Integrating Enterprise Security Infrastructure with Cloud Computing



Similar documents
Brussels, February 28th, 2013 WHAT IS

Virtual Sensors

SIF 8035 Informasjonssystemer Våren 2001

QUALITY OF DYING AND DEATH QUESTIONNAIRE FOR NURSES VERSION 3.2A

Forecasting Demand of Potential Factors in Data Centers

Problem Set 6 Solutions

Continuity Cloud Virtual Firewall Guide

Chad Saunders 1, Richard E Scott 2

CEO Björn Ivroth. Oslo, 29 April Q Presentation

CARE QUALITY COMMISSION ESSENTIAL STANDARDS OF QUALITY AND SAFETY. Outcome 10 Regulation 11 Safety and Suitability of Premises

Contents. Presentation contents: Basic EDI dataflow in Russia. eaccounting for HR and Payroll. eaccounting in a Cloud

Subject: Quality Management System Requirements SOP

How To Work For A Company

Many quantities are transduced in a displacement and then in an electric signal (pressure, temperature, acceleration). Prof. B.

Numerical Algorithm for the Stochastic Present Value of Aggregate Claims in the Renewal Risk Model

You can recycle all your cans, plastics, paper, cardboard, garden waste and food waste at home.

Decision Making in Finance: Time Value of Money, Cost of Capital and Dividend Policy

IBM Healthcare Home Care Monitoring

INFLUENCE OF DEBT FINANCING ON THE EFFECTIVENESS OF THE INVESTMENT PROJECT WITHIN THE MODIGLIANIMILLER THEORY

PARTICULAR RELIABILITY CHARACTERISTICS OF TWO ELEMENT PARALLEL TECHNICAL (MECHATRONIC) SYSTEMS

Moving Securely Around Space: The Case of ESA

THE GRAPHIC DESIGN SCHOOL WORK BROCHURE VERSION_V1.0 RTO Provider Registration No:

WORKERS' COMPENSATION ANALYST, 1774 SENIOR WORKERS' COMPENSATION ANALYST, 1769

Adverse Selection and Moral Hazard in a Model With 2 States of the World

Maintain Your F5 Solution with Fast, Reliable Support

Chapter 20: Database Programming

Keywords Cloud Computing, Service level agreement, cloud provider, business level policies, performance objectives.

Key Management System Framework for Cloud Storage Singa Suparman, Eng Pin Kwang Temasek Polytechnic

Term Structure of Interest Rates: The Theories

CLOUD COMPUTING BUSINESS MODELS

Who uses our services? We have a growing customer base. with institutions all around the globe.

Unit 2. Unit 2: Rhythms in Mexican Music. Find Our Second Neighborhood (5 minutes) Preparation

Saving Through Trailer Tracking

Architecture of the proposed standard

A Secure Web Services for Location Based Services in Wireless Networks*

GROUP MEDICAL INSURANCE PROPOSAL FORM GROUP MEDICAL INSURANCE PROPOSAL FORM

C H A P T E R 1 Writing Reports with SAS

BEST PRACTICES IN ENGAGING SMES DURING

union scholars program APPLICATION DEADLINE: FEBRUARY 28 YOU CAN CHANGE THE WORLD... AND EARN MONEY FOR COLLEGE AT THE SAME TIME!

A Project Management framework for Software Implementation Planning and Management

Remember you can apply online. It s quick and easy. Go to Title. Forename(s) Surname. Sex. Male Date of birth D

Cookie Policy- May 5, 2014

Analysis Method of Traffic Congestion Degree Based on Spatio-Temporal Simulation

College of Medicine, Nursing and Health Sciences

Free ACA SOLUTION (IRS 1094&1095 Reporting)

Use a high-level conceptual data model (ER Model). Identify objects of interest (entities) and relationships between these objects

Outline. - The Trafo Project - 1. Introduction of GEF Ingenieur AG and Trafo Project. 2. Intregrating Renewables into the Jena District Heating System

Developing Economies and Cloud Security: A Study of Africa Mathias Mujinga School of Computing, University of South Africa mujinm@unisa.ac.

