论坛公告:应用容器安全指南(SP800-190)中文版   美国政府宣布禁用卡巴斯基软件   《中华人民共和国网络安全法》讨论帖   新手报到专用帖   【论坛公告】关于本站广告贴泛滥问题的整理通知   

当前时区为 UTC + 8 小时


发表新帖 回复这个主题  [ 8 篇帖子 ] 
作者 内容
 文章标题 : 【开源翻译项目】向公共云迁移对信任关系的影响
帖子发表于 : 2012-02-02 21:00 
离线
站长

关注按钮

注册: 2003-11-11 19:30
最近: 2018-01-08 16:04
拥有: 10,248.00 安全币

奖励: 878575 安全币
在线: 107583 点
帖子: 3276
以下是开源翻译项目《公共云计算安全与隐私指南(SP800-144)》(http://bbs.cisps.org/viewtopic.php?f=128&t=29613)第四章第三节的原文及译文对照,感谢evajo辛勤和出色的翻译工作。请大家审阅译文并提出修改意见,我会给与提出修改意见者安全币奖励。

4.3 Trust

4.3 信任

Under the cloud computing paradigm, an organization relinquishes direct control over many aspects of security and privacy, and in doing so, confers a high level of trust onto the cloud provider. At the same time, federal agencies have a responsibility to protect information and information systems commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction, regardless of whether the information is collected or maintained by or on behalf of the agency; or whether the information systems are used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency [HR2458].

在云计算的模式下,组织放弃了直接控制多方面的安全和隐私,但这样的方式需给予云提供商更高的信任。同时,联邦机构需针对风险和损害严重性执行保护信息和信息系统的职责,这些损害可能由未授权访问,使用,泄露,更改或破坏带来,无论这些信息是否由政府维护或是否代表联邦机构,也无论这些信息系统是否由联邦机构或其承包商或其他代表机构的组织来使用或运维。[HR2458]

Insider Access. Data processed or stored outside the physical confines of an organization, its firewall, and other security controls bring with it an inherent level of risk. The insider security threat is a well-known issue for most organizations and, despite the name, applies as well to outsourced cloud services [Ash10, Cap09, Kow08]. Insider threats go beyond those posed by current or former employees to include contractors, organizational affiliates, and other parties that have received access to an organization’s networks, systems, and data to carry out or facilitate operations. Incidents may involve various types of fraud, sabotage of information resources, and theft of sensitive information. Incidents may also be caused unintentionally—for instance, a bank employee reportedly sent out sensitive customer information to the wrong Google mail account [Zet09b].

内部人员访问
在组织物理范畴外处理或存储的数据,其防火墙和其他安全控制措施使其具有固有的风险级别。对大多数组织来说,内部人员威胁是众所周知的,不考虑命名的情况下,这同样适用于外包云服务[Ash10, Cap09, Kow08]。内部人员威胁超出了现有雇员或前雇员带来的威胁,甚至还包含了签约人,机构附属企业,和其他具有机构网络、系统和数据访问权限来执行或推动运维的第三方。安全事件可能包括各式各样的欺诈、破坏信息资源和偷窃敏感信息。安全事件同样可能不是故意造成的,比如,据报道某银行员工发送敏感客户信息到错误的Google邮件账户[Zet09b]。

Moving data and applications to a cloud computing environment operated by a cloud provider expands the circle of insiders not only to the cloud provider’s staff and subcontractors, but also potentially to other customers using the service, thereby increasing risk. For example, a denial of service attack launched by a malicious insider was demonstrated against a well-known IaaS cloud [Mee09, Sla09]. The attack involved a cloud consumer creating an initial 20 accounts and launching virtual machine instances for each, then using those accounts to create an additional 20 accounts and machine instances in an iterative fashion, exponentially growing and consuming resources beyond set limits.

将数据和应用移植到云计算环境,由云提供商运维,扩大了内部人员的范畴,不仅有云提供商的员工和转包商,还可能有其他使用服务的客户,因此增大了风险。举个例子,由一个恶意内部人员发起的拒绝服务攻击向一个著名的IaaS(基础设施即服务)的云供应商示威反对[Mee09, Sla09]。攻击者操纵一个云顾客,创建初始的20个帐户,并为每个帐户创建虚拟机实例,再通过这些帐户以迭代的方式创建更多的20个帐户和虚拟机实例,指数级的增长并消耗资源超出设置界限。

Data Ownership. The organization’s ownership rights over the data must be firmly established in the service contract to enable a basis for trust and privacy of data. The continuing controversy over privacy and data ownership rights for social networking users illustrates the impact that ambiguous terms can have on the parties involved (e.g., [Goo10, Rap09]). Ideally, the contract should state clearly that the organization retains exclusive ownership over all its data; that the cloud provider acquires no rights or licenses through the agreement, including intellectual property rights or licenses, to use the organization’s data for its own purposes; and that the cloud provider does not acquire and may not claim any interest in the data due to security [Mcd10]. For these provisions to work as intended, the terms of data ownership must not be subject to unilateral amendment by the cloud provider.

