Skip to main content
European Commission logo print header

AddreSsing ThReats for virtualIseD services

Project description

Revolutionising security in the era of virtualisation

Cloud technologies and virtualised applications are reshaping traditional security paradigms, posing unprecedented challenges. Insufficient expertise, resulting from the adoption of microservices architectures, and the vulnerability of virtualised security appliances have compromised effective threat detection and investigation. Addressing these concerns, the EU-funded ASTRID project proposes a paradigm shift, transferring the responsibility for security, privacy and trustworthiness from developers to service providers. ASTRID aims to establish a safer virtualised environment by leveraging descriptive context models and advanced orchestration logic. Through this approach, ASTRID fosters situational awareness, providing unified access, encryption management and event correlation across diverse services and applications. The project supports legal interception and forensic investigations. ASTRID is considered a game changer in securing the future of virtualised services.

Objective

The growing adoption of cloud technologies and the trend to virtualise applications are inexorably re-shaping the traditional security paradigms, due to the increasing usage of infrastructures outside of the enterprise perimeter and shared with other users. The need for more agility in software development and maintenance has also fostered the transition to micro-services architectures, and the wide adoption of this paradigm has led service developers to protect their applications by including virtualised instances of security appliances in their design. Unfortunately, this often results in security being managed by people without enough skills or specific expertise, it may not be able to cope with threats coming from the virtualization layer itself (e.g. hypervisor bugs), and also exposes security appliances to the same threats as the other application components. It also complicates legal interception and investigation when some applications or services are suspected of illegal activity.
To overcome the above limitations, the ASTRID project aims at shifting the detection and analysis logic outside of the service graph, by leveraging descriptive context models and their usage in ever smarter orchestration logic, hence shifting the responsibility for security, privacy, and trustworthiness from developers or end users to service providers. This approach brings new opportunities for situational awareness in the growing domain of virtualised services: unified access and encryption management, correlation of events and information among different services/applications, support for legal interception and forensics investigation.
ASTRID will develop a common approach easily portable to different virtualisation scenarios. In this respect, the technology developed by the Project will be validated in two relevant domains, i.e. plain cloud applications and Network Function Virtualisation, which typically exploits rather different chaining and orchestration models.

Call for proposal

H2020-DS-2016-2017

See other projects for this call

Sub call

H2020-DS-SC7-2017

æ

Coordinator

ERICSSON TELECOMUNICAZIONI SPA
Net EU contribution
€ 538 437,50
Address
Via anagnina 203
00118 Roma
Italy

See on map

Region
Centro (IT) Lazio Roma
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
Links
Other funding
€ 0,00

Participants (9)