STATEMENT OF INSOLVENCY PRACTICE 3.2

Sharp bounds for Sándor mean in terms of arithmetic, geometric and harmonic means

YouthWorks Youth Works (yüth- w rkz), n.

Sci.Int.(Lahore),26(1), ,2014 ISSN ; CODEN: SINTE 8 131

Category 7: Employee Commuting

The Land Partnerships Handbook. The Land Partnerships Handbook. Using land to unlock business innovation. Second Edition

Rural and Remote Broadband Access: Issues and Solutions in Australia

Econ 371: Answer Key for Problem Set 1 (Chapter 12-13)

Entity-Relationship Model

The example is taken from Sect. 1.2 of Vol. 1 of the CPN book.

Secure User Data in Cloud Computing Using Encryption Algorithms

Uniplan REIT Portfolio Fiduciary Services Uniplan Investment Counsel, Inc.

HOW Interactive Design Conference Advanced HTML 5 / CSS 3 / jquery Chris Converse. codify kōd fī

Uniplan REIT Portfolio Select UMA Uniplan Investment Counsel, Inc.

FACULTY SALARIES FALL NKU CUPA Data Compared To Published National Data

TELL YOUR STORY WITH MYNEWSDESK The world's leading all-in-one brand newsroom and multimedia PR platform

Non-Emergency Health Transport

Logo Design/Development 1-on-1

Multiplatform Mobile App Development

How To Play In The 3Rd Annual Shootout Star Scholarship Golf Tournament

Approximately 92% of U.S. businesses are microbusinesses.

A model of assessment in higher education institutions. Gordon Joughin and Ranald Macdonald. Summary. Keywords. Biography.

Development of a Maintenance Option Model to Optimize Offshore Wind Farm Sustainment

User-Perceived Quality of Service in Hybrid Broadcast and Telecommunication Networks

Ref No: Version 5.1 Issued: September, 2013

Mid Cap Growth Select UMA Congress Asset Management Company

CalOHI Content Management System Review

International Journal of Information Systems and Computer Sciences Available Online at

Parallel and Distributed Programming. Performance Metrics

REPORT' Meeting Date: April 19,201 2 Audit Committee

Assessing the cost of Outsourcing: Efficiency, Effectiveness and Risk

Derivative Securities: Lecture 7 Further applications of Black-Scholes and Arbitrage Pricing Theory. Sources: J. Hull Avellaneda and Laurence

QUANTITATIVE METHODS CLASSES WEEK SEVEN

Data warehouse on Manpower Employment for Decision Support System

Have Debit Cards Changed Thai Consumer Shopping Behavior?

Description. Rc NPT G 1/8 1/4 3/8 1/2 3/4. With drain cock Drain guide 1/8 Drain guide 1/4 Drain cock with barb fitting: For ø6 x ø4 nylon tube

5 2 index. e e. Prime numbers. Prime factors and factor trees. Powers. worked example 10. base. power

SPECIAL VOWEL SOUNDS

Keynote Speech Collaborative Web Services and Peer-to-Peer Grids

Cisco Data Virtualization

Package Information Datasheet for Mature Altera Devices

High Quality High Yield Select UMA Seix Advisors

An Broad outline of Redundant Array of Inexpensive Disks Shaifali Shrivastava 1 Department of Computer Science and Engineering AITR, Indore

The increasing popularity of mobile devices is rapidly changing how and where we

Review and Analysis of Cloud Computing Quality of Experience

Transcription:

