Descrizione del progetto
Rivoluzionare la sicurezza nell’era della virtualizzazione
Le tecnologie cloud e le applicazioni virtualizzate stanno ridisegnando i paradigmi di sicurezza tradizionali, ponendo delle sfide senza precedenti. Le competenze insufficienti, conseguenti all’adozione di architetture a microservizi, e la vulnerabilità dei dispositivi di sicurezza virtualizzati hanno compromesso l’efficacia del rilevamento e dell’investigazione delle minacce. Per rispondere a queste preoccupazioni, il progetto ASTRID, finanziato dall’UE, propone un cambiamento di paradigma, trasferendo la responsabilità della sicurezza, della privacy e dell’affidabilità dagli sviluppatori ai fornitori di servizi. ASTRID intende creare un ambiente virtualizzato più sicuro sfruttando modelli del contesto descrittivi e una logica di orchestrazione avanzata. Grazie a questo approccio, ASTRID favorisce la consapevolezza della situazione, fornendo accesso unificato, gestione della crittografia e correlazione degli eventi tra vari servizi e applicazioni. Il progetto supporta le intercettazioni legali e le indagini forensi. ASTRID è considerato un elemento di svolta per garantire il futuro dei servizi virtualizzati.
Obiettivo
The growing adoption of cloud technologies and the trend to virtualise applications are inexorably re-shaping the traditional security paradigms, due to the increasing usage of infrastructures outside of the enterprise perimeter and shared with other users. The need for more agility in software development and maintenance has also fostered the transition to micro-services architectures, and the wide adoption of this paradigm has led service developers to protect their applications by including virtualised instances of security appliances in their design. Unfortunately, this often results in security being managed by people without enough skills or specific expertise, it may not be able to cope with threats coming from the virtualization layer itself (e.g. hypervisor bugs), and also exposes security appliances to the same threats as the other application components. It also complicates legal interception and investigation when some applications or services are suspected of illegal activity.
To overcome the above limitations, the ASTRID project aims at shifting the detection and analysis logic outside of the service graph, by leveraging descriptive context models and their usage in ever smarter orchestration logic, hence shifting the responsibility for security, privacy, and trustworthiness from developers or end users to service providers. This approach brings new opportunities for situational awareness in the growing domain of virtualised services: unified access and encryption management, correlation of events and information among different services/applications, support for legal interception and forensics investigation.
ASTRID will develop a common approach easily portable to different virtualisation scenarios. In this respect, the technology developed by the Project will be validated in two relevant domains, i.e. plain cloud applications and Network Function Virtualisation, which typically exploits rather different chaining and orchestration models.
Campo scientifico
- natural sciencescomputer and information sciencesdata sciencebig data
- natural sciencescomputer and information sciencessoftwaresoftware development
- medical and health sciencesother medical sciencesforensic sciences
- natural sciencescomputer and information sciencesartificial intelligencemachine learning
- natural sciencescomputer and information sciencescomputer security
Programma(i)
Argomento(i)
Invito a presentare proposte
Vedi altri progetti per questo bandoBando secondario
H2020-DS-SC7-2017
Meccanismo di finanziamento
RIA - Research and Innovation actionCoordinatore
00118 Roma
Italia