Fraunhofer Institute for Experimental Software Engineering IESESEcure Cloud computing for CRitical infrastructure IT
The aim of Fraunhofer IESE with »SECCRIT« is to adapt components of the IND²UCE framework to cloud technologies and to integrate them into them.
Last modified:
Reference Project: SECCRIT
Requirements on the cloud such as high availability, resilience, and IT security, as well as guaranteed delivery of these, are indispensable for the use of cloud technologies in the area of critical infrastructures. However, the guaranteed fulfillment of these requirements remains a challenge.
The correct specification of security policies is an error-prone process and can often only be done by security experts together with domain experts. In addition, suitable tools for specifying security policies in an easy and user-friendly manner are currently lacking. Furthermore, current security solutions do not dynamically adapt to the current usage context, which may lead to suboptimal behavior of the cloud environment. An undifferentiated approach may ultimately lead to insecure service delivery.
Fraunhofer IESE is researching, among other things, how context-dependent security policies can be specified in an easy and user-friendly manner on the one hand, and how they can be enforced in established cloud environments on the other hand. An interesting research question in this regard is which context information needs to be exchanged between the infrastructure and the service level in order to dynamically enforce security policies. For example, security policies can be defined that require the separation of critical or competing services, enforce the storage of data in a specific place, or permit migration of services only within Europe.
The aim is to adapt components of the IND²UCE framework to cloud technologies and to integrate them into these. Using specific components of the IND²UCE framework, context information from different levels of abstraction, for example, are to be combined and security decisions are to be made in a context-sensitive manner. To reduce complexity in the specification, templates for security policies will also be developed in the considered application domains. A uniform taxonomy is to serve as a basis for this. In the context of the research work, a cloud test environment (Cloud Lab) will be established at Fraunhofer IESE.