The growing adoption of cloud technologies and the trend to virtualise applications are inexorably re-shaping the traditional security paradigms, due to the increasing usage of infrastructures outside of the enterprise perimeter and shared with other users.
The need for more agility in software development and maintenance has also fostered the transition to micro-services architectures, and the wide adoption of this paradigm has led service developers to protect their virtualised applications by including virtualised instances of security appliances in their design. Unfortunately, this often results in security being managed by people without enough skills or specific expertise, it may not be able to cope with threats coming from the virtualization layer itself (e.g. hypervisor bugs), and also exposes security appliances to the same threats as the other application components. It also complicates legal interception and investigation when some applications or services are suspected of illegal activity.
To overcome the above limitations, the ASTRID project aims at shifting the detection and analysis logic outside of the service graph, by leveraging descriptive context models and their usage in ever smarter orchestration logic, hence shifting the responsibility for security, privacy, and trustworthiness from developers or end users to service providers. Overall, the main benefits from the ASTRID approach will be better visibility over cloud-based services and more automation in the detection and response processes. In this respect, specific technical objectives to achieve the overall goal are:
• Decoupling the service business logic from the (necessary) security management, by shifting the detection logic outside the service graph and deploying pervasive, capillary, and programmable security hooks in the execution environment.
• Automate security management and response to threats, security incidents, attacks, by leveraging orchestration to automatically change the behaviour of the system (monitoring, inspection, detection, reaction) according to specific strategies expressed as security policies.
• Reduce the run-time overhead of security processing, by introducing efficient technologies for local monitoring, inspection, and aggregation of security-related data and events.