The tools and methods from the SECCRIT project will be provided to allow, e.g., the traffic control centre in Valencia to operate their applications in a secure and safe manner in the cloud. Other applications include a video surveillance system of Mirasys Ltd, both project demo partners.
Problem statement
Cloud computing is one of the major trends in IT in recent years, and as a consequence major companies are massively investing in cloud infrastructures. A representative example of the growth rate is Italy, here 20% of IT businesses already use cloud-based services and 58% intend to introduce cloud services in the near future. However, the cloud computing paradigm changes many aspects of current enterprise IT infrastructure, such as organizational security and trust management, and policy integration. Furthermore, critical infrastructure providers are considering migrating their IT services to the cloud. Hence, it raises many concerns in terms of security, reliability, and information assurance. While organizations such as the Cloud Security Alliance, ENISA, and BITKOM provide a part of the answers to organizations and service providers when implementing cloud applications, their contributions still lack concrete solutions for circumventing these problems and for designing, implementing, and auditing security aspects in cloud computing scenarios.
Expected impact
- Methods and tools for better understanding and identifying the risks and consequences when moving applications into the cloud
- Wider adoption of cloud computing in critical infrastructures through clear specification, design, and implementation guidelines for security goals in highly sensitive cloud computing scenarios
- Evaluation and adoption of project results in real-world application scenarios
Research targets
- Understanding risk in the cloud for critical infrastructure IT services
- Security policy specification and enforcement for the cloud
- Service Level Agreement validation and live forensics
- Service-aware anomaly detection
- Building resilient, high-assurance systems in the cloud
- Data-centric security
- Linking technical and legal aspects
Consortium
- AIT Austrian Institute of Technology GmbH, Austria
- ETRA I+D, Spain
- Fraunhofer IESE, Germany
- Karlsruhe Institute of Technology (KIT), Germany
- NEC Europe Ltd., U.K.
- Lancaster University, U.K.
- Mirasys Ltd, Finland
- Hellenenic Telecomunications Organizastion (OTE), Greece
- Ayuntamento de Valencia
- Amaris Technologies GMBH, Austria
User and advisory board
The SECCRIT project will apply the research directly to real-world use cases to ensure their usefulness and practicability. This will be supported by the SECCRIT user and advisory board. Membership on the board has the following benefits:
- Engaging with experts at annual user and advisory board workshops
- Frequent information via electronic newsletters and updates
- Privileged access to research output
- Board members are not required to contribute research, but have a direct channel to the researchers to feed in their comments to shape the research agenda and assess the applicability of research output.
Contact
Dr. Markus Tauber
info (at) seccrit.eu
+43-50550-3174
www.seccrit.eu
AIT
The AIT Austrian Institute of Technology GmbH is an Austrian research institute with a Europe-an format and focuses on the key infrastructure issues of the future. The AIT Department of Safety & Security focuses on these two important aspects of ever-increasing relevance for today’s citizens, which will also take centre stage in the information society of tomorrow.
- “Safety” is in our case related to technologies and refers to the personal safety of individuals, which is directly or indirectly dependent on the proper functioning or availability of an in-formation processing and/or autonomous system.
- “Security” rather refers to the protection of information and the prevention of any potential violation through unauthorized access to or alteration of personal information. Security may also refer to classical security techniques (surveillance) that are supported by information technology.
The Department of Safety & Security is making a significant contribution to ICT and is devoting concerted efforts to guaranteeing operational efficiency and reliability of all critical infrastructures – both private and public – especially in times of potential ecological, economic and political crisis. We are committed to fostering the roll-out of national infrastructure as well as the deployment of state-of-the-art technologies in the area of public administration (eGovernment, eEnvironment), power grids, health care (eHealth), transportation networks, payment systems, telecommunications, Internet as well as the business and industrial sector with a view to positioning Austria at the forefront of the European ICT industry.
“This project has received funding from the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no 312758.”