数据所有权
组织对数据的所有权必须在服务合同中明确的约定,作为数据信任和隐私的依据。对于社交网络用户隐私和数据所有权的旷日持久的争论表明含糊不清的条款能够给参与各方带来的影响。理想的情况下,合同需明确的规定组织对其所有数据拥有独家所有权;在合同及知识产权中,都规定云提供商都没有权利或授权将组织的数据用于其自身用途;出于安全考虑,云提供商不能从数据获得和索取任何利益[Mcd10]。为了让这些条款能够依照预期执行,云提供商不得单方面更改数据所有权的条款。

Composite Services. Cloud services themselves can be composed through nesting and layering with other cloud services. For example, a public SaaS provider could build its services upon those of a PaaS or IaaS cloud. The level of availability of the SaaS cloud would then depend on the availability of those services. If the percent availability of a support service drops, the overall availability suffers proportionally.

混合服务
云服务可以通过自身与其他云服务嵌套和叠层组成。例如,公有SaaS(软件即服务)提供商可以将其服务建立在PaaS(平台即服务)或IaaS(基础设施即服务)云之上。SaaS云的可用性级别由这些服务的可用性决定。如果一个支持服务的可用性百分比降低,那么整体可用性会相应的受损。

Cloud services that use third-party cloud providers to outsource or subcontract some of their services should raise concerns, including the scope of control over the third party, the responsibilities involved (e.g., policy and licensing arrangements), and the remedies and recourse available should problems occur. Public cloud providers that host applications or services of other parties may involve other domains of control, but through transparent authentication mechanisms, appear to a consumer to be that of the cloud provider. Trust is often not transitive, requiring that third-party arrangements are disclosed in advance of reaching an agreement with the cloud provider, and that the terms of these arrangements are maintained throughout the agreement or until sufficient notification can be given of any anticipated changes.

使用第三方云提供商进行外包或者分包服务的云服务应有更多的考虑,包括第三方控制的范围,相应的职责(如协定的策略和许可),及出现问题时可进行的补救及诉诸措施。云提供商将应用和服务依托于其他组织,这些组织可能涉及其他控制域,但是对于消费者来说,通过透明的认证机制,使得这些控制像是云提供商所提供的。信任通常是不可传递的,这就要求在与云提供商签订合同前公开第三方协定,与云提供商的合同需全部支持这些协定,或者这些协定在任何可预期变更的情况下,通过充分的告知终止。

Liability and performance guarantees can become a serious issue with composite cloud services. For example, a consumer storage-based social networking service closed down after losing access to a significant amount of data from 20,000 of its clients. Because it relied on another cloud provider to host historical data, and on yet another cloud provider to host its newly launched application and database, direct responsibility for the cause of the failure was unclear and never resolved [Bro08].

责任和履约保证金能够成为混合云服务的一个重要问题。比如,一个消费者基于存储的社交网络服务,在丢失了其两万个用户的巨额数据的访问而停业。因为它依赖于其他云提供商来存储历史数据,同时基于另一个云提供商来存储新近推出的应用和数据库,所以,导致失败的直接责任仍旧模糊不清且从未解决[Bro08]。

Visibility. Continuous monitoring of information security requires maintaining ongoing awareness of security controls, vulnerabilities, and threats to support risk management decisions [Dem10]. Collecting and analyzing available data about the state of the system should be done regularly and as often as needed by the organization to manage security and privacy risks, as appropriate for each level of the organization involved in decision making. Transition to public cloud services entails a transfer of responsibility to the cloud provider for securing portions of the system on which the organization’s data and applications operate. To fulfill the obligations of continuous monitoring, the organization is dependent on the cloud provider, whose cooperation is essential, since aspects of the computing environment are under the cloud provider’s complete control.

可视性
持续监控信息安全要求不断了解安全控制、弱点和威胁来协助进行风险管理决策[Dem10]。每当组织需要管理安全和隐私风险时,都应定期收集和分析系统状态的可用数据,并且组织的各级人员都应参与决策。向公有云服务迁移时需要将责任转让给云提供商,保护系统中组织数据和应用的操作部分。为了履行持续监控的义务,组织需要依靠云提供商,由于云提供商完全控制计算环境,因此与云提供商的合作非常重要。

Knowledge of a cloud provider’s security measures is also needed for the organization to conduct risk management. For example, the process of identifying vulnerabilities should include an analysis of the system security features and the security controls used to protect the cloud environment [Sto02]. Cloud providers can be reluctant to provide details of their security and privacy measures and status, however, since such information is often considered proprietary and might otherwise be used to devise an avenue of attack. Moreover, detailed network and system level monitoring by a cloud consumer is generally not part of most service arrangements, limiting visibility and the means to audit operations directly (e.g., [Bro09, Dig08, Met09]). While notification tools and Web-based dashboards are typically made available to consumers to monitor status, they can lack sufficient detail and may themselves suffer disruption during a system outage [Goo09a, Ker11, Per11].

组织执行风险管理必须了解云提供商的安全度量。例如,识别弱点的过程应包含分析系统安全特征,识别用于保护云环境的安全控制措施[Sto02]。尽管如此,云提供商不愿意提供其安全和隐私度量的细节和状态,因为这样的信息通常认为是其私有的,否则会被用于设计攻击途径。此外,通常服务方案都不包含让云消费者监控详细的网络和系统级别,因而限制了可视性及直接的审计操作(例如,[Bro09, Dig08, Met09])。如果将告知工具和基于网络的仪表板开放给用户来监控状态,那么他们可能缺乏足够的细节,也可能在系统停顿时只能忍受中断[Goo09a, Ker11, Per11]。

Transparency in the way the cloud provider operates, including the provisioning of composite services, is a vital ingredient for effective oversight over system security and privacy by an organization. To ensure that policy and procedures are being enforced throughout the system lifecycle, service arrangements should include some means for the organization to gain visibility into the security controls and processes employed by the cloud provider and their performance over time. For example, the service agreement could include the right to audit controls via a third party, as a way to validate control aspects that are not otherwise accessible or assessable by the consumer. Ideally, the consumer would have control over aspects of the means of visibility to accommodate its needs, such as the threshold for alerts and notifications, and the level of detail and schedule of reports.

云提供商的运营方式及其提供的混合服务的透明性,是组织有效监管系统安全和隐私的重要因素。为了确保策略和程序执行于整个系统生命周期中,服务协议应包含一些组织可用的方法,通过这些方法能够获取安全控制和流程的可视性,及控制和流程实施的执行效果。例如,服务协议可以包含通过第三方审计控制点的权力,作为验证控制方面的途径,否则消费者不能访问或接触这些控制。理想的情况下,消费者可以通过控制可视性的方式来适应自身需求,比如阈值报警通知,报告的颗粒度和日程计划。

Ancillary Data. While the focus of attention in cloud computing is mainly on protecting application data, cloud providers also hold significant details about the accounts of cloud consumers that could be compromised and used in subsequent attacks. Payment information is one example; other, more subtle types of information, can also be involved. For example, a database of contact information stolen from a SaaS cloud provider, via a targeted phishing attack against one of its employees, was used in turn to launch successful targeted electronic mail attacks against consumers of the cloud service [Kre07, Mcm07]. The incident illustrates the need for cloud providers to protect and report promptly security breaches occurring not only in the data the cloud provider holds for its consumers, but also in the data it holds about its consumers, regardless of whether the data is held within or separately from the cloud infrastructure.

辅助数据当对于云计算的关注聚焦在保护应用数据时,云提供商同样持有云消费者账户的重要详细数据,这些数据可能被入侵并用于后续攻击中。支付信息就是一个例子;而其他更精细类型的信息同样能牵扯其中。例如,通过对雇员的目标钓鱼攻击而从SaaS(软件即服务)云提供商那里偷窃的联络信息数据库,就被用于对云服务的消费者成功的发起电子邮件攻击[Kre07, Mcm07]。这个事件描述了云提供商需要保护并及时汇报安全违规,不仅包括其为客户所持有的数据,还要包括其所持有的客户数据,无论这些数据存储在云架构中还是云架构之外。

Other types of ancillary data that exists involve information the cloud provider collects or produces about customer-related activity in the cloud. They include data collected to meter and charge for consumption of resources, logs and audit trails, and other such metadata that is generated and accumulated within the cloud environment. Unlike organizational data, a cloud provider may be more inclined to claim ownership over the operational and other types of metadata it collects. Such data, if sold, released, or leaked to a third party, however, is a potential threat to an organization’s privacy, since the data could be used to infer the status and outlook of an organization’s initiative (e.g., the activity level or projected growth of a startup company). Several points to consider clarifying in a service contract are the types of metadata collected by the cloud provider, the protection afforded the metadata, and the organization’s rights over metadata, including ownership, opting out of collection or distribution, and fair use.


