Solution

The project aims at defining a new approach for providing security of the cloud. Three main challenges have been identified within SEED4C scope.

1. How to distribute Secure Elements in the infrastructure and provide added value to platform and Services.

Each layer requires independent security missions that have to be enforced by the proposed architecture of distributed SEs. In practice, the distributed SEs provides security services enabling to satisfy the required security missions. One of the major is to be able to adjust different and may be conflicting security missions with efficient management, security assurance and monitoring.

solution

The proposed architecture must address multi-tenancy requirements. In order to guarantee a set of security objectives (i.e. a security mission) for each layer in a multi-tenant environment, the only approach is to provide:

  • Network isolation providing secure load balancing.
  • In-depth protection using multiple Mandatory Access Controls (MAC) for protecting the different levels of the system.
2. Address secure load balancing and communication between SEs and from SEs to embedding machines.

Inner middleware development will be undertaken in order to enable communication between SE and SE to embedding machine. Hence, three major issues will be address in this challenge:

  • Moving of applications into another virtual machine on the same server that has a Secured Elements.
  • Moving application into another machine that has a secured elements embedded.
  • Moving application to another machine without Secure Element.
3. Address Policies execution, traceability and at the end assurance of services.

This step will focus on the way secure elements will interface to external software components executed on the network. This will include the interface with policy definition systems, Identity and access control components or management servers.

solution_2


The project will focus on tools and methods for the collection and tracing of different types of privacy-related information. These new tools will exploit the local traces and provide the desired supervision services like privacy monitoring, data life cycle management, privacy audit, breach tracking, anomaly detection, traceability, etc.