. In Khabib Mustofa,

Erich J. Neuhold, AMin Tjoa, Edgar Weippl, and Ilsun You (Eds) Information and

Communicatiaon Technology. The 2013 Asian Conference on Availability, Reliability and Security (AsiaARES 2013), March 25th - 29th 2013, Gadjah Mada University, Indonesia. Volume LNCS 7804. Springer Berlin Heidelberg, 2013. ISBN 978-3-642-36818-9, p. 285-294.

(9)

Research in security at the FIIT STU

Secure access control in Mobile Ad-hoc NETworks (MANET)

o The MANET network is a special kind of mobile ad-hoc network, which does not rely on

any fixed infrastructure (e.g. swarm of drones, conferences, meetings, where group of people needs to exchange data or share the connection to the Internet).

o PKI consists of trusted third party – certificate or attribute authority – and clients which

rely on and trust to certificates signed by this authority. The common way of how certificate authority works is binding public key to legal identity of its owner.

o The main goal of this work is to develop new approach for secure access control in

conditions of MANET networks with utilization of public key infrastructure.

o This new approach improve the public key infrastructure deployability in the mobile

ad-hoc networks routed by B.A.T.M.A.N. Advanced. We have extended the

B.A.T.M.A.N. Advanced routing protocol with authentication and authorization of routing updates based on X.509 certificates.

o Furthermore we have determined several levels of node's trustworthiness and two

levels of interoperability between trusted authorities in the network.

o To mitigate extra load caused by renewing of certificates, we have identified critical

factors affecting it and designed the computation formula for optimal amount of cross certificates issued by trusted authority.

o To further improve the service reachablity in highly mobile networks in earlier stages of

PKI deployment, we have designed the Cluster Glue.

o The ClusterGlue helps to connect groups of nodes from different parts of network which

owns the certificates issued by the same authority. Thanks to these modifications we are able to mitigate various security risks and provide the more secure route for

(10)

Research in security at the FIIT STU

Secure access control in Mobile Ad-hoc NETworks (MANET)

o For more details see:

VILHAN, P., HUDEC, L.: Building Public Key Infrastructure for MANET with Help of

B.A.T.M.A.N. Advanced. In: Proceeding of the 2013 European Modelling Symposium. Manchester, UK, 20-22 November, 2013. IEEE Computer Society. ISBN 978-1-4799-2578-0. P 530-535.

VILHAN, P., HUDEC, L.: Cluster glue - improving service reachability in PKI enabled MANET. In: UKSim-AMSS 2014 : proceedings UKSim-AMSS 16th international conference on computer modelling and simulation. 26-28 March 2014, Cambridge, United Kingdom. - Los Alamitos : IEEE Computer Society, 2014. - ISBN 978-1-4799-4923-6. - S. 493-498

(11)

Research in security at the FIIT STU, FMFI UK and CSIRT.SK (proposal)

Centre of excellence in information security

o Consortium consists of the FIIT STU, FMFI UK (Faculty of Mathemetics, Physics and

Informatics of Comenius University), CSIRT.SK (Computer Security Incident Response Team Slovakia).

o This year infrastructural project for completing existing technology at the consortium

partners is proposed. Next four years research and innovation activities will be performad.

o Field of research:

o Development and implementation of SIEM (Security Information and Event

Management) solution for public administration:

 SIEM will be built on open-source technologies.

 Developed solution will be built with an emphasis on the ability to monitor and process a large

number of events and data flows (at least 10,000 events per second and 100,000 flows per second), the ability to evaluate information from these events and flows.

o Research in wireless and mobile networks built up on the current network technologies

with focus on security and privacy.

 This includes the possibility of monitoring and evaluation of existing users, but also thorough

analysis of wired and wireless technologies, including the possibility to analyze the behavior of groups.

o Distributed NIDS (Network Intrusion Detection System) for home networks with Internet

access.

 The project goal is to design new model for observing and profiling of the network traffic with

end-device granularity from the perspective of the home Wi-Fi router.

 Proposed model should provide information about the type of network traffic and about its

(12)

Research in security at the FIIT STU, FMFI UK and CSIRT.SK (proposal)

Centre of excellence in information security

o Field of research:

o Secure communication in networked embedded systems.

 The project aim is to research of security requirements of embedded systems with regard to

specific characteristics of automotive communication buses.

 Security extension of currently used buses CAN (Controlled Area Network) using Ethernet

network. For example exploitation of higher bandwidth or other security mechanisms.

o Research in wireless and mobile networks built up on the current network technologies

with focus on security and privacy.

 This includes the possibility of monitoring and evaluation of existing users, but also thorough

analysis of wired and wireless technologies, including the possibility to analyze the behavior of groups.

o Development of secure active networks devices.

 For the security of the physical layer of computer networks pays that almost all active network

components of computer networks (switches, routers, hardware firewall with IPS and IDS functions, etc.) are implemented as embedded systems. Increasing the security of these embedded systems imlpies increasing security of active network devices.

o Big data analyse for security purpose.

 Computer logs contais a huge amount of data. Looking for patterns of malicious activities

requires to design fast parallel algorithms for big data processing.

o Biometric methods.

 The aim of research in this area will be user authentication based on the dynamics of writing

and dynamics of working with a mouse and may be supplemented by the inclusion of additional authentication methods based on other characteristics of the user.

(13)

Research in security at the FIIT STU, FMFI UK and CSIRT.SK (proposal)

Centre of excellence in information security

o Field of research:

o Research and development in the field of secure software of personal computers,

servers, networking, consumer and industrial electronics.

 testing and analysis of the weaknesses of the firmware, operating systems and applications  the design and development of solutions to increase the resilience of software against various

forms of attack the safety of operating systems and applications in virtual environments and in cloud

 the design and operation of honeypots to detect new attacks.

o Research and development in the field of secure hardware of personal computers,

servers, networking, consumer and industrial electronics.

 testing and analysis of the weaknesses of the hardware elements and their interfaces

 the design and development of solutions to increase the resilience of hardware against various

forms of attack

 the development of equipment for the discovery and demonstration of hardware security

vulnerabilities

 a side channel analysis (time, sampling, electromagnetic radiation).

o Research and development of security systems for population services.

 cryptographic currency, payment protocols, electronic voting, mass remote control, health (eg.

medical equipment).

(14)

References

Related documents

According to the obtained information, the highest frequency between the basic themes in the analyzed sources is related to the content of the code (P10) called

19% serve a county. Fourteen per cent of the centers provide service for adjoining states in addition to the states in which they are located; usually these adjoining states have

Standardization of herbal raw drugs include passport data of raw plant drugs, botanical authentification, microscopic & molecular examination, identification of

It was decided that with the presence of such significant red flag signs that she should undergo advanced imaging, in this case an MRI, that revealed an underlying malignancy, which

Synthetic biology unites multidisciplinary efforts directed at the design of complex biologi- cal systems to obtain useful novel properties and activities based on the

While as anticipated generally decentralization resulted in greater participation and control over service delivery and governance by local communities, local governments are