Assessing data breach risk in cloud systems

The emerging cloud market introduces a multitude of cloud service providers, making it difficult for consumers to select providers who are likely to be a low risk from a security perspective. Recently, significant emphasis has arisen on the need to specify Service Level Agreements that address security concerns of consumers (referred to as SecSLAs) - these are intended to clarify security support in addition to Quality of Service characteristics associated with services. It has been found that such SecSLAs are not consistent among providers, even though they offer services with similar functionality. However, measuring security service levels and the associated risk plays an important role when choosing a cloud provider. Data breaches have been identified as a high priority threat influencing the adoption of cloud computing. This paper proposes a general analysis framework which can compute risk associated with data breaches based on pre-agreed SecSLAs for different cloud providers. The framework exploits a tree based structure to identify possible attack scenarios that can lead to data breaches in the cloud and a means of assessing the use of potential mitigation strategies to reduce such breaches

A Dynamic Validation Infrastructure for Interoperable Grid Services

Los encargados de recursos Grid pueden autorizar el acceso a sus elementos de cómputo por medio de procedimientos bien establecidos para los clientes, regularmente a través del uso de credenciales criptográficas que en su mayoría tienen un tiempo de vida definido.A pesar que la adopción de Autoridades de Certificación -AC- ha parcialmente resuelto el problema de identificación y autenticación entre entidades y, la tecnología PKI (Infraestructuras de Clave Pública) es bastante madura, no es posible hacer los mismos supuestos cuando existen dominios que no confían entre si. En los últimos años han proliferado las Organizaciones Virtuales -VOs- dentro del Grid, cada una instalando su propia Autoridad de Certificación y dando lugar a un gran número de diferentes dominios de seguridad, que efectivamente no confían entre si. Esto da lugar a un complejo escenario de interoperabilidad en Grid, que requiere mecanismos capaces de determinar si una credencial cliente puede ser confiada en un momento dado. Este proceso (llamado "validacion") ha sido tradicionalmente tratado via Listas de Revocación de Certificados (CRLs). Sin embargo, esta solución es ineficiente tanto para la ACs como para las aplicaciones Grid. En consecuencia son requeridos mecanismos mas eficientes que permitan conocer el estado de un certificado en tiempo real. Entre estas soluciones, el Online Certificate Status Protocol (OCSP) sobresale para los Grids. A pesar de su importancia para la seguridad, OCSP conlleva considerables retos para el Grid y de momento es incapaz para garantizar un grado seguro de interoperabilidad entre las ACs que participan en dicho ambiente.De momento la comunidad Grid ha resuelto el problema de interoperabilidad mediante el uso de "Policy Management Authorities" (PMAs), las cuales representan "Federaciones de Grid-PKIs" cuyas ACs miembros cumplen con niveles mínimos de seguridad. Estos requisitos mínimos forman el llamado "Perfil de Autenticación de la PMA". Actualmente el cumplimiento con el perfil de una cierta PMA se lleva a cabo a través de un proceso bien definido, pero manual, que se realiza una sola ocasión cuando una AC desea ser parte de dicha PMA. Esto se denomina "Proceso de Acreditación".Cualquier cliente invocando una operación de un servicio Grid, activa un proceso de autenticación que valida su certificado digital de acuerdo a un proceso llamado "Path Validation".Cuando las ACs participantes interoperan gracias a acuerdos explícitos de confianza, solamente se require un "Path Validation Básico": verificación criptográfica y chequeo del estado del certificado. Software Grid como el Globus Toolkit, provee mecanismos estáticos para dicho proceso. Esto sin embargo resulta inapropiado para VOs actuales.Asi pues, a pesar de la importancia que un proceso automático y "Extendido" de "Path Validation" tendría para construir relaciones de confianza dinámicamente en Grid-PKIs, a la fecha no existe ningún mecanismo para hacerlo.Esta tesis presenta una arquitectura novedosa para llevar a cabo el proceso "Extendido de Path Validation" en ambientes Grid para ACs que pertenecen a la misma PMA, gracias al uso de una Infraestructura de Validación basada en el Grid-OCSP y, una metodología de evaluación de políticas que compara las Políticas de Certificación de las ACs involucradas para asegurarse que cumplen con un Perfil de Autenticación y, que por lo tanto pueden interoperar entre ellas. La metodología de evaluación de políticas está basada en una propuesta de investigación de la "Universidad de Nápoles, Federico II" y la "Segunda Universidad de Nápoles". Un prototipo de la Infraestructura de Validación ha sido desarrollado durante nuestra investigación, y es ampliamente explicado en esta tesis.Grid Resource owners can authorize access to their computing elements by means of well established Authentication and Authorization processes for End-entities, through the use of cryptographic credentials that in most of the cases have a defined lifetime. Nevertheless, despite the fact that the adoption of Certification Authorities -CAs- has partially solved the problem of identification and authentication between the involved parties, and that Public Key Infrastructure -PKI- technologies are mature enough, we cannot make the same assumptions when untrusted domains are involved. In the last years a lot of Grid Virtual Organizations -VOs- have been proliferating, each one usually installing its own Certificate Authority and thus giving birth to a large set of different and possibly untrusted security domains. This brings a quite complex Grid interoperability scenario requiring mechanisms able to determine whether a particular end-entity's credential can be trusted at a given moment. This process is commonly named validation and traditionally it is performed via Certificate Revocation Lists (CRL). However this solution tends to be cumbersome for both, the CA and the application. In consequence, more efficient mechanisms to allow for the provision of real time certificate status information are required. Among these solutions, the Online Certificate Status Protocol (OCSP) stands out in the Grid community. Despite its importance for security, OCSP not only faces considerable challenges in the computational Grid but also, in its current form, this protocol is unable to guarantee a secure degree of interoperability among all the involved Grid-Certification Authorities. At the state of the art, the Grid community is circumventing the interoperability problem with the "Policy Management Authorities (PMAs)", which represent "Federations of Grid PKIs" whose CA members accomplish minimum levels of security. These minimum requirements comprise the PMA's Authentication Profile. In the case of the existing Grid PMAs, compliance with their respective authentication profile is given through a well-defined, but manual process involving a careful analysis of the applicant PKI's Certification Policy -CP-, performed just once, when a new CA wishes to be part of an existing PMA. This is known as the PMA's accreditation process.Any end-entity invoking a Grid Service's operation from the server, activates an authentication process that validates the end-entity's digital certificate according to the traditional path validation procedure.When involved CAs interoperate thanks to explicit trust agreements, only basic path validation is required: cryptographic verifications and status' checks over the involved certificates. State of the art Grid software like the Globus Toolkit, provides static mechanisms for the basic path validation. This is a cumbersome process in nowadays Virtual Organizations.Therefore, despite the importance that an automated and extended path validation process has got in order to build dynamic trust relationships among Grid PKI's, to date there is no mechanism to automatically obtain this information.This thesis presents a novel architecture for enabling extended path validation in Grid environments for CAs that are part of the same PMA, thanks to the use of a Validation Infrastructure based on a Grid-enabled Online Certificate Status Protocol and, a policy evaluation methodology that compares the involved CAs' Certificate Policies to assert that they fulfil with a particular Authentication Profile and that they can therefore interoperate among them. The policy evaluation technique is based on a formal methodology originally proposed by researchers of the "Università di Napoli, Federico II" and the "Seconda Università di Napoli". A working prototype of the proposed Validation Infrastructure was also developed during our research, and is widely explained along this thesis