其他辅助数据类型包括云提供商收集或产生的消费者在云内相关活动的信息。这包括收集来的信息用以计算和收费消耗资源、日志及审计跟踪,和其他类似的云环境内产生或累计的元数据。不像组织数据那样,云提供商可能更倾向于把握收集的操作数据和其他类型元数据的所有权。由于这样的数据能够用于推断组织发展的状态和前景,这些数据如果买卖,发布或者泄露给第三方,对组织的隐私来说将是潜在的威胁。澄清服务合同可以从几个点来考虑,包括云提供商收集的元数据类型,给予元数据的保护,组织对于元数据的权力,包括所有权,收集和分发的撤销权,及合理使用权。

Risk Management. With cloud-based services, some subsystems or subsystem components fall outside of the direct control of a client organization. Many organizations are more comfortable with risk when they have greater control over the processes and equipment involved. At a minimum, a high degree of control provides the option to weigh alternatives, set priorities, and act decisively in the best interest of the organization when faced with an incident. Risk management is the process of identifying and assessing risk to organizational operations, organizational assets, or individuals resulting from the operation of an information system, and taking the necessary steps to reduce it to an acceptable level [Sto02]. The process includes the conduct of a risk assessment, the implementation of a risk mitigation strategy, and the employment of techniques and procedures for the continuous monitoring of the security state of the information system. Public cloud-based systems, as with traditional information systems, require that risks are managed throughout the system lifecycle.

风险管理
通过基于云的服务,一些子系统或者子系统模块超出了客户组织的直接控制。很多组织通过加强相关流程和设备的控制来适应风险。至少,在组织面临事件的情况下,高度控制提供了组织最佳利益的选项,来权衡事物,设置优先权,果断执行。风险管理是流程,用以识别和评估组织运营、组织资产或单个信息系统运行结果的风险,并且通过必要的步骤来降低风险到可接受的等级。这个流程包括进行风险评估,执行风险削减策略,及使用技术和程序来持续监控信息系统的安全状态。基于公有云的系统,像传统信息系统一样,需要在整个系统的生命周期都管理风险。

Assessing and managing risk in systems that use cloud services can be a challenge. FISMA and OMB policy require external providers handling federal information or operating information systems on behalf of the federal government to meet the same security requirements as federal agencies [JTF10]. To the maximum extent practicable, organizations should ensure that privacy and security controls are implemented correctly, operate as intended, and meet its requirements. Organizations should understand the privacy and security controls of the cloud service, establish adequate arrangements in the service agreement, making any needed adjustments, and monitor compliance of the service controls with the terms of the agreement.

评估和管理云服务使用系统的风险是充满挑战的。FISMA和OMB策略要求,外部提供商代表联邦机构处理联邦信息或者操作信息系统的,能够满足与联邦机构相同的安全要求。为了最大程度的可行,组织必须确保隐私和安全控制得以正确执行,依照预期运行,并满足需求。组织应了解云服务的隐私和安全控制,在服务协议中建立足够的条款,进行必要的调整,并监控服务控制是否与协议一致。

Establishing a level of trust about a cloud service is dependent on the degree of control an organization is able to exert on the provider to provision the security controls necessary to protect the organization’s data and applications, and also the evidence provided about the effectiveness of those controls [JTF10]. However, verifying the correct functioning of a subsystem and the effectiveness of security controls as extensively as with an organizational system may not be feasible in some cases, and other means (e.g., third-party audits) may be used to establish a level of trust. Ultimately, if the level of trust in the service falls below expectations and the organization is unable to employ compensating controls, it must either reject the service or accept a greater degree of risk.

