SlideShare uma empresa Scribd logo

PRISMACLOUD Cloud Security and Privacy by Design

PRISMACLOUD Project
PRISMACLOUD Project

On December 10th Thomas Länger from University of Lausanne presented PRISMACLOUD project during the 6th International Conference on eDemocracy Citizen rights in the world of the new computing paradigms in Athens, Greece. PRISMACLOUD generated considerable interest among the participants!

Internet
1 de 17
Baixar para ler offline
PRISMACLOUD Cloud Security and Privacy by Design Horizon 2020 programme; duration 2/2015-7/2018 — 6th International Conference on eDemocracy Citizen rights in the world of the new computing paradigms Thomas L¨anger thomas.laenger@unil.ch Swiss Cybersecurity Advisory & Research Group Universit´e de Lausanne 10 Dec 2015 – 16:15-17:15 Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 1 / 17
Talk outline Present H2020 project PRISMACLOUD (2.2015 - 8.2018) (Abbr.: Privacy and Security Maintaining Services in the Cloud) Current cloud computing models Cloud market and cloud providers Governance in cloud computing More organisational and technical risks PRISMACLOUD approach and portfolio ...on 17 slides Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 2 / 17
Definition of cloud computing Widely accepted definition by the NIST (Special Publication SP800-145, 7 pages; emph. by me): Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 3 / 17
Definition of cloud computing Widely accepted definition by the NIST (Special Publication SP800-145, 7 pages; emph. by me): Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Sounds like an end-user paradise. But is it really true? Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 4 / 17
This cloud model is composed of... five essential characteristics: On-demand self-service, Broad network access Resource pooling, Rapid elasticity, Measured service three service models: Software as a service (SaaS), Platform as a service (PaaS) Infrastructure as a service (IaaS), + data storage-, hardware-, function-, big data-, security-, management- as a service four deployment models: Private cloud, Community cloud Public cloud, Hybrid cloud (all SP800-145) Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 5 / 17
”Servicification” - transform a product into a service We witness now the servicification or tertiarisation of the ICT sector: The ICT products are enrolled to a greater extent to cloud providers, instead as to end-users; end users only need to provide an access platform (e.g. a thin client with a web browser) and an online connection; The cloud providers generate the additional value of the services and sell the services to the end-users; the cloud providers get access to valuable data and metadata; cloud providers control access to the data. Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 6 / 17
Cloud market: A few figures Management consulter Accenture sees 46% of the IT spending for ’cloud-related platforms and applications’ by 2016 A Cloud Computing Forecast Summary for 2013 - 2017 from IDC, Gartner and KPMG; online: www. prweb. com/ releases/ 2013/ 11/ prweb11341594. htm , citing a study by Accenture (2013) The cloud computing market is by 2015 estimated to be in the region of USD 150 billion, and will probably grow by the year 2018 to around USD 200 billion Transparency Market Research: Cloud Computing Services Market - Global Industry Size, Share, Trends, Analysis And Forecasts 2012 - 2018, online: www. transparencymarketresearch. com/ cloud-computing-services-market. html ”Amazon Web Services is a $5 billion business and still growing fast” Amazon quaterly earnings report Q1/2015 phx. corporate-ir. net/ phoenix. zhtml? c= 97664& p= irol-newsArticle& ID= 20395989 Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 7 / 17
The clouds: who provides them? The cloud service providers are well known from their past in IT: Amazon Web Services (biggest retailer, biggest cloud provider) Google-YouTube-Android: (bought 181 companies 2001-2015) Microsoft-Azure-Skype, Facebook (bought 53 companies 2005-2015) etc. etc. Some of them also want to ’get a grip’ on the data or at least on the meta-data. Most public clouds reserve themselves access to who communicates with whom, and when, and where from (all these are metadata); establish detailed profiles of millions of individuals and dragnet or mine them for valuable information, identify potential ’targets’ for marketing Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 8 / 17
