The problem of measuring security is that it is, usually, much more dependent on aspects that are unknown about the system (e.g., unknown vulnerabilities) and about the potential attackers, than on what is known about it. To make the process feasible, the alternative is to focus on estimating trustworthiness based on evidences regarding specific security characteristics or behaviours, considering that the security concerns of a large and complex system should not be addressed individually or in an ad hoc manner, as this may result in insufficient solutions. The use of security assessment techniques and tools (e.g., testing, analysis, vulnerability and attack injection, etc.) to provide a degree of trustworthiness on the security of the components of the infrastructure, and how resistant they are to malicious attempts, is thus a key aspect. The results obtained allow the adjustment of the quality of protection established from the provider point of view, thus providing a realistic measure of what level of security can be promised.
Deliverable D6.1 (Requirements and Coordinated Security Strategy) defined a coordinated strategy for achieving the required levels of security for the EUBra-BIGSEA infrastructure. Such strategy was intended to guide the research, development and integration of the security solutions along the project. In practice, the main objective of that document was to define a global security solution able to deal with the security objectives of the project: the provisioning of Authentication, Authorization and Accounting (AAA); the assurance of the security properties of the cloud and Big Data services; and the protection of the data privacy. The result was a list of 30 high level requirements whose implementation provides a secure environment for the infrastructure, the application developers and even the end users of the applications running inside the framework.
Deliverable D6.3 (Techniques and tools to assess the security of Cloud and Data Services) focused on the second aspect of the EUBra-BIGSEA security approach and on the respective requirements: techniques and tools for assessing the security of cloud and Big Data services. The requirements defined in D6.1 include the security assessment of key infrastructure components, the benchmarking of Intrusion Detection Systems, and the proposal of an approach to estimate the trustworthiness of the system. In practice, D6.3 presented the techniques and tools to be used for supporting such assessments, including the concepts involved in a trust relationship and on trustworthiness assessment.
The present deliverable (D6.4) presents the results of the application of the techniques and tools introduced in D6.3, and discusses the main trustworthiness observations. The results presented contribute to the other work packages of the project by providing relevant information to support the identification of better configurations in terms of security, the potential mitigation of some of the vulnerabilities identified, and the estimation of the level of trustworthiness of the components assessed. Overall, results show weaknesses in the components evaluated, which leads to the estimation of a high level of trustworthiness (in a scale including four levels: very low, low, high, and very high).