Irai Erpris Scuriy Ifrasrucur wih Cloud Compui Olivr Pfaff Corpora Tcholoy Sims G 81739 Muich, Grmay Sbasia Ris Corpora Tcholoy Sims G 81739 Muich, Grmay bsrac Tradiioal rpriss hav hir roos i o-prmiss compui. Thy opra scuriy ifrasrucur o-prmis. This icluds corpora usr rposioris, auhicaio ad auhorizaio sysms. This ifrasrucur backs ad abls workforc produciviy. I has o b irad wh uilizi Cloud compui. Hc radiioal rpriss cour spcific iraio challs wih rspc o hir scuriy ifrasrucur wh cosidri Cloud compui. This x aalyss hs challs, idifis bs pracic approachs ad rd-flas commo pifalls. 1. Iroducio Tradiioal rpriss ha cosidr Cloud offris 1 d o ira hir xisi scuriy ifrasrucur spcially corpora usr rposioris, auhicaio as wll as auhorizaio sysms. This ifrasrucur rsids o-prmiss. Is iraio is crucial: h miod o-prmiss scuriy ifrasrucur backs ad abls h produciviy of h workforc of a rpris. Morovr his iraio is courd wih svral yps of applicaios i h Cloud icludi: Ow applicaios dployd o IaaS or PaaS offris 3 rd pary applicaios spcially SaaS offris Th iiial siuaio is show i Fiur 1. Erpris usrs/ hir as I offic or rmo via VPN Erpris usrs/ hir as Rmo, o VPN Fiur 1. Iiial siuaio This iraio ds o b implmd wih car: svral pifalls do xis wh i coms o irai rpris scuriy ifrasrucur wih Cloud compui. Ths pifalls happ o prs a major sourc of complicaio i Cloud adapaio projcs for rpris IT. This x idifis impora scuriy iraio pifalls ad dos labora o hm - spcially hir avoidac/ miiaio. This rsuls i a chcklis ad susios for: pplicaio owrs ad archics: how o dsi applicaios whos dploym modl icluds Cloud ad which shall ira wih xisi scuriy ifrasrucur? Erpris work Ir Scuriy ifrasrucur compos O-prmiss XaaS compos Cloud Srvic owrs, popl i char of scuriy ifrasrucur: how o xpos scuriy ifrasrucur wh Cloud-basd applicaios ar bi addd? Providrs of Cloud-basd srvics: how o addrss h iraio wih scuriy ifrasrucur ha Cloud providrs susai o-prmiss? 1 This x pus a focus o dployms whr XaaS compos rsid ousid h iral work(s). Copyrih 2014, Ifoomics Sociy 338