Governance For sensitive data, like data in critical infrastructures, or private personal data (e.g. health data), European legislation does not only reserve ultimate control of the data to its owner (which is in the case of the health case the patient), but also requires data confidentiality for extended periods of time (like 80 years into the future). On the other hands, companies move data between jurisdictions and such prevent the enforcement of legal rights. Big corporations use loop-holes in legal systems and influence policy processes by extensive lobbying. Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 9 / 17
More pending risks in cloud computing As the cloud metaphor already indicates, you put your data into some opaque thing somewhere on the internet. But that’s just what you wanted to do: Give the data to somebody else for taking care of it. This is may be quite practical, and save you some money in the first place (see the advantages listed in NIST definition), but leads to a series of information risks: Policy and organisational risks lack of control, lack of information on processing loss of governance (data moved to another legislation) vendor lock in Technical risks diverse data protection risks isolation failure data loss, abuse, malicious outsider and insider etc. Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 10 / 17
Horizon 2020 project PRISMACLOUD approach A 3.5 year project with the goal to enable end-to-end security for cloud users, and to provide tools to reinstate governance to end users with the best technical means – by cryptography Provide 10 cryptographic functions to support end user goals in cloud computing from the following 4 fields: Protection of data at rest More privacy of end users Authentication of stored and processed data Certification of virtual infrastructures Make cryptography available, usable and economically relevant for clouds – and build it into systems by design Evaluate its capabilities in real-life scenarios Put a focus on usability, policy, and standardisation Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 11 / 17
Example: Secure cloud storage ”by default” Provide a storage service as most users would expect: the data remains strongly confidential the data is readily available on demand the data may easily be shared with others the data can easily be transferred to another provider when the user wants to Solution: use a cryptographic storage network use an information dispersal algorithm with a threshold scheme (Shamir secret sharing, e.g. 3 out of 5) ”keyless encryption” under non-collusion assumption capable of long term security (substitution of shares to counter collusion threat) implicit backup change of provider: (take a provider’s share out of the set, generate a new share for the new provider) Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 12 / 17
Services enabled by PRISMACLOUD crypto tools (Part I) Data storage in the cloud Secure cloud storage ”by default” enabled by: Cryptographic storage network Moving a legacy application to the cloud enabled by: Data security for database applications User privacy protection Non-identifiable and untrackable use of a cloud service Minimal exposure of personal data during authentication enabled by: Anonymous credentials and Group signatures Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 13 / 17
Services enabled by PRISMACLOUD crypto tools (Part II) Authentication of stored and processed data Black out information from electronically signed documents Allow someone to modify your electronically signed documents enabled by: Malleable signtures Controlling the correctness of delegated computations enabled by: Verifiable computation Certification of virtualised infrastructures: Certification of virtualised infrastructures Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 14 / 17
H2020 Project PrismaCloud Call: H2020-ICT-2014-1 Acronym: PRISMACLOUD Type of Action: RIA Number: 644962 Partners: 16 Duration: 42 months Start Date: 2015-02-01 Estimated Project Cost: 8.5MAC Requested EU Contrib.: 8MAC Coordinator: Austrian Institute of Technology GmbH www.prismacloud.eu Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 15 / 17
Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 16 / 17
About: Thomas L¨anger Hi, I’m post-doc researcher at the Swiss Cybersecurity Advisory & Research Group of the Institute of Information Systems, Faculty of Business and Economics, University of Lausanne. Currently active in H2020 Project ”PrismaCloud” 1 Feb 2015 + 42 month; 16 Partners, Project cost approx. 8.5MAC ”Develop next-generation cryptographically secured services for the cloud.” My tasks: cloud computing (cc) security design patterns; cc standardisation; end user impact analysis of cc. Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 17 / 17

