aniketos 2nd cluster meeting
DESCRIPTION
TRANSCRIPT
![Page 1: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/1.jpg)
Per Håkon MelandErkuden Rios VelascoDavid Llewellyn-Jones
http://aniketos.eu
Aniketos: Supporting Trustworthy and Secure Composition in
Service and Cloud Environments
4th of July 2011
Effectsplus Clustering Event, Amsterdam
![Page 2: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/2.jpg)
Effectsplus July 2011
Contents
� Background� Project overview
� Objective, facts, partners
� Challenges we are facing� and what we can do about them…
2
Box image by ba1969: http://www.sxc.hu/photo/1301543
![Page 3: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/3.jpg)
Effectsplus July 2011
Future Internet� Networked services
� From monolithic full-service stack suppliers
� To dynamic services built using multiple services from multiple providers
� Autonomic computing paradigm� Self-management� Self-healing
� Self-configuration
� Self-protection
� Dynamic mix of Cloud/non-cloud services depending on � Service availability
� Functionality� Price
� Performance
� Trustworthiness� Security features
3
![Page 4: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/4.jpg)
Effectsplus July 2011
Aniketos Project� The main objective of Aniketos is to help establish
and maintain trustworthiness and secure behaviour in a dynamically changing environment of composite services. � Methods, tool support and security services to support
design-time creation and run-time (re-)composition of dynamic services
� Notifications about threats and changes
� Socio-technical evaluations for acceptance and effective security
� ICT FP7 Objective 1.4: Secure, dependable and trusted infrastructures
� Started August 2010 running until February 2014� See http://aniketos.eu
4
![Page 5: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/5.jpg)
Effectsplus July 2011
Compose Service Case Studies
Photo by Joe Lipson, CC license
SESAR
Future telecom services
eGovernance: Land buying
Air traffic service pool
5
![Page 6: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/6.jpg)
Effectsplus July 2011
Aniketos Consortium
� Athens Technology Center SA� Atos Origin� DAEM S.A.� DeepBlue� SELEX ELSAG (ex Elsag Datamat)� Italtel� Liverpool John Moores University� National Research Council of Italy� SAP� SEARCH Lab Ltd� Stiftelsen SINTEF� Tecnalia Research & Innovation� Thales� University of Salzburg� University of Trento� Waterford Institute of Technology� Wind Telecomunicazioni S.p.A.
6
![Page 7: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/7.jpg)
Effectsplus July 2011
Composite Security
� Not just enforcing single security property on all services� Distributed services from multiple providers
� Difficulty knowing if a policy is violated or not� Service providers agree to fulfil a customer’s
policy� Need to know whether their service can fulfil it
� Need to decide whether this is the case
� Need tools to determine security properties based on composition
7
![Page 8: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/8.jpg)
Effectsplus July 2011
Example
� A ‘recursive services’ scenario� Using a service, don’t need to know (or
care) whether it’s a single service or composite service
� When determining the trustworthiness or security of a service, these issues may be critical!
� Data flow: � Where is my data stored?� Who has access to these data?
� How are they stored?
� How are they deleted?� Which laws and policies apply?
8
![Page 9: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/9.jpg)
Effectsplus July 2011
Source: http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225
9
![Page 10: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/10.jpg)
Effectsplus July 2011
Composite Trust
� Services require not just security, but also trust� Service provider claims to fulfil a security policy� How can a service consumer trust this?� Need tools for quantification of
trustworthiness and verification
� Composite services introduce� Composite trust� Chains of trust� Requirements on careful attribution
� Who’s trustworthiness rating should be affected if something goes wrong?
