SEcure Cloud computing for CRitical infrastructure IT
Requirements on the Cloud, such as high levels of availability, resilience, and IT security, are indispensable for the use of Cloud technologies in the area of critical infrastructures, as is the guarantee that these will actually be delivered. However, the guaranteed implementation of these requirements continues to present a challenge.
The correct specification of security policies is an error-prone process and can often only be performed by security experts in collaboration with domain experts. In addition, suitable tools for specifying security policies in a simple and user-friendly manner are currently still missing. Furthermore, existing security solutions do not dynamically adapt to the current usage context, which can result in suboptimal behavior of the Cloud environment. Undifferentiated treatment may ultimately lead to insecure service delivery.
Among other things, Fraunhofer IESE is performing research into how context-dependent security policies can be specified in a simple and user-friendly manner on the one hand and enforced in established Cloud environments on the other hand. Here, an interesting research question is which context information must be exchanged between the infrastructure and the service level to enforce security policies dynamically. For example, it is possible to define security policies that require the separation of critical or competing services, that enforce the storage of data in a particular place, or that only allow migration of services within Europe.
The goal is to adapt the components of the IND²UCE framework to Cloud technologies and to integrate them into these. With the help of specific components of the IND²UCE framework, context information from different levels of abstraction, for example, are brought together and security decisions are made in a context-sensitive way. To reduce complexity during specification, templates for security policies are also created in the application domains being considered. In this regard, a uniform taxonomy is to be used as a basis. In the context of the research, a Cloud testing environment (Cloud Lab) is being set up at Fraunhofer IESE.