Recomendados

Object storage
Object storageObject storage
Object storageakash tambakad
 
SIEM & IAM
SIEM & IAMSIEM & IAM
SIEM & IAMGetting value from IoT, Integration and Data Analytics
 
Encryption and Key Management in AWS
Encryption and Key Management in AWS Encryption and Key Management in AWS
Encryption and Key Management in AWS Amazon Web Services
 
Institucional proofpoint
Institucional proofpointInstitucional proofpoint
Institucional proofpointvoliverio
 
What is Object storage ?
What is Object storage ?What is Object storage ?
What is Object storage ?Nabil Kassi
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesDay 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesAmazon Web Services
 
Data Sharing with Snowflake
Data Sharing with SnowflakeData Sharing with Snowflake
Data Sharing with SnowflakeSnowflake Computing
 

Recomendados

Object storage
Object storageObject storage
Object storageakash tambakad
 
SIEM & IAM
SIEM & IAMSIEM & IAM
SIEM & IAMGetting value from IoT, Integration and Data Analytics
 
Encryption and Key Management in AWS
Encryption and Key Management in AWS Encryption and Key Management in AWS
Encryption and Key Management in AWS Amazon Web Services
 
Institucional proofpoint
Institucional proofpointInstitucional proofpoint
Institucional proofpointvoliverio
 
What is Object storage ?
What is Object storage ?What is Object storage ?
What is Object storage ?Nabil Kassi
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesDay 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesAmazon Web Services
 
Data Sharing with Snowflake
Data Sharing with SnowflakeData Sharing with Snowflake
Data Sharing with SnowflakeSnowflake Computing
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Amazon Web Services
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarJoseph Holbrook, Chief Learning Officer (CLO)
 
AWS Tagging Strategy
AWS Tagging StrategyAWS Tagging Strategy
AWS Tagging StrategyShiva Narayanaswamy
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2Amazon Web Services
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseAraf Karsh Hamid
 
Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Tom Laszewski
 
Aws Architecture Fundamentals
Aws Architecture FundamentalsAws Architecture Fundamentals
Aws Architecture Fundamentals2nd Watch
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Overview and Walkthrough of the Application Programming Model with SAP Cloud ...
Overview and Walkthrough of the Application Programming Model with SAP Cloud ...Overview and Walkthrough of the Application Programming Model with SAP Cloud ...
Overview and Walkthrough of the Application Programming Model with SAP Cloud ...SAP Cloud Platform
 
Serverless Architecture GCP In Production
Serverless Architecture GCP In ProductionServerless Architecture GCP In Production
Serverless Architecture GCP In ProductionOliver Fierro
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)Shiu-Fun Poon
 
Azure information protection
Azure information protectionAzure information protection
Azure information protectionKjetil Lund-Paulsen
 
Best Practices for SecOps on AWS
Best Practices for SecOps on AWSBest Practices for SecOps on AWS
Best Practices for SecOps on AWSAmazon Web Services
 
Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Maganathin Veeraragaloo
 
AWS Marketplace
AWS MarketplaceAWS Marketplace
AWS MarketplaceAmazon Web Services
 
Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Amazon Web Services
 
Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...PRISMACLOUD Project
 
Challenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computingChallenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computingBrandix India Apparel City Pvt Ltd.
 

Mais conteúdo relacionado

Mais procurados

Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Amazon Web Services
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseAraf Karsh Hamid
 
Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Tom Laszewski
 
Aws Architecture Fundamentals
Aws Architecture FundamentalsAws Architecture Fundamentals
Aws Architecture Fundamentals2nd Watch
 
Overview and Walkthrough of the Application Programming Model with SAP Cloud ...
Overview and Walkthrough of the Application Programming Model with SAP Cloud ...Overview and Walkthrough of the Application Programming Model with SAP Cloud ...
Overview and Walkthrough of the Application Programming Model with SAP Cloud ...SAP Cloud Platform
 
Serverless Architecture GCP In Production
Serverless Architecture GCP In ProductionServerless Architecture GCP In Production
Serverless Architecture GCP In ProductionOliver Fierro
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)Shiu-Fun Poon
 
Best Practices for SecOps on AWS
Best Practices for SecOps on AWSBest Practices for SecOps on AWS
Best Practices for SecOps on AWSAmazon Web Services
 
Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Amazon Web Services
 

Mais procurados (20)

Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
AWS Tagging Strategy
AWS Tagging StrategyAWS Tagging Strategy
AWS Tagging Strategy
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for Partners
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-Premise
 
Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security
 
Aws Architecture Fundamentals
Aws Architecture FundamentalsAws Architecture Fundamentals
Aws Architecture Fundamentals
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Overview and Walkthrough of the Application Programming Model with SAP Cloud ...
Overview and Walkthrough of the Application Programming Model with SAP Cloud ...Overview and Walkthrough of the Application Programming Model with SAP Cloud ...
Overview and Walkthrough of the Application Programming Model with SAP Cloud ...
 