10
![Page 11: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/11.jpg)
Effectsplus July 2011
Aniketos Remedies for Composite Security and Trust
� Express security and trustworthiness requirements through graphical modelling
� Generation of security SLA templates� Discovery, matching and planning� Provide design-time and runtime modules for evaluating
and monitoring security and trustworthiness between service stakeholders
� Subscription-based notifications and alerts (“early-warning”)
11
![Page 12: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/12.jpg)
Effectsplus July 2011
Societal Acceptance and Effective Security
� Trust and security are not only technical matters� Depend heavily on the human factors to be effective
� Composite services are often complex� Service end user should have an easy and understandable way of
relying on its trustworthiness
� Aniketos contribution� Define a user-centred view on service trust and security� Investigate user acceptance and practical usability� Use case studies for future European services
12
![Page 13: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/13.jpg)
Effectsplus July 2011
Summary of Security and Trust Challenges for the Future Internet
� Services made up of other services� Service composition may not be obvious externally� Services provided by multiple providers� Service components change; trust information
may not be available� Widespread adoption means security must
be clear for non-technical users
13
Padlock image from arinas74: http://www.sxc.hu/photo/1056349
![Page 14: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/14.jpg)
Effectsplus July 2011
Aniketos Approach
� Make composite services able to establish and maintain security and trustworthiness
14 / 27
![Page 15: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/15.jpg)
Effectsplus July 2011
Aniketos Approach
� Make composite services able to establish and maintain security and trustworthiness
15 / 27
![Page 16: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/16.jpg)
Effectsplus July 2011
Aniketos Approach – Objectives
� Ensure and manage trustworthiness of interoperable and dynamically evolving services (through trust models and metrics)
� Develop integral framework providing methods and tool support for secure interoperable service development, composition, adaptation and management through concept of Security Engineering
� Define how to efficiently analyse, solve and share information on how new threats and vulnerabilities can be mitigated or how services can adapt to them
� Promote and contribute to best practices, standards and own certification work related to security and trust
� Demonstrate and evaluate practical use of security techniques, frameworks, patterns and tools in ordinary development of software and service with end-user trials
16 / 27
![Page 17: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/17.jpg)
Effectsplus July 2011
Aniketos Approach
17 / 27
![Page 18: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/18.jpg)
Effectsplus July 2011
Platform Overview
� This approach is reflected in the platform design� Incorporates
� Design-time support� Run-time support� Community support
� Security properties are defined and evaluated
� Trustworthiness underpins security claims
� Threat context included in analysis� Composite analysis allows trust and security
properties to be understood in the context of composite services
� Support provided in terms of� Reference designs and security patterns� Threat information� Notifications
18 / 27
Trustworthiness definitionand evaluation
Trustworthiness monitoringand evaluation
Security property definitionand evaluation
Runtime validation of secure service behaviour
Composite service analysis and preparation
Composite service adaptation and recomposition
Design-time support Runtime support
The Aniketos platform
Community support
Reference architecture and patterns
End user trust and assurance
Threat analysis and notification
Aniketos market place
Trustworthiness definitionand evaluation
Trustworthiness monitoringand evaluation
Security property definitionand evaluation
Runtime validation of secure service behaviour
Composite service analysis and preparation
Composite service adaptation and recomposition
Design-time support Runtime support
The Aniketos platform
Community support
Reference architecture and patterns
End user trust and assurance
Threat analysis and notification
Aniketos market place
![Page 19: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/19.jpg)
Effectsplus July 2011
Key Concepts
� Trust� Used to determine whether offered security contracts are likely to
be adhered to
� Security� Security requirements are defined by a security contract requested
by the consumer, and fulfilled by a security policy agreed by the provider
� Threats� Threats define the context� Different security may be needed as new threats and
vulnerabilities are identified
19 / 27
![Page 20: Aniketos 2nd cluster meeting](https://reader033.vdocuments.us/reader033/viewer/2022051400/54c300af4a795919718b4590/html5/thumbnails/20.jpg)
Effectsplus July 2011
Threat Detection and Response
� Service deployment environment is dynamic� Fluctuating threats picture for service providers� Changing operating conditions for end users� New attack methods and capabilities emerge� Flaws and vulnerabilities may be discovered in services
� Aniketos contribution� Investigating new threat landscape� Investigate threats to composite services� Undertake work in understanding their nature� Establish how to deal with them
20/27