Security issues and threats that may affect the hybrid cloud of FINESCE

Abstract

FINESCE is the Smart Energy use case project of the Future Internet Public Private Partnership Programme. It aims at defining an open infrastructure based on Information and Communications Technology (ICT) used to develop new solutions and applications in all fields of Future Internet related to the energy sector. To accomplish this goal a cloud-based environment is proposed, providing high scalability, fast provisioning, resilience and cost efficiency, while facilitating the deployment of applications and services for utilities. The proposed solution for Smart Energy system encompasses Cloud Computing technologies taking advantage of the service delivery models that it provides (Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS)) over different cloud deployment solutions (Private, Public, Hybrid, Community). Therefore, it is necessary to study their implications, particularly with regard to security and data privacy, whether in transit or stored data, of the cloud solution chosen. The present paper aims to gather basic security requirements in deploying a solution based on Cloud Computing highlighting issues in hybrid clouds because this is the deployment model used in Smart Energy use case. It also exposes attacks and vulnerabilities related to Cloud Computing to be considered for implementing a secure environment for FIDEV, the private platform implementation. Moreover, the security requirements for Smart Energy use case are defined. And, finally, the results of a security audit performed over the testbed platform that simulates a distributed storage solution for FINESCE project are presented.