Serverless Architecture GCP In Production
Serverless Architecture GCP In ProductionServerless Architecture GCP In Production
Serverless Architecture GCP In Production
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)
 
Azure information protection
Azure information protectionAzure information protection
Azure information protection
 
Best Practices for SecOps on AWS
Best Practices for SecOps on AWSBest Practices for SecOps on AWS
Best Practices for SecOps on AWS
 
Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)
 
AWS Marketplace
AWS MarketplaceAWS Marketplace
AWS Marketplace
 
Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017
 

Semelhante a PRISMACLOUD Cloud Security and Privacy by Design

Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...PRISMACLOUD Project
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGIRJET Journal
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionIJERA Editor
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudPaaSword EU Project
 
Secure One Time Password OTP Generation for user Authentication in Cloud Envi...
Secure One Time Password OTP Generation for user Authentication in Cloud Envi...Secure One Time Password OTP Generation for user Authentication in Cloud Envi...
Secure One Time Password OTP Generation for user Authentication in Cloud Envi...ijtsrd
 
Tech equity - Cloud presentation
Tech equity - Cloud presentationTech equity - Cloud presentation
Tech equity - Cloud presentationAdrian Hall
 
Encryption Algorithms for Cloud
Encryption Algorithms for CloudEncryption Algorithms for Cloud
Encryption Algorithms for CloudMphasis
 
IRJET- Improving Data Spillage in Multi-Cloud Capacity Administration
IRJET- Improving Data Spillage in Multi-Cloud Capacity AdministrationIRJET- Improving Data Spillage in Multi-Cloud Capacity Administration
IRJET- Improving Data Spillage in Multi-Cloud Capacity AdministrationIRJET Journal
 
IRJET- Improving Data Spillage in Multi-Cloud Capacity Administration
IRJET- Improving Data Spillage in Multi-Cloud Capacity AdministrationIRJET- Improving Data Spillage in Multi-Cloud Capacity Administration
IRJET- Improving Data Spillage in Multi-Cloud Capacity AdministrationIRJET Journal
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword EU Project
 
"Engineering implications of the cloud when applied to the Media" - Mesclado'...
"Engineering implications of the cloud when applied to the Media" - Mesclado'..."Engineering implications of the cloud when applied to the Media" - Mesclado'...
"Engineering implications of the cloud when applied to the Media" - Mesclado'...Mesclado
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIaetsd Iaetsd
 
Bni cloud presentation
Bni cloud presentationBni cloud presentation
Bni cloud presentationrichszy
 
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud StorageA Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud StorageIRJET Journal
 
Cloud intrusion detection System
Cloud intrusion detection SystemCloud intrusion detection System
Cloud intrusion detection Systemsadegh salehi
 

Semelhante a PRISMACLOUD Cloud Security and Privacy by Design (20)

Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...
 
Challenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computingChallenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computing
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
 
Secure One Time Password OTP Generation for user Authentication in Cloud Envi...
Secure One Time Password OTP Generation for user Authentication in Cloud Envi...Secure One Time Password OTP Generation for user Authentication in Cloud Envi...
Secure One Time Password OTP Generation for user Authentication in Cloud Envi...
 
Tech equity - Cloud presentation
Tech equity - Cloud presentationTech equity - Cloud presentation
Tech equity - Cloud presentation
 
B1802041217
B1802041217B1802041217
B1802041217
 
Encryption Algorithms for Cloud
Encryption Algorithms for CloudEncryption Algorithms for Cloud
Encryption Algorithms for Cloud
 
IRJET- Improving Data Spillage in Multi-Cloud Capacity Administration
IRJET- Improving Data Spillage in Multi-Cloud Capacity AdministrationIRJET- Improving Data Spillage in Multi-Cloud Capacity Administration
IRJET- Improving Data Spillage in Multi-Cloud Capacity Administration
 
IRJET- Improving Data Spillage in Multi-Cloud Capacity Administration
IRJET- Improving Data Spillage in Multi-Cloud Capacity AdministrationIRJET- Improving Data Spillage in Multi-Cloud Capacity Administration
IRJET- Improving Data Spillage in Multi-Cloud Capacity Administration
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
 
"Engineering implications of the cloud when applied to the Media" - Mesclado'...
"Engineering implications of the cloud when applied to the Media" - Mesclado'..."Engineering implications of the cloud when applied to the Media" - Mesclado'...
"Engineering implications of the cloud when applied to the Media" - Mesclado'...
 
