You are here

SeSI: Security of (virtual) e-Science Infrastructure

IV-e (e-Infrastructure Virtualization for e-Science Applications)

Objectives: Applications have increasing demands on e-Science infrastructure. This particularly applies for (bio-medical) applications (e.g., P24) which process privacy sensitive information. With the emergence of clouds, infrastructure becomes increasingly dynamic, as different virtual resources may be deployed or migrated over different physical resources. Applications have differing requirements too. In WP3, we study the interaction between application requirements and the e-Science infrastructure. We will research different methods for creating, finding or allocating (virtual) resources based on an application's requirements.

A particular focus is on security and privacy requirements, while keeping an eye on network and "green" requirements. System descriptions (e.g., in RDF) can be used declaratively for on-the-fly creation of virtual machines with a minimal trusted compute base (TCB). A minimal TCB is important for security, as it contains only those components and services needed for a specific application. We will devise methods to compose system descriptions for specific applications. Meanwhile, we need to solve the problem that (outdated or vulnerable) virtual machines and their descriptions can be abused. For this, we require on-the-fly analysis of system descriptions. In this project, we will research the methods needed to create, analyse, use, and possibly share system descriptions for virtual machines in such a way that security is helped, not hampered.

WP Leader: