Security expectations drive cutting-edge research in cloud
Guest post: Security is one of the most important criteria when it comes to adopting a web-based service or product – in fact, it’s something that end users have come to expect. And this expectation will intensify as we begin to realize the full potential of 5G and the Internet of Things.
A lot of concerns nowadays arise from a privacy standpoint or from a security standpoint. Privacy is extremely important in terms of individuals’ content shared online on social media or stored on cloud-based services. When it comes to security, most individuals should be fine using cloud-based solutions because they won't have much sensitive data to worry about. But, when it comes to organizations like financial institutions, the telecommunications industry, ISPs, government agencies, or utility companies, security suddenly becomes extremely important.
The best investment when building future networks such as 5G is to hire highly qualified security experts to anchor security and establish trust into those networks. This is why since 2005, hundreds of people have been trained for IT security in the Concordia Institute for Information Systems Engineering (CIISE) in Montreal, Canada. Many of them are now employed by Ericsson and have real operational capabilities within cloud computing research.
CIISE is involved in a research collaboration with Ericsson into security auditing and the compliance verification for SDN-based cloud computing infrastructures. Our aim is to come up with algorithms, techniques, technologies and tools to verify the security and the compliance of cloud computing platforms (or data centers) from a security perspective.
We are working closely with Ericsson Research Security in Canada and in Sweden. To address the challenges in security auditing for the cloud computing infrastructure, we have built a strong multifaceted research team combining the academic knowledge with the know-how of industrial researchers to address the most relevant challenges in the market and propose innovative solutions for future networks.
My team of researchers and students possess a great deal of knowledge about network security, Internet security, malware and fingerprinting. All this feeds into this collaboration to develop an audit-ready cloud. The objectives are as follows:
- Develop a distributed and scalable framework in the cloud infrastructure for collecting, filtering, aggregating, fusing, and processing necessary input information for both auditing and compliance verification.
- Design a compliance verification framework for automatically verifying security postures of tenants’ applications against pre-specified security properties. For this purpose, two candidate solutions will be investigated, namely, an SAT-based bounded modeling checking approach and a custom runtime verification approach. This gives us a measurement on security compliance within the defined context at any time.
- Devise a hybrid auditing approach to detecting potential violations of security policies from live traffic with acceptable overhead. This enhances the auditing functionality with proactive detection of security breaches.
- Implement a practical research prototype that integrates the above-mentioned frameworks and approaches into the cloud implementations and, hence, conduct real-life case studies to evaluate and validate the research results. This is where we practically verify our research work in real-life cloud environments, and bridge between academia and industry.
We wanted to collaborate with Ericsson because it is perceived by the academic and the research communities in Canada (and even worldwide) as a company with a strong tradition of research and development. Ericsson Research specialists are wonderful collaborators when it comes to doing joint research and follow up.
This particular project involves cutting-edge investigation. It's so innovative that there are not many places around the world you can even find this type of cloud computing research. I believe we are in an excellent position and the results from our collaboration will bring about a positive impact on the cloud-based services and products that Ericsson contributes to the industry.