Project 3
Project 3Project 3
Project 3
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
 
Bni cloud presentation
Bni cloud presentationBni cloud presentation
Bni cloud presentation
 
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud StorageA Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
 
Cloud intrusion detection System
Cloud intrusion detection SystemCloud intrusion detection System
Cloud intrusion detection System
 

Último

Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 

Último (20)

Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 

PRISMACLOUD Cloud Security and Privacy by Design

  • 1. PRISMACLOUD Cloud Security and Privacy by Design Horizon 2020 programme; duration 2/2015-7/2018 — 6th International Conference on eDemocracy Citizen rights in the world of the new computing paradigms Thomas L¨anger thomas.laenger@unil.ch Swiss Cybersecurity Advisory & Research Group Universit´e de Lausanne 10 Dec 2015 – 16:15-17:15 Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 1 / 17
  • 2. Talk outline Present H2020 project PRISMACLOUD (2.2015 - 8.2018) (Abbr.: Privacy and Security Maintaining Services in the Cloud) Current cloud computing models Cloud market and cloud providers Governance in cloud computing More organisational and technical risks PRISMACLOUD approach and portfolio ...on 17 slides Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 2 / 17
  • 3. Definition of cloud computing Widely accepted definition by the NIST (Special Publication SP800-145, 7 pages; emph. by me): Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 3 / 17
  • 4. Definition of cloud computing Widely accepted definition by the NIST (Special Publication SP800-145, 7 pages; emph. by me): Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Sounds like an end-user paradise. But is it really true? Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 4 / 17
  • 5. This cloud model is composed of... five essential characteristics: On-demand self-service, Broad network access Resource pooling, Rapid elasticity, Measured service three service models: Software as a service (SaaS), Platform as a service (PaaS) Infrastructure as a service (IaaS), + data storage-, hardware-, function-, big data-, security-, management- as a service four deployment models: Private cloud, Community cloud Public cloud, Hybrid cloud (all SP800-145) Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 5 / 17
  • 6. ”Servicification” - transform a product into a service We witness now the servicification or tertiarisation of the ICT sector: The ICT products are enrolled to a greater extent to cloud providers, instead as to end-users; end users only need to provide an access platform (e.g. a thin client with a web browser) and an online connection; The cloud providers generate the additional value of the services and sell the services to the end-users; the cloud providers get access to valuable data and metadata; cloud providers control access to the data. Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 6 / 17
  • 7. Cloud market: A few figures Management consulter Accenture sees 46% of the IT spending for ’cloud-related platforms and applications’ by 2016 A Cloud Computing Forecast Summary for 2013 - 2017 from IDC, Gartner and KPMG; online: www. prweb. com/ releases/ 2013/ 11/ prweb11341594. htm , citing a study by Accenture (2013) The cloud computing market is by 2015 estimated to be in the region of USD 150 billion, and will probably grow by the year 2018 to around USD 200 billion Transparency Market Research: Cloud Computing Services Market - Global Industry Size, Share, Trends, Analysis And Forecasts 2012 - 2018, online: www. transparencymarketresearch. com/ cloud-computing-services-market. html ”Amazon Web Services is a $5 billion business and still growing fast” Amazon quaterly earnings report Q1/2015 phx. corporate-ir. net/ phoenix. zhtml? c= 97664& p= irol-newsArticle& ID= 20395989 Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 7 / 17
  • 8. The clouds: who provides them? The cloud service providers are well known from their past in IT: Amazon Web Services (biggest retailer, biggest cloud provider) Google-YouTube-Android: (bought 181 companies 2001-2015) Microsoft-Azure-Skype, Facebook (bought 53 companies 2005-2015) etc. etc. Some of them also want to ’get a grip’ on the data or at least on the meta-data. Most public clouds reserve themselves access to who communicates with whom, and when, and where from (all these are metadata); establish detailed profiles of millions of individuals and dragnet or mine them for valuable information, identify potential ’targets’ for marketing Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 8 / 17
