Policy-Assessed system-level Security of Sensitive Information processing in Virtualised Environments
Virtualised service platforms and cloud computing hold great promise for delivery of large applications in e-Government. However, the shared-resource nature of these technologies has raised security concerns for government and other organisations with duties to protect confidential data. The PASSIVE project proposes an improved model of security for such virtualised systems to ensure that adequate separation of concerns can be achieved even in large-scale deployments, and threats from co-hosted operating systems are detected and dealt with. As a result, public trust in application providers is maintained even in hosting environments where the underlying infrastructure is highly dynamic.
To achieve these aims, PASSIVE proposes a policy-based security architecture that allows security provisions to be easily specified and efficiently addressed. Besides, access to resources will be fully virtualised by means of the NOVA microhypervisor-based architecture, developed by Dresden University of Technology (TUD). NOVA architecture relies on widely-used virtualisation technologies, such as Intel VT and AMD-V.
The role of NICS in PASSIVE consists in providing its expertise in access control, authentication and authorisation solutions. Specifically, PASSIVE must count with an authentication scheme for applications, users and resources that is suitable for its use in large and highly dynamic deployments. Another important aspect of PASSIVE in which NICS collaborates is the definition of the access policy model, as well as an associated language for the description of policies. In addition, NICS contributes to the project its knowledge and experience in the field of identity management and privacy.