Se cloud presentations
-
Upload
philippe-thiran -
Category
Software
-
view
394 -
download
0
Transcript of Se cloud presentations
SeCloud!Security-driven0engineering0of0Cloud-based0Applica8ons!
Prof!dr!Philippe!Thiran,!Sirris!!
Agenda!
• Mo5va5ons!and!objec5ves!
• Research!perspec5ves!and!consor5um!
• Interac5ons!with!industry!!
2!
Agenda!
• Mo5va5ons!and!objec5ves!
• Research!perspec5ves!and!consor5um!
• Interac5ons!with!industry!!
3!
Cloud!services!
• Services!delivered!as!u5li5es!over!a!network!• Services!accessible!by!means!of!APIs!
!API!economy!
4!
CloudFbased!applica5ons!
• CloudFbased!applica5ons!!– Applica5ons!using!Cloud!services!– Almost!all!new!applica5ons!are!CloudFbased!applica5ons!
5!
91%$of$net$new$so,ware$built$for$cloud$delivery$in$2014.!
Mobile$applica=ons:$even$if$mobile$applica=ons$are$not$SaaS,$they$are$deployed$on$cloud.!
IDC,!2014!
Security!
• CloudFbased!applica5ons!!!Applica5on!using!Cloud!services!provided!by!!third0par8es0
• New!security!challenges!introduced!by!the!mul8-party0and!distributed!nature!of!CloudFbased!applica5ons!
!• Some!examples!– Service!availability!– Data!locality!– Data!aggrega5on!/!replica5on!
Industrial!demand!
• SoNware!companies!recognize!that!the!ability!to!offer!secure0solu8ons0is!key!to!the!success!of!their!business!– S5ll!lack0of0knowledge0about!the!specific!security!risks!to!the!Cloud!model!
– Not!clear!how!security!can!be!achieved!in!CloudFbased!applica5ons!
– Not!clear!how!compliance!can!be!demonstrated!and!proved!to!external!auditors!
7!
Not!yet!workable!solu5ons!
• Emerging!technologies!and!solu5ons!both!in!academia!and!in!the!industry0– Only!addressing!parts!of!the!security!problems!for!CloudFbased!applica5ons!!
– Difficult!for!soNware!companies!to!link0and0bundle0all!these!blocks!into!a!workable!security!solu5on!for!their!specific!context!
8!
Needs!
• Prac5cal!and!proac8ve0approach0(security0by0design)0
• Good!knowledge!of!security0risks0specific!to!CloudFbased!applica5ons!
• Knowledge!must!be!built!upon0different0aspects!of!the!security!problems:!not!only!technical!aspects!
9!
Industrial!target!groups!
• Primary!target!group!– SaaS!applica5on!providers!– Mobile!applica5on!providers!
• Secondary!target!group!– Technology!providers!– Security!consultants!and!advisors!(processes!and!development)!
In!Brussels:!640!companies,!240!of!which!have!more!than!1!employee!
In!Brussels:!50!companies,!18!of!which!have!more!than!1!employee! 10!
Main!goals!
• Performing!scien5fic!research!!– Set0of0tools,0technologies0and0techniques00– Proac8ve0security0approach0of!CloudFbased!applica5ons!
• Conceiving!a!security0risk0management0model0– Risk!evalua5on,!mi5ga5on!responses!to!cri5cal!risks,!vulnerabili5es!and!threats!
• Involving!the!industry!as0validator!
11!
Agenda!
• Mo5va5ons!and!objec5ves!
• Research!perspec5ves!and!consor5um!
• Interac5ons!with!industry!!
12!
Research!perspec5ves!
• Proac8ve!introduc5on!of!security!in!CloudFbased!applica5ons!impacts!soNware!companies!– Reconsidering!the0architecture0of0their0Cloud-based0applica8on00
– Selec5ng!and!adop5ng!new0security0infrastructure,0protocols0and0standards!!
– Reconsidering!the0programming0technology0used!to!secure!cloud!soNware!!
– Changing!the!organiza8onal0and0development0process!used!to!create!the!solu5on!!
13!
Research!perspec5ves!
• Approach!with!4!research!perspec5ves!
Selec5on!of!research!areas!based!on!• Industrial!relevance!• Scien5fic!contribu5on!and!available!exper5se!in!the!Consor5um!14!
Mul5disciplinary!consor5um!
15!
Infrastucture
Architecture
Programming
Erasmus Sirris
ULB/CoDE
ULB/Qualsec ULB/QuiC
UCL/Security
Sirris ULB/SBS VUB/LSTS
UCL/ICTEAM VUB/COMO VUB/SOFT
Process
Risk Management
Transfer to
Industry
Agenda!
• Mo5va5ons!and!objec5ves!
• Research!perspec5ves!and!consor5um!
• Interac5ons!with!industry!!
16!
Transfer!to!industry!
Primary target group
Security Risks
Profiles
Security solutions
Security risk identification
Secondary target group
New technologies & services
Application Profiles
Research Industry
Architecture
Programming
Infrastructure
Process
Security Solutions
Security Solutions
17!
Current!sponsors!
18!
Interested?!
• Ge`ng!involved!– Aaending!brokerage0events0and!workshops!!
– Providing!your!business!cases!and!problems!
– Sharing!your!own!experience/exper5se!in!a!par5cular!domain!!
– Par5cipa5ng!in!pilot!cases!
!
• TakeFaway!– Gathering!knowledge!and!inspira5on!!
– Ge`ng!advice!for!your!own!challenges!
– Establishing!longFterm!collabora5ons!
– Introducing!innova5ons!in!your!products/services!
19!
SeCloud!Security-driven0engineering0of0Cloud-based0Applica8ons!
Prof!dr!Philippe!Thiran,!Sirris!!