Faculty of Information & Communication Technologies Swinburne University of Technology TR-001



Similar documents
Collaboration-Based Cloud Computing Security Management Framework Abstract Although the cloud computing model is considered

Collaboration-Based Cloud Computing Security Management Framework

Adaptive, Model-driven Security Engineering for SaaS Cloud-based Applications

Seeing Though the Clouds

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

Cloud Security Specialist Certification Self-Study Kit Bundle

Security Control Standard

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Security Issues in Cloud Computing

Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Penetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015

FedRAMP Penetration Test Guidance. Version 1.0.1

Overview. FedRAMP CONOPS

Best Practices Report

FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO

Chapter 10. Cloud Security Mechanisms

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

Media Shuttle s Defense-in- Depth Security Strategy

NIST Cloud Computing Program

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT

Cloud Essentials for Architects using OpenStack

BMC s Security Strategy for ITSM in the SaaS Environment

Security Issues in Cloud Computing

TOSSMA: A Tenant-Oriented SaaS Security Management Architecture

SD Elements: A Tool for Secure Application Development Management

What is a life cycle model?

Federal Aviation Administration. efast. Cloud Computing Services. 25 October Federal Aviation Administration

An Analysis of The Cloud Computing Security Problem

G-Cloud IV Services Service Definition Accenture Cloud Security Services

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Written Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

BUILDING AN EFFECTIVE VULNERABILITY MANAGEMENT PROGRAM. Henrik Åkerstrand Account Executive Nordics

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

BMC Client Management - SCAP Implementation Statement. Version 12.0

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Managing risks in a Salesforce environment

The Need for Service Catalog Design in Cloud Services Development

Network Security Requirements and Solutions

Model-Driven Security engineering at runtime System Preparation for Adaptive Security Management

How To Monitor Your Entire It Environment

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Open Data Center Alliance Usage: Cloud Based Identity Governance and Auditing REV. 1.0

Security Control Standard

DevOps Course Content

ITL BULLETIN FOR JULY Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance

Proposal No. P16/9921 Records Management Platform

Dynamic Security for the Hybrid Cloud

Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0

FedRAMP Standard Contract Language

Security Authorization Process Guide

Continuous Monitoring

Highlights & Next Steps

Software Vulnerability Assessment

IBM Internet Security Systems October FISMA Compliance A Holistic Approach to FISMA and Information Security

Cloud Computing in a Restaurant Environment

Enhancing Security for Next Generation Networks and Cloud Computing

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Cloud Computing. What is Cloud Computing?

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0

Virtualization Impact on Compliance and Audit

ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING

Vulnerability Management Nirvana: A Study in Predicting Exploitability

2014 Audit of the Board s Information Security Program

FISMA Cloud GovDataHosting Service Portfolio

Cloud Security for Federal Agencies

Security Information and Event Management

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Introduction. Connection security

Interoperate in Cloud with Federation

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

White Paper. Understanding NIST FISMA Requirements

FREQUENTLY ASKED QUESTIONS

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

A Survey on Cloud Security Issues and Techniques

Delivering value to the business with IAM

SharePoint 2013 Migration Readiness

IoT & SCADA Cyber Security Services

Information Security. Rick Aldrich, JD, CISSP Booz Allen Hamilton

The ODCA, Helix Nebula and Federated Identity Management. Mick Symonds Principal Solutions Architect Atos Managed Services NL

A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

SECURITY RISK MANAGEMENT

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

WORKDAY CONCEPT: EMPLOYEE SELF SERVICE

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Vulnerability Management

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent

Security and Privacy in Cloud Computing

5 FAH-11 H-500 PERFORMANCE MEASURES FOR INFORMATION ASSURANCE

A Model for Accomplishing and Managing Dynamic Cloud Federations

Get Confidence in Mission Security with IV&V Information Assurance

ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS

NCSU SSO. Case Study

PROTECTING DATA IN MULTI-TENANT CLOUDS

Final Audit Report -- CAUTION --

Transcription:

Faculty of Information & Communication Technologies Swinburne University of Technology TECHNICAL REPORT TR-001 Collaboration Based Cloud Computing Security Management Framework Galactic Case Study Prepared By Mohamed Almorsy January, 2011

Table of Contents Table of Contents... II Motivating Scenario... 1 1) Register the Galactic-ERP Service... 1 2) Register Tenants for Galactic Service... 2 3) Register security controls... 3 4) Service Security Categorization... 3 5) Security Controls Selection... 3 6) Security Controls Implementation... 9 7) Assessing the implemented security controls... 9 8) Authorize Service... 9 9) Monitoring the effectiveness of the security controls... 9 10) Screenshots from the Galactic service while operating for the two tenants... 10 II