2. i-pars ai-par is a commo rspos o a rcurri problm ha is usually iffciv ad risks bi hihly courproduciv (cf. hp://.wikipdia.or/wiki/ipar). This x uss his rmioloy o spo commo pifalls i scuriy ifrasrucur iraio. 2.1. XaaS rquirs o-boardi of rpris usrs XaaS offris may rquir rpris usrs o o-board i ordr o us srvics i h Cloud 2. This o-boardi of rpris usrs compasss various implmaio opios such as usr slf-risraio, classical or fdrad provisioi as wll as usr bulk loadi. Issus: Th o-boardi of rpris usrs may lad o h duplicaio of usr idiy iformaio wih rsuli sychroizaio ds. Morovr, auhicaio accou zombis mih b crad. This rfrs o usr accous i h Cloud which ar quippd wih iiial auhicaio crdials (.. passwords) ad ha ar affiliad o h rpris 3. Such objcs bcom criical i cas of lavrs: usually rpriss ar prpard o rcocil hir o-prmiss scuriy ifrasrucur wihi a limid imfram of say 24 hours i cas of vs such as quii. Bu for various rasos hy ar of o wll-prpard o rcocil dpd objcs i xral sysms. This prss a major scuriy risk. Miiaio: Ijc all iformaio abou lod-i usrs by mas of iformaio-rich scuriy ok objcs ha ar cosumd by XaaS compos (cf. ai-par 2.4). void XaaS compos ha dpd o daa for o lod-i usrs rsp. miia his cocr i a adqua way (cf. ai-par 2.7). Cava: XaaS compos which dpd o usr iformaio ha is o availabl i h rpris scuriy ifrasrucur. I paricular his may b courd wih 3 rd pary SaaS offris. Rcommdaio: Limi XaaS usr rposioris o iformaio o availabl i rpris ifrasrucur. XaaS sysms should o cra ow usr rposioris ha duplica iformaio hld i corpora usr rposioris. void sori iiial auhicaio crdials i XaaS usr rposioris. s a Cloud providr, xpos a IdM srvic allowi subscribrs o maa such iformaio. spcs of usr o-boardi aspcs ar illusrad i Fiur 2. This fiur shows criical (duplicad iformaio, crdials) as wll as ucriical (iformaio o availabl i aiv rposioris, idifir for corrlaio purposs) ims. 2 This rfrs o h ovrall rpris usr populaio or lar subpopulaios, o h admiisraors of a Cloud subscripio oly. 3 Usr accou i h Cloud for rpris <X> usr Joh Do (Joh Do@Ta<ErprisX>) Ta <X> @x.com xaasrol @x.com Erpris <X> scuriy ifrasrucur saasdmi Fiur 2. Criical aspcs of usr o-boardi 2.2. XaaS asks for iiial auhicaio crdials Bfor usrs ar rad accss o procd XaaS rsourcs hy d o b auhicad. XaaS compos may implm his by challi for iiial auhicaio crdials by hmslvs. Exampls for such crdials ar: saic passwords, o-im-passwords, scuriy qusios ad aswrs. Thir validaio may happ aais rfrc iformaio ha is sord i aiv rpris ifrasrucur or XaaS offris. Issus: Lack of SSO usr xpric across o-prmiss ad s. Risk of idiy hf i h cas of lo-livd crdials 4. Miiaio: Rai h vrifir rol for iiial auhicaio o-prmiss. Do o xpos crdial validaio fucioaliy 5. Do xpos auhicaio fucioaliy 6. Oly rval iformaio abou auhicaio vs o h Cloud (i form of scuriy oks i.. procd objcs). Cava: umbr of proposals xis o xraliz iiial auhicaio icludi fdrad IdM proocols such as SML, WS-Fdraio ad Ouh/OpID Coc [1], [4], [5], [10]. This rquirs smar choics whr rlyi paris (XaaS compos) ad assri paris (i h rpris ifrasrucur) hav o b i sychroizaio. Rcommdaio: XaaS compos should o ask for iiial auhicaio crdials by hmslvs. If usr auhicaio is dd, XaaS compos should rdirc or dirc 7 o assri paris i h rpris ifrasrucur. 4 Som crdials ar sord i hashd form sp. passwords i LDP. I his cas h oriial crdials (passwords) do o xposd i h backd bu mih hav frod xposur 5 Ipu: idifir, iiial auhicaio crdial Oupu: Boola, (op.) sa iformaio Okay: idifir o corrla aiv ifo Criical: duplicaio Criical: crdial Okay: ifo ha is o availabl aivly Cloud providr ifrasrucur 6 Ipu: auhicaio rqus (wihou iiial auhicaio crdials) Oupu: scuriy ok rpori o iiial auhicaio v 7 Dails dpd o h applicaio proocol ad h yp of usr a. For xampl: i cas of HTTP, XaaS compos should rdirc (HTTP 30x rsposs) i cas of Wb browsrs as usr as (so-calld passiv Copyrih 2014, Ifoomics Sociy 339

