Se cloud presentations

SeCloud!Security-driven0engineering0of0Cloud-based0Applica8ons!

Prof!dr!Philippe!Thiran,!Sirris!!

Agenda!

•  Mo5va5ons!and!objec5ves!

•  Research!perspec5ves!and!consor5um!

•  Interac5ons!with!industry!!

2!

Agenda!




3!

Cloud!services!

•  Services!delivered!as!u5li5es!over!a!network!•  Services!accessible!by!means!of!APIs!

!API!economy!

4!

CloudFbased!applica5ons!

•  CloudFbased!applica5ons!!– Applica5ons!using!Cloud!services!– Almost!all!new!applica5ons!are!CloudFbased!applica5ons!

5!

91%$of$net$new$so,ware$built$for$cloud$delivery$in$2014.!

Mobile$applica=ons:$even$if$mobile$applica=ons$are$not$SaaS,$they$are$deployed$on$cloud.!

IDC,!2014!

Security!

•  CloudFbased!applica5ons!!!Applica5on!using!Cloud!services!provided!by!!third0par8es0

•  New!security!challenges!introduced!by!the!mul8-party0and!distributed!nature!of!CloudFbased!applica5ons!

!•  Some!examples!–  Service!availability!–  Data!locality!–  Data!aggrega5on!/!replica5on!

Industrial!demand!

•  SoNware!companies!recognize!that!the!ability!to!offer!secure0solu8ons0is!key!to!the!success!of!their!business!– S5ll!lack0of0knowledge0about!the!specific!security!risks!to!the!Cloud!model!

– Not!clear!how!security!can!be!achieved!in!CloudFbased!applica5ons!

– Not!clear!how!compliance!can!be!demonstrated!and!proved!to!external!auditors!

7!

Not!yet!workable!solu5ons!

•  Emerging!technologies!and!solu5ons!both!in!academia!and!in!the!industry0– Only!addressing!parts!of!the!security!problems!for!CloudFbased!applica5ons!!

– Difficult!for!soNware!companies!to!link0and0bundle0all!these!blocks!into!a!workable!security!solu5on!for!their!specific!context!

8!

Needs!

•  Prac5cal!and!proac8ve0approach0(security0by0design)0

•  Good!knowledge!of!security0risks0specific!to!CloudFbased!applica5ons!

•  Knowledge!must!be!built!upon0different0aspects!of!the!security!problems:!not!only!technical!aspects!

9!

Industrial!target!groups!

•  Primary!target!group!– SaaS!applica5on!providers!– Mobile!applica5on!providers!

•  Secondary!target!group!– Technology!providers!– Security!consultants!and!advisors!(processes!and!development)!

In!Brussels:!640!companies,!240!of!which!have!more!than!1!employee!

In!Brussels:!50!companies,!18!of!which!have!more!than!1!employee! 10!

Main!goals!

•  Performing!scien5fic!research!!– Set0of0tools,0technologies0and0techniques00– Proac8ve0security0approach0of!CloudFbased!applica5ons!

•  Conceiving!a!security0risk0management0model0– Risk!evalua5on,!mi5ga5on!responses!to!cri5cal!risks,!vulnerabili5es!and!threats!

•  Involving!the!industry!as0validator!

11!

Agenda!




12!

Research!perspec5ves!

•  Proac8ve!introduc5on!of!security!in!CloudFbased!applica5ons!impacts!soNware!companies!–  Reconsidering!the0architecture0of0their0Cloud-based0applica8on00

–  Selec5ng!and!adop5ng!new0security0infrastructure,0protocols0and0standards!!

–  Reconsidering!the0programming0technology0used!to!secure!cloud!soNware!!

–  Changing!the!organiza8onal0and0development0process!used!to!create!the!solu5on!!

13!

Research!perspec5ves!

•  Approach!with!4!research!perspec5ves!

Selec5on!of!research!areas!based!on!•  Industrial!relevance!•  Scien5fic!contribu5on!and!available!exper5se!in!the!Consor5um!14!

Mul5disciplinary!consor5um!

15!

Infrastucture

Architecture

Programming

Erasmus Sirris

ULB/CoDE

ULB/Qualsec ULB/QuiC

UCL/Security

Sirris ULB/SBS VUB/LSTS

UCL/ICTEAM VUB/COMO VUB/SOFT

Process

Risk Management

Transfer to

Industry

Agenda!




16!

Transfer!to!industry!

Primary target group

Security Risks

Profiles

Security solutions

Security risk identification

Secondary target group

New technologies & services

Application Profiles

Research Industry

Architecture

Programming

Infrastructure

Process

Security Solutions

Security Solutions

17!

Current!sponsors!

18!

Interested?!

•  Ge`ng!involved!–  Aaending!brokerage0events0and!workshops!!

–  Providing!your!business!cases!and!problems!

–  Sharing!your!own!experience/exper5se!in!a!par5cular!domain!!

–  Par5cipa5ng!in!pilot!cases!

!

•  TakeFaway!–  Gathering!knowledge!and!inspira5on!!

–  Ge`ng!advice!for!your!own!challenges!

–  Establishing!longFterm!collabora5ons!

–  Introducing!innova5ons!in!your!products/services!

19!

SeCloud!Security-driven0engineering0of0Cloud-based0Applica8ons!

Prof!dr!Philippe!Thiran,!Sirris!!

Se cloud presentations

Software

Transcript of Se cloud presentations