Motivating Scenario Swinburne University is going to purchase a new ERP solution in order to improve its internal process. After investigation, Swinburne decided to go for Galactic ERP solution (a cloud-based solution), to save upfront investment required and keep infrastructure cost optimized. Galacticc is a Web-based solution developed by SWINSOFT. SWINSOFT hostss its applications on cloud platform delivered by GREENCLO OUD (GC). GC delivers IaaS and PaaS. SWINSOFT uses third party services to accelerate the development process. Some of such services are developed and deployed in the GC platform such as: (1) Workflow-Builder service (customizable workflow management service), (2) Currency-Now service (retrieves the current exchange rate of currencies). Other services such as Batch-MPRD (used in posting operations based on the map- has the same interest to go for Galactic ERP solution. reduce model) deployedd on BLUECLOUD (BC) platform. On the same time Auckland University Figure 1: A use case diagram for the motivating example In this scenario we have (1) two CPs: GC and BC, (2) three CCs: Swinburne, Auckland and SWINSOFT, and (3) three SPs: SWINSOFT, GC, and BATCH-MPRD. Swinburne and Auckland are security certified. Swinburne needs to maintain similar security level on Galactic such as ones applied on local systems. Auckland assigns high risk on the Galacticc asset, so they have strong security constraints to be enforced. Now we are going to show how our framework can be used to manage security of the Galactic service for the involved stakeholders. 1) Register the Galactic-ERP Service The servicee provider SWINSOFT may decide to host Galactic service on a cloud platform GREENCLOUD or the cloud provider GREENCLOUD may decide that he can offer the Galactic service based on his cloud platform. In both cases they will register the service in the platform service repository so that it can be used by the CCs. This service record is used by the cloud platform management for SLA enforcement and also for our security management framework which can be installed as a plug-in in the cloud management layer. In this step we use the CPE name of the service as a reference, as shown in figure 2-a. 1

Figure 1-a: Galactic-ERP service registration 2) Register Tenants for Galactic Service The next step comes when a new tenant is registered to use one of the published services (Galactic ERP). Then the tenant will be granted a permission to manage the security of the selected service through our framework. Figure 2-b-1: Auckland Tenant Registration on the cloud platform Figure 2-b-2: Auckland registers for the Galactic service 2

3) Register security controls GREENCLOUD security administrators and CCs such as Auckland and Swinburne - should define the possible security controls that can be used to enforce the required security. Each control registration should specify the features/functionalities offered by the security control. The registration should also define what are the security controls templates (defined by the NIST- FISMA standard) satisfied by this security control. 4) Service Security Categorization Figure 2-c: Security Controls Registration Swinburne security administrator will define the impact level of losing the confidentiality, integrity, and availability of their data maintained by the Galactic ERP service. The same will be done by the Auckland security administrator (see figure 2-d). Whenever a new tenant registers his interest in a service and defines his security categorization of data processed by the service (or any of the existing tenants update his security categorization), the framework will update the overall service security categorization (the max. impact value from all tenants). Figure 2-d: Swinburne registers for the Galactic service and specifies its security categorization 5) Security Controls Selection Based on the previous step, the framework generates the security controls templates baseline that represents the minimum security requirements that should be enforced based on the specified 3

tenant/service security categorization. The framework identifies the security controls templates satisfied (security controls templates that have matching with one of the defined/existing security control), the missing (do not have matching with any of the existing actual security control), and duplicate security controls (have more than one matched security control) as shown in figure 2-e. Figure 2-e: Auckland - Galactic Security Controls baseline Now we need to tailor the selected security controls baseline to match the expected threats, vulnerabilities and mitigate the missing security controls problem (controls not exist in the baseline) throw compensating controls or using common controls instead of service specific security controls. Below we will explain how the framework helps the cloud stakeholders to manage the above tasks. The risk analysis and assessment process: Galactic vulnerabilities are identified for the first time by SWINSOFT and GC who know the architecture of the service and the cloud platform. Both SWINSOFT and GC have the responsibility to maintain the service vulnerabilities list up to date or select to auto update from the NVD database. Each service consumer Swinburne and Auckland will review the defined threats and risks on Galactic and appends the missing threats and/or risks. The framework provides stakeholders with the CVE vulnerabilities database NVD. So they can retrieve recently discovered vulnerabilities in Galactic service or the underlying platforms by the community. The framework also provides the stakeholders with a CWE and CAPEC databases. So they can use as a reference during the risk assessment phase. 4