Service Level Agreements for Communication Networks: A Survey

Abstract. Information and Communication Technology (ICT) is being provided to the variety of endusers demands, thereby providing a better and improved management of services is crucial. Therefore, Service Level Agreements (SLAs) are essential and play a key role to manage the provided services among the network entities. This survey identifies the state of the art covering concepts, approaches and open problems of the SLAs establishment, deployment and management. This paper is organised in a way that the reader can access a variety of proposed SLA methods and models addressed and provides an overview of the SLA actors and elements. It also describes SLAs’ characteristics and objectives. SLAs’ existing methodologies are explained and categorised followed by the Service Quality Categories (SQD) and Quality-Based Service Descriptions (QSD). SLA modelling and architectures are discussed, and open research problems and future research directions are introduced. The establishment of a reliable, safe and QoE-aware computer networking needs a group of services that goes beyond pure networking services. Therefore, within the paper this broader set of services are taken into consideration and for each Service Level Objective (SLO) the related services domains will be indicated. The purpose of this survey is to identify existing research gaps in utilising SLA elements to develop a generic methodology, considering all quality parameters beyond the Quality of Service (QoS) and what must or can be taken into account to define, establish and deploy an SLA. This study is still an active research on how to specify and develop an SLA to achieve the win-win agreements among all actors.Peer ReviewedPostprint (published version

Attack-Surface Metrics, OSSTMM and Common Criteria Based Approach to “Composable Security” in Complex Systems

In recent studies on Complex Systems and Systems-of-Systems theory, a huge effort has been put to cope with behavioral problems, i.e. the possibility of controlling a desired overall or end-to-end behavior by acting on the individual elements that constitute the system itself. This problem is particularly important in the “SMART” environments, where the huge number of devices, their significant computational capabilities as well as their tight interconnection produce a complex architecture for which it is difficult to predict (and control) a desired behavior; furthermore, if the scenario is allowed to dynamically evolve through the modification of both topology and subsystems composition, then the control problem becomes a real challenge. In this perspective, the purpose of this paper is to cope with a specific class of control problems in complex systems, the “composability of security functionalities”, recently introduced by the European Funded research through the pSHIELD and nSHIELD projects (ARTEMIS-JU programme). In a nutshell, the objective of this research is to define a control framework that, given a target security level for a specific application scenario, is able to i) discover the system elements, ii) quantify the security level of each element as well as its contribution to the security of the overall system, and iii) compute the control action to be applied on such elements to reach the security target. The main innovations proposed by the authors are: i) the definition of a comprehensive methodology to quantify the security of a generic system independently from the technology and the environment and ii) the integration of the derived metrics into a closed-loop scheme that allows real-time control of the system. The solution described in this work moves from the proof-of-concepts performed in the early phase of the pSHIELD research and enrich es it through an innovative metric with a sound foundation, able to potentially cope with any kind of pplication scenarios (railways, automotive, manufacturing, ...)