  • 9. Governance For sensitive data, like data in critical infrastructures, or private personal data (e.g. health data), European legislation does not only reserve ultimate control of the data to its owner (which is in the case of the health case the patient), but also requires data confidentiality for extended periods of time (like 80 years into the future). On the other hands, companies move data between jurisdictions and such prevent the enforcement of legal rights. Big corporations use loop-holes in legal systems and influence policy processes by extensive lobbying. Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 9 / 17
  • 10. More pending risks in cloud computing As the cloud metaphor already indicates, you put your data into some opaque thing somewhere on the internet. But that’s just what you wanted to do: Give the data to somebody else for taking care of it. This is may be quite practical, and save you some money in the first place (see the advantages listed in NIST definition), but leads to a series of information risks: Policy and organisational risks lack of control, lack of information on processing loss of governance (data moved to another legislation) vendor lock in Technical risks diverse data protection risks isolation failure data loss, abuse, malicious outsider and insider etc. Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 10 / 17
  • 11. Horizon 2020 project PRISMACLOUD approach A 3.5 year project with the goal to enable end-to-end security for cloud users, and to provide tools to reinstate governance to end users with the best technical means – by cryptography Provide 10 cryptographic functions to support end user goals in cloud computing from the following 4 fields: Protection of data at rest More privacy of end users Authentication of stored and processed data Certification of virtual infrastructures Make cryptography available, usable and economically relevant for clouds – and build it into systems by design Evaluate its capabilities in real-life scenarios Put a focus on usability, policy, and standardisation Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 11 / 17
  • 12. Example: Secure cloud storage ”by default” Provide a storage service as most users would expect: the data remains strongly confidential the data is readily available on demand the data may easily be shared with others the data can easily be transferred to another provider when the user wants to Solution: use a cryptographic storage network use an information dispersal algorithm with a threshold scheme (Shamir secret sharing, e.g. 3 out of 5) ”keyless encryption” under non-collusion assumption capable of long term security (substitution of shares to counter collusion threat) implicit backup change of provider: (take a provider’s share out of the set, generate a new share for the new provider) Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 12 / 17
  • 13. Services enabled by PRISMACLOUD crypto tools (Part I) Data storage in the cloud Secure cloud storage ”by default” enabled by: Cryptographic storage network Moving a legacy application to the cloud enabled by: Data security for database applications User privacy protection Non-identifiable and untrackable use of a cloud service Minimal exposure of personal data during authentication enabled by: Anonymous credentials and Group signatures Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 13 / 17
  • 14. Services enabled by PRISMACLOUD crypto tools (Part II) Authentication of stored and processed data Black out information from electronically signed documents Allow someone to modify your electronically signed documents enabled by: Malleable signtures Controlling the correctness of delegated computations enabled by: Verifiable computation Certification of virtualised infrastructures: Certification of virtualised infrastructures Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 14 / 17
  • 15. H2020 Project PrismaCloud Call: H2020-ICT-2014-1 Acronym: PRISMACLOUD Type of Action: RIA Number: 644962 Partners: 16 Duration: 42 months Start Date: 2015-02-01 Estimated Project Cost: 8.5MAC Requested EU Contrib.: 8MAC Coordinator: Austrian Institute of Technology GmbH www.prismacloud.eu Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 15 / 17
  • 16. Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 16 / 17
  • 17. About: Thomas L¨anger Hi, I’m post-doc researcher at the Swiss Cybersecurity Advisory & Research Group of the Institute of Information Systems, Faculty of Business and Economics, University of Lausanne. Currently active in H2020 Project ”PrismaCloud” 1 Feb 2015 + 42 month; 16 Partners, Project cost approx. 8.5MAC ”Develop next-generation cryptographically secured services for the cloud.” My tasks: cloud computing (cc) security design patterns; cc standardisation; end user impact analysis of cc. Thomas L¨anger (Universit´e de Lausanne) PRISMACLOUD 10 Dec 2015 – 16:15-17:15 17 / 17