Thir duy is o prform usr auhicaio ad rpor o usr auhicaio vs. Iappropria ways of rspodi o o or isufficily auhicad rquss ar skchd for HTTP i Fiur 3. 200 OK <LoiForm> or 401 Uauhorizd WWW-uhica Basic/Dis (hr: prsaio or srvic-orid Wb applicaio) Cloud providr ifrasrucur Fiur 3. Iappropria ways of rspodi o o or isufficily auhicad HTTP rquss 2.3. XaaS dpds o backchal iracios for SSO To provid SSO usr xpric, XaaS compos may dpd o dirc xchas wih srvics providd by h rpris work. Such xchas do o ravrs h usr a. Exampls ar: arifac profil xchas i cas of SML ad UsrIfo srvic xchas i cas of OpID Coc. Th uilizaio of backchal iracios for h purpos of SSO ca b mobil-fridly bcaus i avoids supplyi poially complx scuriy oks across cosraid usr as. Issus: Backchals plac a burd o h rpris. Thy mada o mak crai dpois i h rpris scuriy ifrasrucur public-faci. Miiaio: I is o dd for a assri pary for Wbbasd fdrad SSO o xpos public-faci dpois. Cava: Ohr us cass may rquir backchals ad/or public-faci dpois for usr auhicaio. Exampls ar SLO ad h auhicaio of mploy usrs accssi h rpris ifrasrucur rmoly via public work ifrasrucur oly. Rcommdaio: Provid SSO usr xpric hrouh frod xchas o rduc h xposur of o-prmiss scuriy ifrasrucur 8. XaaS offris should b prpard for hadli fro- ad backchal iracios. Backchal iracios for SSO us cass ar illusrad i Fiur 4. uh srvic 30x Rdirc hps://x.com/auh Erpris <X> scuriy ifrasrucur (hr: prsaio or srvic-orid Wb applicaio) Fiur 4. Backchal iracios for SSO 2.4. XaaS pulls propris of lod-i usrs 401 Uauhorizd WWW-uhica Barr uh cli G auhicad ifo (.. scuriy ok) fr a has auhicad a usr 9, i may wa o look up furhr propris by usr idifir.. usr aribus or affiliaios (rol assims or roup mmbrships). This implis quryi a o-prmiss corpora usr rposiory or usr srvic. Issus: I som cass, issus aris from scuriy oks ha coai oly parial iformaio abou lod-i usrs. I ohr cass, vrsail scuriy oks ar providd bu dowsram cosumrs hoour hir idifir porios oly mawhil hy rquir supplmary usr propris. Miiaio: Cha from pull o push modls wih rspc o h propris of lod-i usrs. Cava: This rquirs iformaio-rich, vrsail scuriy ok objcs s from assri paris i h rpris scuriy ifrasrucur o rlyi paris i XaaS. I also rquirs h coordiaio bw dpois rmiai h fdrad auhicaio proocol o rlyi pary sid ad h acual cosumr of his iformaio.. Wb applicaio i XaaS. Rcommdaio: Ijc iformaio o lod-i usrs as par of h auhicaio ad SSO procss. Do o xpc corpora rposioris o b accssibl for XaaS compos. Pulli propris of lod i usrs is show i Fiur 5. This fiur shows h approach of accssi corpora usr rposioris by aiv mas (which is o b avoidd). @x.com clis) ad dirc (HTTP 401 rsposs) i cas of browsr-basd or mobil apps (so-calld aciv clis). 8 Ulss public-faci dpois ar rquird for ohr rasos such as h suppor of cosraid dvics or clis. 9 By cosumi scuriy oks issud by assri paris ha ar providd as a pary of h rpris scuriy ifrasrucur. Copyrih 2014, Ifoomics Sociy 340

