ASTRID - AddreSing ThReats for virtualIseD services

Date: 
01/05/2018 to 30/04/2021

Introduction:

The growing adoption of cloud technologies and the trend to virtualise applications are inexorably re-shaping the traditional security paradigms, due to the increasing usage of infrastructures outside of the enterprise perimeter and shared with other users. The need for more agility in software development and maintenance has also fostered the transition to micro-services architectures, and the wide adoption of this paradigm has led service developers to protect their applications by including virtualised instances of security appliances in their design. Unfortunately, this often results in security being managed by people without enough skills or specific expertise, it may not be able to cope with threats coming from the virtualization layer itself (e.g., hypervisor bugs), and also exposes security appliances to the same threats as the other application components. It also complicates legal interception and investigation when some applications or services are suspected of illegal activity.

To overcome the above limitations, the ASTRID project aims at shifting the detection and analysis logic outside of the service graph, by leveraging descriptive context models and their usage in ever smarter orchestration logic, hence shifting the responsibility for security, privacy, and trustworthiness from developers or end users to service providers. This approach brings new opportunities for situational awareness in the growing domain of virtualised services: unified access and encryption management, correlation of events and information among different services/applications, support for legal interception and forensics investigation.

ASTRID will develop a common approach easily portable to different virtualisation scenarios. In this respect, the technology developed by the Project will be validated in two relevant domains, i.e., plain cloud applications and Network Function Virtualisation, which typically exploits rather different chaining and orchestration models.

 

Who is the project designed for?

Public Sector Organizations, IT SMEs, Researchers, Security Software Industry, End User Organizations, Policy & Regulators, ICT Sectors, Academia.

 

How will your project benefit the end-user?

ASTRID pursues a transition from infrastructure-centric to embedded service-centric cybersecurity frameworks. 
 

Week: 
Friday, 11 January, 2019

Project type:

News

Cyberwatching.eu Project of the Week: CyberSec4Europe

The CyberSec4Europe project, one of the four pilot projects aimed at establishing a European Cybersecurity Competence Network has just been launched on February 28 in Brussels.

During its 42 months of duration, the project will align and interconnect a vast pool of research excellence in existing centres and research facilities, bringing together cybersecurity expertise in an interdisciplinary manner while developing a governance model for the future European Cybersecurity Competence Network.

Future Events

Cyber Insurance and its Contribution to Cyber Risk Mitigation - Leiden March 25-29
25/03/2019 to 29/03/2019
Image:

The rise in both the scale and severity of recent cyberattacks demands new thinking about cybersecurity risk and the mitigation and transfer of that risk. Cyber insurance is one potential way to manage risk by transferring damage liability, but the cyber insurance market is immature and the understanding and actuarial knowledge of cyber-risk is currently underdeveloped.

e-SIDES workshop 2019
02/04/2019
Image:

e-SIDES workshop: Towards Value-Centric Big Data: Connect People, Processes and Technology

BRUSSELS

2 April 2019

10am to 4pm

 

e-SIDES is a research project funded by European Commission H2020 Programme that deals with the ethical, legal, social and economic implications of privacy-preserving technologies in different big data context.