Figure 2-f-1: CWE dictionary used by stakeholders in the risk assessment phase Figure 2-f-2: CWE dictionary used by stakeholders in the risk assessment phase 5

Figure 2-f-3: the retrieved vulnerabilities from the NVD with a sample of one vulnerability details Figure 2-f-4: the service identified threats Figure 2-f-5: the service identified Risks The security controls baseline tailoring process: (a) Scoping of security controls: (i) Identify common security controls. GC already publishes their security controls currently implemented. At the same time, Swinburne and Auckland has their own common security controls. So they will need to register it first (using the security controls manager). Then the stakeholders decide on what security controls in the baseline they plan to replace with common security controls from both sides (see figure 2-g). 6

Figure 2-g-1: the security controls baseline before updating selected security control Figure 2-g-2: the security controls baseline after updating selected security control Figure 2-g-3: the missing security controls before specifying compensating security control Figure 2-g-4: the missing security controls after specifying compensating security control (ii) Identify critical and non-critical system components: SWINSOFT, Auckland, and Swinburne select the critical service components that must be secured. (iii) Technology, regulation, and environment related security controls. We did not use it in our example. But it s still doable using the same functionality as shown in figure 2-g. (b) Compensating Security Controls The stakeholders can replace security controls in the baseline using the security controls mapping tool where they can add or remove security controls from the tailored controls list, as shown in figure 2-g. In this step let s assume that Swinburne selected to use forms authentication delivered by the galactic service while Auckland decided to use their SSO to depend on their active directory. We will see this implication in the operation of the service after implementing the selected security control, see figure 2-m. (c) Set Security controls parameters 7

Swinburne and Auckland define their security controls parameters configurations. In the case of common controls used from the cloud platform we can only inherit these values but cannot override it, as shown in figure 2-i. Figure 2-i: Setting security controls parameters The outcome of this step is a security management plan that documents the service security categorization, vulnerabilities, threats, risks, and the tailored security controls to mitigate the identified possible security breaches, as shown in figure 2-j. Figure 2-j: The security management plan for Auckland tenant (Sec-SLA) 8

6) Security Controls Implementation Each tenant - Swinburne and Auckland - should implement the common security controls under their responsibility as stated in the security management plan and the security controls configurations as shown in figure 2-i. 7) Assessing the implemented security controls The controls to be assessed and the objectives of the assessment are defined by all our stakeholders (GC, SWINSOFT, Auckland and Swinburne) and documented in the security assessment plan as shown in figure 2-k. The execution of such plan (the actual assessment process) should be conducted by a third party the currently known assessor specialized in NIST-FISMA is the FedRAMP project. The framework can help in assessing security controls status in case of using security controls that integrate with the framework. The outcome of the assessment is the security assessment report which should look like the report in figure 2-l. Now we may go back to step 2 or 3 (in case of any deficiency discovered in the assessment report), or continue to the next step. Figure 2-k-1: security metrics definition by all cloud stakeholders Figure 2-k-2: security metrics with frequency customized for each tenant Auckland 8) Authorize Service Figure 2-l: security assessment report Auckland Swinburne and Auckland should confirm their formal acceptance of the security management plan, security assessment plan, and the security assessment reports. This acceptance represents the authorization decision to start using Galactic by the CC. 9) Monitoring the effectiveness of the security controls The framework collects the defined measures as per the configured frequencies (for each tenant) and send it in a status report form to the intended cloud stakeholders. The report shows the current 9

values of the defined measures and there trend. This will help the tenants administrators in improving their security Status and detect attacks or system weaknesses (see figure 2-m). Figure 2-m: security status report for one tenant Auckland 10) Screenshots from the Galactic service while operating for the two tenants Recall that Swinburne is using the forms-based authentication offered by the Galactic service and Auckland is using SSO with a link to their active directory, as shown in figure 2-n below. a) One of the users of Swinburne is trying to connect so he got authenticated using login form as below: 10

Figure 2-n-1: Swinburne authentication control is active (forms authentication) Figure 2-n-2: Swinburne user can see only his tenant data (Note the current user) b) One of the users of Auckland is connected. He is authenticated using SSO as below: Figure 2-n-3: Auckland user is logged in using his windows identity 11

c) A sample of the authenticator control log file is shown in the below figure : d) Figure 2-n-4: Sample of the authenticator control log file 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information