建立云服务的信任级别依赖于组织的控制度,即促使提供商部署必要的安全控制来保护组织的数据和应用程序,并为这些控制的有效性提供证据[JTF10]。但是,有些情况下,尽可能广的验证子系统功能的正确性和验证安全控制的有效性并不可行,其他方式(例如,例如第三方审计)才可能用于建立信任级别。基本上,如果服务的信任级别低于预期,且组织不能够使用补偿措施,那么组织必须拒绝该服务或接受更大程度的风险。


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对信任关系的影响
帖子发表于 : 2012-02-03 19:45 
离线
高级用户

注册: 2007-07-03 12:20
最近: 2018-02-05 11:41
拥有: 2,707.40 安全币

奖励: 1138 安全币
在线: 6396 点
帖子: 216
引用:
4.3 Trust

Under the cloud computing paradigm, an organization relinquishes direct control over many aspects of security and privacy, and in doing so, confers a high level of trust onto the cloud provider. At the same time, federal agencies have a responsibility to protect information and information systems commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction, regardless of whether the information is collected or maintained by or on behalf of the agency; or whether the information systems are used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency [HR2458].



4.3 信任
在云计算的模式下,组织放弃了直接控制多方面的安全和隐私,但这样的方式需给予云提供商更高的信任。同时,联邦机构需针对风险和损害严重性执行保护信息和信息系统的职责,这些损害可能由未授权访问,使用,泄露,更改或破坏带来,无论这些信息是否由政府维护或是否代表联邦机构,也无论这些信息系统是否由联邦机构或其承包商或其他代表机构的组织来使用或运维。[HR2458]


--------本帖迄今已累计获得51安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对信任关系的影响
帖子发表于 : 2012-02-03 20:45 
离线
高级用户

注册: 2007-07-03 12:20
最近: 2018-02-05 11:41
拥有: 2,707.40 安全币

奖励: 1138 安全币
在线: 6396 点
帖子: 216
引用:
Insider Access. Data processed or stored outside the physical confines of an organization, its firewall, and other security controls bring with it an inherent level of risk. The insider security threat is a well-known issue for most organizations and, despite the name, applies as well to outsourced cloud services [Ash10, Cap09, Kow08]. Insider threats go beyond those posed by current or former employees to include contractors, organizational affiliates, and other parties that have received access to an organization’s networks, systems, and data to carry out or facilitate operations. Incidents may involve various types of fraud, sabotage of information resources, and theft of sensitive information. Incidents may also be caused unintentionally—for instance, a bank employee reportedly sent out sensitive customer information to the wrong Google mail account [Zet09b].

Moving data and applications to a cloud computing environment operated by a cloud provider expands the circle of insiders not only to the cloud provider’s staff and subcontractors, but also potentially to other customers using the service, thereby increasing risk. For example, a denial of service attack launched by a malicious insider was demonstrated against a well-known IaaS cloud [Mee09, Sla09]. The attack involved a cloud consumer creating an initial 20 accounts and launching virtual machine instances for each, then using those accounts to create an additional 20 accounts and machine instances in an iterative fashion, exponentially growing and consuming resources beyond set limits.



内部人员访问。在组织物理范畴外处理或存储的数据,其防火墙和其他安全控制措施使其具有固有的风险级别。对大多数组织来说,内部人员威胁是众所周知的,不考虑命名的情况下,这同样适用于外包云服务[Ash10, Cap09, Kow08]。内部人员威胁超出了现有雇员或前雇员带来的威胁,甚至还包含了签约人,机构附属企业,和其他具有机构网络、系统和数据访问权限来执行或推动运维的第三方。安全事件可能包括各式各样的欺诈、破坏信息资源和偷窃敏感信息。安全事件同样可能不是故意造成的,比如,据报道某银行员工发送敏感客户信息到错误的Google邮件账户[Zet09b]。

将数据和应用移植到云计算环境,由云提供商运维,扩大了内部人员的范畴,不仅有云提供商的员工和转包商,还可能有其他使用服务的客户,因此增大了风险。举个例子,由一个恶意内部人员发起的拒绝服务攻击向一个著名的IaaS(基础设施即服务)的云供应商示威反对[Mee09, Sla09]。攻击者操纵一个云顾客,创建初始的20个帐户,并为每个帐户创建虚拟机实例,再通过这些帐户以迭代的方式创建更多的20个帐户和虚拟机实例,指数级的增长并消耗资源超出设置界限。


--------本帖迄今已累计获得33安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对信任关系的影响
帖子发表于 : 2012-02-03 22:55 
离线
高级用户

注册: 2007-07-03 12:20
最近: 2018-02-05 11:41
拥有: 2,707.40 安全币

奖励: 1138 安全币
在线: 6396 点
帖子: 216
引用:

Data Ownership. The organization’s ownership rights over the data must be firmly established in the service contract to enable a basis for trust and privacy of data. The continuing controversy over privacy and data ownership rights for social networking users illustrates the impact that ambiguous terms can have on the parties involved (e.g., [Goo10, Rap09]). Ideally, the contract should state clearly that the organization retains exclusive ownership over all its data; that the cloud provider acquires no rights or licenses through the agreement, including intellectual property rights or licenses, to use the organization’s data for its own purposes; and that the cloud provider does not acquire and may not claim any interest in the data due to security [Mcd10]. For these provisions to work as intended, the terms of data ownership must not be subject to unilateral amendment by the cloud provider.