Scuriy ok (lod-i usr ) Erpris <X> scuriy ifrasrucur uh srvic Fiur 5. Pulli propris of lod-i usrs 2.5. XaaS cars for rpris-iiiad loi oly Rposiory cli (hr: prsaio or srvic-orid Wb applicaio) G / for lod-i usr Th fdrad loi mih b implmd i a way ha madas usrs o firs auhica aais h scuriy ifrasrucur of h rpris/rpris bfor accssi ay XaaS offri 10. Issus: Usrs bookmark XaaS rsourcs ad brows from bookmarks. This is o addrssd by rpris-iiiad loi oly ad rsuls i usaisfacory usr xpric. Miiaio: Ev wh h so-calld IdP-iiiad loi prss h dsiad usr xpric, XaaS as wll as rpris scuriy ifrasrucur compos mus b prpard o hadl XaaS-iiiad lois. Cava: Th hadovr of uauhicad rquss from XaaS o rpris scuriy ifrasrucur ds o b prformd i a way ha is raspar o h usrs. Rcommdaio: Suppor XaaS-iiiad as wll as rpris-iiiad usr loi o XaaS compos. 2.6. XaaS dpds o backchal iracios for auhorizaio dcisio maki XaaS compos may iclud PEP compos ha call rmo PDPs for auhorizaio dcisio maki. Th rmo PDP is assumd o b providd as par of h scuriy ifrasrucur of a rpris. This ca b do by mas of.. XCML [8] cox rquss/rsposs. Issus: Prformac ad availabiliy bcom cocrs if XaaS compos irac wih rmo scuriy ifrasrucur for h vas majoriy of rquss. No ha amou as wll as im-criicaliy of raffic bw PEPs ad PDPs (auhorizaio dcisio rquss ad rsposs) usually is @x.com maiuds larr ha bw PDPs ad PPs (auhorizaio policis ad ohr isrucios). Miiaio: lloca PDP compos a XaaS. Supply policy/rul objcs (.. XCML policy objcs) rsp. cofiuraio iformaio (.. rsourc lisis or classificaios) o hm. Cava: Rquirs muually ard sadards for maai h lifcycl of auhorizaio policy objcs. Rcommdaio: Kp auhorizaio dcisio maki local (hr: i h Cloud). If dd: pla for a Cloud-hosd PDP compo which is supplid wih h compay s policy/rul objcs rsp. cofiuraio iformaio. 2.7. XaaS asks for daa of o lod-i usrs Whil procssi rquss of lod-i usrs, XaaS applicaios may d o accss daa of ohr usrs (who may bu do o hav o b lod-i simulaously).. o sd ou oificaios. For furhr dails abou such us cass s [7]. Issus: Erpriss ar usually uwilli o provid accss o hir corpora usr rposioris o clis from h Ir via aiv rposiory proocol mas (.. LDP ad SQL) as his would pu cor asss a risk. Miiaio: Implm ad xpos a ddicad srvic (.. RESTful HTTP srvic accordi SCIM [3]) ha is scuriyabld ad ha provids a façad for quryi h aiv usr rposiory i a spcific ad cosraid fashio 11. s XaaS compo: suppor xralizaio of rposiory clis.. us plu-i irfacs o dploy srvic clis. Cava: XaaS offris ha iraliz or hardcod h usr lookup implmaio by.. implmi aiv rposiory proocols such as LDP or SQL spcially wh his implmaio dos o provid suffici mas of cofiuri h rposiory dpois as wll as cos srucur. Rcommdaio: Cra a ddicad srvic (.. RESTful HTTP srvic) o qury iformaio abou aiv usrs. Closly moior his srvic ad mak sur ha is clis mus risr ad ar auhicad ad auhorizd o a soud lvl. Do o xpos usr rposioris o xral rposiory clis i hir aiv form, i.. via LDP or SQL. Pulli propris of o lod i usrs is show i Fiur 6. This fiur shows h approach of accssi corpora usr rposioris by aiv mas (which is o b avoidd). 10 ka: IdP-iiiad xchas or usolicid rsposs (SML 2.0) 11 Qury rspos cos filrd accordi h approvd ds of h cli rprsi h Copyrih 2014, Ifoomics Sociy 341

