PRISMACLOUD – PRIVACY AND SECURITY MAINTAINING SERVICES IN THE CLOUD

El mercado mundial de la computación en nube puede ser considerado como el área de mayor crecimiento en las TIC. Sin embargo, las grandes empresas y las autoridades públicas se muestran reacias a confiar sus datos más sensibles en partes externas de almacenamiento y procesamiento. El motivo es la inexistencia de enfoques satisfactorios que protejan adecuadamente dichos datos durante su permanencia en la nube. PRISMACLOUD aborda estos desafíos, generando una oferta de nuevos servicios que habilitan seguridad, garantizando la seguridad requerida para datos sensibles en la nube.

PROGRAMME: FP7-SEC-2013-1

ABSTRACT:

Risk management is a core duty in critical infrastructures as operated by utility providers. Despite the existence of numerous risk assessment tools to support the utility providers in estimating the nature and impact of possible incidents, risk management up till now is mostly a matter of best practice approaches. Risk management tools are mostly focused on one of two major topics: – the utility network physical infrastructure, consisting of, e.g. gas, water pipes or power lines – the utility’s control network including SCADA (Supervisory Control and Data Acquisition) networks and business and information systems. In the context of utility providers, these network types exhibit a significant interaction, and therefore risk management methods that focus on just one of these network types might be insufficient – referred to as interconnected utility infrastructures in this description. The main objective of this project is to identify and evaluate ‘Hybrid Risk Metrics’ for assessing and categorising security risks in interconnected utility infrastructure networks in order to provide foundations for novel protection and prevention mechanisms. The project will provide utility network providers with a risk assessment tool that – in adherence with, e.g., the BSI or ICNC recommendations – supports qualitative risk assessment based on numerical (quantitative) techniques. For that matter, our method will explicitly account for the infrastructure’s two-fold nature in terms of the utility network and the control network alongside it. The expected impact is thus a movement away from best practice only, towards the treatment of risk in utility networks based on a sound and well-understood mathematical foundation. The project will take an explicit step towards considering security in the given context of utility networks, ultimately yielding a specially tailored solution that is optimal for the application at hand.

COORDINADOR: AIT Austrian Institute of Techonology GmbH

PARTNERS:

  1. ETRA I+D S.A. – Spain.
  2. UNIVERSITÄT PASSAU – Germany
  3. LANCASTER UNIVERSITY – United Kingdom
  4. AKHELA SRL – Italy
  5. SUMINISTROS ESPECIALES ALGINETENSES COOP. V. – Spain
  6. LINZ AG FUR ENERGIE, TELEKOMMUNIKATION, VERKEHR UND KOMMUNALE DIENSTE – Austria.

KEY WORDS: Risk management, SCADA, game theory, security