数据所有权。组织对数据的所有权必须在服务合同中明确的约定,作为数据信任和隐私的依据。对于社交网络用户隐私和数据所有权的旷日持久的争论表明含糊不清的条款能够给参与各方带来的影响。理想的情况下,合同需明确的规定组织对其所有数据拥有独家所有权;在合同及知识产权中,都规定云提供商都没有权利或授权将组织的数据用于其自身用途;出于安全考虑,云提供商不能从数据获得和索取任何利益[Mcd10]。为了让这些条款能够依照预期执行,云提供商不得单方面更改数据所有权的条款。


--------本帖迄今已累计获得32安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对信任关系的影响
帖子发表于 : 2012-02-07 09:20 
离线
高级用户

注册: 2007-07-03 12:20
最近: 2018-02-05 11:41
拥有: 2,707.40 安全币

奖励: 1138 安全币
在线: 6396 点
帖子: 216
引用:
Composite Services. Cloud services themselves can be composed through nesting and layering with other cloud services. For example, a public SaaS provider could build its services upon those of a PaaS or IaaS cloud. The level of availability of the SaaS cloud would then depend on the availability of those services. If the percent availability of a support service drops, the overall availability suffers proportionally.

Cloud services that use third-party cloud providers to outsource or subcontract some of their services should raise concerns, including the scope of control over the third party, the responsibilities involved (e.g., policy and licensing arrangements), and the remedies and recourse available should problems occur. Public cloud providers that host applications or services of other parties may involve other domains of control, but through transparent authentication mechanisms, appear to a consumer to be that of the cloud provider. Trust is often not transitive, requiring that third-party arrangements are disclosed in advance of reaching an agreement with the cloud provider, and that the terms of these arrangements are maintained throughout the agreement or until sufficient notification can be given of any anticipated changes.

Liability and performance guarantees can become a serious issue with composite cloud services. For example, a consumer storage-based social networking service closed down after losing access to a significant amount of data from 20,000 of its clients. Because it relied on another cloud provider to host historical data, and on yet another cloud provider to host its newly launched application and database, direct responsibility for the cause of the failure was unclear and never resolved [Bro08].




混合服务。云服务可以通过自身与其他云服务嵌套和叠层组成。例如,公有SaaS(软件即服务)提供商可以将其服务建立在PaaS(平台即服务)或IaaS(基础设施即服务)云之上。SaaS云的可用性级别由这些服务的可用性决定。如果一个支持服务的可用性百分比降低,那么整体可用性会相应的受损。
使用第三方云提供商进行外包或者分包服务的云服务应有更多的考虑,包括第三方控制的范围,相应的职责(如协定的策略和许可),及出现问题时可进行的补救及诉诸措施。
云提供商将应用和服务依托于其他组织,这些组织可能涉及其他控制域,但是对于消费者来说,通过透明的认证机制,使得这些控制像是云提供商所提供的。
信任通常是不可传递的,这就要求在与云提供商签订合同前公开第三方协定,与云提供商的合同需全部支持这些协定,或者这些协定在任何可预期变更的情况下,通过充分的告知终止。
责任和履约保证金能够成为混合云服务的一个重要问题。比如,一个消费者基于存储的社交网络服务,在丢失了其两万个用户的巨额数据的访问而停业。因为它依赖于其他云提供商来存储历史数据,同时基于另一个云提供商来存储新近推出的应用和数据库,所以,导致失败的直接责任仍旧模糊不清且从未解决[Bro08]。


--------本帖迄今已累计获得35安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对信任关系的影响
帖子发表于 : 2012-02-08 20:14 
离线
高级用户

注册: 2007-07-03 12:20
最近: 2018-02-05 11:41
拥有: 2,707.40 安全币

奖励: 1138 安全币
在线: 6396 点
帖子: 216
引用:
Visibility. Continuous monitoring of information security requires maintaining ongoing awareness of security controls, vulnerabilities, and threats to support risk management decisions [Dem10]. Collecting and analyzing available data about the state of the system should be done regularly and as often as needed by the organization to manage security and privacy risks, as appropriate for each level of the organization involved in decision making. Transition to public cloud services entails a transfer of responsibility to the cloud provider for securing portions of the system on which the organization’s data and applications operate. To fulfill the obligations of continuous monitoring, the organization is dependent on the cloud provider, whose cooperation is essential, since aspects of the computing environment are under the cloud provider’s complete control.