Scuriy ok (lod-i usr ) Erpris <X> scuriy ifrasrucur uh srvic Rposiory cli Fiur 6. Pulli propris of o lod-i usrs 2.8. XaaS dpds o backchal iracios for ohr us cass.. audii XaaS compos may sd rquss o o-prmiss rspodrs i ordr o fulfil ohr scuriy-rlad us cass such as h droppi of audii daa. Issus: Iboud rquss o o-prmiss rspodrs ar ypically blockd by a compay s firwall ad would rquir chas o h cofiuraio of h work boudary. Miiaio: Us o-prmiss clis o sablish a (bidircioal) cocio o s (.. WbSock, MQP). fr his has b sablishd, h cli may rciv iformaio from s. Cava: This rquirs addiioal implmaio ffors o sid of h XaaS compos (.. mssa brokrs) ad hir subscribrs. Rcommdaio: Rly o h w call you do call us par of iracio: us o-prmiss clis which sablish (bidircioal) cocios o s. 2.9. XaaS uss propriary Wb SSO proocols Wb applicaios ha ar procd wih Wb SSO as which ar providd by h compay s chos Wb SSO produc shall b movd from iral works o IaaS or PaaS offris i h Cloud. Issus: Naiv SSO schms i may radiioal Wb SSO producs suffr from limid auhicaio rqus xprssivss as wll as o-vrsail scuriy oks. This of rsuls i difficulis wh ryi o implm us cass aroud r-auhicaio as wll as sp-up auhicaio. I coras o applicaios ha rsid o-prmiss such schms bcom a d i ordr o proc public-faci XaaS dpois. Miiaio: bado lacy Wb SSO mchaisms. Swich o sadards-basd Wb SSO proocols. @x.com (hr: prsaio or srvic-orid Wb applicaio) G usr ifo for usr.. Cava: Thr is a plhora of sadards-basd Wb SSO proocols o choos from. Cadidas iclud SML, WS- Fdraio ad Ouh/OpID Coc. Rcommdaio: Us sadards-basd Wb SSO proocols mphasizi o auhicaio rqus xprssivss ad scuriy ok vrsailiy. 2.10. XaaS dos o provid public-faci dpois ccss o XaaS compos mih b limid o compui dvics from h rpris work. Dvics ha rsid ousid h rpris prmiss mus us VPN choloy 12. Issus: Usa of VPNs prss issus for usrs of cosraid compui dvics.. abls or smar-phos. Miiaio: s XaaS compo: suppor browsr-basd clis by xposi public-faci dpois for HTTP ad WbSock by mas of h URL accss schms hps rsp. wss i.. HTTP rsp. WbSock-ovr-SSL/TLS 13. Cava: Public-faci XaaS dpois rquir w mas of procio.. hroli or cox-awar adapiv usr auhicaio icludi mchaisms such as r-auhicaio ad sp-up auhicaio. Corrspodi mchaisms ar ucommo i bhid h firwall -rpris IT. Rcommdaio: Us/cra XaaS offris ha xpos public-faci dpois spcially HTTP ad WbSockovr-SSL/TLS. Esur/implm mas of procio ha xd byod h rpris IT bs curr pracics. 3. Coclusios This x idifid ai-pars of irai xisi rpris scuriy ifrasrucur wih Cloud compui 14. Such ai-pars ar of courd. Thy prs a major sourc of complicaio i Cloud adapaio projcs. Th idifid ai-pars ar rlad o: Commuicaio/work ifrasrucur: ai-pars 2.3, 2.4, 2.8 ad 2.10 uhicaio rposioris/sysms/proocols: aipars 2.1, 2.2, 2.3, 2.5 ad 2.9 ribu/affiliaio rposioris: ai-pars 2.1, 2.4 ad 2.7 uhorizaio sysms: ai-par 2.6 No mar whhr o is crai or susaii a Cloud compui offri or plai o us i as a subscribr, h idifid scuriy ifrasrucur iraio ai-pars ar o b avoidd or a las miiad. This x providd susios o hir avoidac ad miiaio. 12 I coras o h ai-pars abov, i which h iraio of rpris scuriy ifrasrucur imposs challs o h Cloud, his ai-par ariss from ovr-uilizi h rpris s scuriy ifrasrucur. 13 Erpris firwalls ar usually cofiurd o accommoda such ouboud raffic; h dfaul por 443 is usually op for ouboud raffic. 14 S [9] for a ovrviw of idiy-rlad Cloud us cass. Copyrih 2014, Ifoomics Sociy 342