Knowledge of a cloud provider’s security measures is also needed for the organization to conduct risk management. For example, the process of identifying vulnerabilities should include an analysis of the system security features and the security controls used to protect the cloud environment [Sto02]. Cloud providers can be reluctant to provide details of their security and privacy measures and status, however, since such information is often considered proprietary and might otherwise be used to devise an avenue of attack. Moreover, detailed network and system level monitoring by a cloud consumer is generally not part of most service arrangements, limiting visibility and the means to audit operations directly (e.g., [Bro09, Dig08, Met09]). While notification tools and Web-based dashboards are typically made available to consumers to monitor status, they can lack sufficient detail and may themselves suffer disruption during a system outage [Goo09a, Ker11, Per11].

Transparency in the way the cloud provider operates, including the provisioning of composite services, is a vital ingredient for effective oversight over system security and privacy by an organization. To ensure that policy and procedures are being enforced throughout the system lifecycle, service arrangements should include some means for the organization to gain visibility into the security controls and processes employed by the cloud provider and their performance over time. For example, the service agreement could include the right to audit controls via a third party, as a way to validate control aspects that are not otherwise accessible or assessable by the consumer. Ideally, the consumer would have control over aspects of the means of visibility to accommodate its needs, such as the threshold for alerts and notifications, and the level of detail and schedule of reports.



可视性。持续监控信息安全要求不断了解安全控制、弱点和威胁来协助进行风险管理决策[Dem10]。每当组织需要管理安全和隐私风险时,都应定期收集和分析系统状态的可用数据,并且组织的各级人员都应参与决策。向公有云服务迁移时需要将责任转让给云提供商,保护系统中组织数据和应用的操作部分。为了履行持续监控的义务,组织需要依靠云提供商,由于云提供商完全控制计算环境,因此与云提供商的合作非常重要。

组织执行风险管理必须了解云提供商的安全度量。例如,识别弱点的过程应包含分析系统安全特征,识别用于保护云环境的安全控制措施[Sto02]。尽管如此,云提供商不愿意提供其安全和隐私度量的细节和状态,因为这样的信息通常认为是其私有的,否则会被用于设计攻击途径。此外,通常服务方案都不包含让云消费者监控详细的网络和系统级别,因而限制了可视性及直接的审计操作(例如,[Bro09, Dig08, Met09])。如果将告知工具和基于网络的仪表板开放给用户来监控状态,那么他们可能缺乏足够的细节,也可能在系统停顿时只能忍受中断[Goo09a, Ker11, Per11]。

云提供商的运营方式及其提供的混合服务的透明性,是组织有效监管系统安全和隐私的重要因素。为了确保策略和程序执行于整个系统生命周期中,服务协议应包含一些组织可用的方法,通过这些方法能够获取安全控制和流程的可视性,及控制和流程实施的执行效果。例如,服务协议可以包含通过第三方审计控制点的权力,作为验证控制方面的途径,否则消费者不能访问或接触这些控制。理想的情况下,消费者可以通过控制可视性的方式来适应自身需求,比如阈值报警通知,报告的颗粒度和日程计划。


--------本帖迄今已累计获得35安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对信任关系的影响
帖子发表于 : 2012-02-09 16:07 
离线
高级用户

注册: 2007-07-03 12:20
最近: 2018-02-05 11:41
拥有: 2,707.40 安全币

奖励: 1138 安全币
在线: 6396 点
帖子: 216
引用:
Ancillary Data. While the focus of attention in cloud computing is mainly on protecting application data, cloud providers also hold significant details about the accounts of cloud consumers that could be compromised and used in subsequent attacks. Payment information is one example; other, more subtle types of information, can also be involved. For example, a database of contact information stolen from a SaaS cloud provider, via a targeted phishing attack against one of its employees, was used in turn to launch successful targeted electronic mail attacks against consumers of the cloud service [Kre07, Mcm07]. The incident illustrates the need for cloud providers to protect and report promptly security breaches occurring not only in the data the cloud provider holds for its consumers, but also in the data it holds about its consumers, regardless of whether the data is held within or separately from the cloud infrastructure.