This x did o covr Cloud scuriy cocrs byod h iraio wih xisi rpris scuriy ifrasrucur such as h opraioal scuriy of Cloud offris. ddiioal criria apply o assss h ovrall scuriy of a Cloud providr (cf. [2], [6]). 4. bbrviaios MQP dvacd Mssa Quui Proocol HTTP HyprTx Trasfr Proocol IaaS Ifrasrucur as a Srvic IM Idiy ad ccss Maam IdM Idiy Maam IdP Idiy Providr LDP Lihwih Dircory ccss Proocol Ouh Op uhorizaio PaaS Plaform as a Srvic PP Policy dmiisraio Poi PEP Policy Eforcm Poi PDP Policy Dcisio Poi REST REprsaioal Sa Trasfr SaaS Sofwar as a Srvic SML Scuriy ssrio Markup Laua SCIM Sysm for Cross Domai Idiy Maam SLO Sil Lo-Ou SQL Sadard Qury Laua SSL Scur Socks Layr SSO Sil-Si-O TLS Traspor Layr Scuriy URL Uiform Rsourc Locaor VPN Virual Priva Nwork WS Wb Srvics XaaS y <X> as a Srvic icludi IaaS, PaaS, SaaS XCML Xsibl ccss Corol Markup (hp://www.surf.l/biaris/co/asss/surf//kowldba s/2010/eds-4+provisioi+scarios+i+fdraios+ Fial.pdf) [8] E. Rissa (d.): Xsibl ccss Corol Markup Laua (XCML) Vrsio 3.0. OSIS Sadard, 2013. (hp://docs.oasis-op.or/xacml/3.0/xacml-3.0-cor-spc-os.doc) [9] M. Rukowski (d.): Idiy i h Cloud Us Cass v1.0. OSIS Commi No 2012 (hp://docs.oasis-op.or/id- cloud/idcloud-uscass/v1.0/c01/idcloud-uscass-v1.0- c01.hml) [10] N. Sakimura, J. Bradly, M. Jos, B. d Mdiros ad C. Morimor: OpID Coc Cor 1.0. OpID Foudaio Sadard, 2014. (hp://opid./spcs/opid-coc-cor- 1_0.hml) 5. Rfrcs [1] S. Caor, J. Kmp, R. Philpo ad E. Malr (ds.): ssrios ad Proocols for h OSIS Scuriy ssrio Markup Laua (SML) V2.0, OSIS Sadard, 2005. (hp://docs.oasis-op.or/scuriy/saml/v2.0/saml-cor-2.0- os.pdf) [2] Cloud Scuriy lliac: Scuriy Gac for Criical ras of Focus i Cloud Compui v3.0, 2011. (hps://cloudscuriyalliac.or/ac/csa.v3.0.pdf) [3] T. Drak (d.): Sysm for Cross-Domai Idiy Maam: Proocol. IETF Draf (work-i-pross), 2014. (hps://ools.if.or/hml/draf-if-scim-api-13) [4] M. Goodr ad. Nadali (ds.): Wb Srvics Fdraio Laua (WS-Fdraio) Vrsio 1.2, OSIS Sadard, 2009. (hp://docs.oasis-op.or/wsfd/fdraio/v1.2/os/wsfdraio-1.2-spc-os.hml) [5] D. Hard (d.): Th Ouh 2.0 uhorizaio Framwork, IETF RFC 6749, 2012. (hp://ools.if.or/hml/rfc6749) [6] W. Jas ad T. Grac: Glis o Scuriy ad Privacy i Public Cloud Compui. NIST Spcial Publicaio 800-144, 2011. (hp://csrc.is.ov/publicaios/ispubs/800-144/sp800-144.pdf) [7] M. Oosdijk, B. Hulsbosch, N. va Dijk, R. va Rijswijk ad H. Zadbl: Provisioi scarios i idiy fdraios. Surf Rsarch Papr, 2010. Copyrih 2014, Ifoomics Sociy 343

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information