Other types of ancillary data that exists involve information the cloud provider collects or produces about customer-related activity in the cloud. They include data collected to meter and charge for consumption of resources, logs and audit trails, and other such metadata that is generated and accumulated within the cloud environment. Unlike organizational data, a cloud provider may be more inclined to claim ownership over the operational and other types of metadata it collects. Such data, if sold, released, or leaked to a third party, however, is a potential threat to an organization’s privacy, since the data could be used to infer the status and outlook of an organization’s initiative (e.g., the activity level or projected growth of a startup company). Several points to consider clarifying in a service contract are the types of metadata collected by the cloud provider, the protection afforded the metadata, and the organization’s rights over metadata, including ownership, opting out of collection or distribution, and fair use.



辅助数据。当对于云计算的关注聚焦在保护应用数据时,云提供商同样持有云消费者账户的重要详细数据,这些数据可能被入侵并用于后续攻击中。支付信息就是一个例子;而其他更精细类型的信息同样能牵扯其中。例如,通过对雇员的目标钓鱼攻击而从SaaS(软件即服务)云提供商那里偷窃的联络信息数据库,就被用于对云服务的消费者成功的发起电子邮件攻击[Kre07, Mcm07]。这个事件描述了云提供商需要保护并及时汇报安全违规,不仅包括其为客户所持有的数据,还要包括其所持有的客户数据,无论这些数据存储在云架构中还是云架构之外。
其他辅助数据类型包括云提供商收集或产生的消费者在云内相关活动的信息。这包括收集来的信息用以计算和收费消耗资源、日志及审计跟踪,和其他类似的云环境内产生或累计的元数据。不像组织数据那样,云提供商可能更倾向于把握收集的操作数据和其他类型元数据的所有权。由于这样的数据能够用于推断组织发展的状态和前景,这些数据如果买卖,发布或者泄露给第三方,对组织的隐私来说将是潜在的威胁。澄清服务合同可以从几个点来考虑,包括云提供商收集的元数据类型,给予元数据的保护,组织对于元数据的权力,包括所有权,收集和分发的撤销权,及合理使用权。


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对信任关系的影响
帖子发表于 : 2012-02-10 16:18 
离线
高级用户

注册: 2007-07-03 12:20
最近: 2018-02-05 11:41
拥有: 2,707.40 安全币

奖励: 1138 安全币
在线: 6396 点
帖子: 216
引用:
Risk Management. With cloud-based services, some subsystems or subsystem components fall outside of the direct control of a client organization. Many organizations are more comfortable with risk when they have greater control over the processes and equipment involved. At a minimum, a high degree of control provides the option to weigh alternatives, set priorities, and act decisively in the best interest of the organization when faced with an incident. Risk management is the process of identifying and assessing risk to organizational operations, organizational assets, or individuals resulting from the operation of an information system, and taking the necessary steps to reduce it to an acceptable level [Sto02]. The process includes the conduct of a risk assessment, the implementation of a risk mitigation strategy, and the employment of techniques and procedures for the continuous monitoring of the security state of the information system. Public cloud-based systems, as with traditional information systems, require that risks are managed throughout the system lifecycle.

Assessing and managing risk in systems that use cloud services can be a challenge. FISMA and OMB policy require external providers handling federal information or operating information systems on behalf of the federal government to meet the same security requirements as federal agencies [JTF10]. To the maximum extent practicable, organizations should ensure that privacy and security controls are implemented correctly, operate as intended, and meet its requirements. Organizations should understand the privacy and security controls of the cloud service, establish adequate arrangements in the service agreement, making any needed adjustments, and monitor compliance of the service controls with the terms of the agreement.

Establishing a level of trust about a cloud service is dependent on the degree of control an organization is able to exert on the provider to provision the security controls necessary to protect the organization’s data and applications, and also the evidence provided about the effectiveness of those controls [JTF10]. However, verifying the correct functioning of a subsystem and the effectiveness of security controls as extensively as with an organizational system may not be feasible in some cases, and other means (e.g., third-party audits) may be used to establish a level of trust. Ultimately, if the level of trust in the service falls below expectations and the organization is unable to employ compensating controls, it must either reject the service or accept a greater degree of risk.



风险管理。通过基于云的服务,一些子系统或者子系统模块超出了客户组织的直接控制。很多组织通过加强相关流程和设备的控制来适应风险。至少,在组织面临事件的情况下,高度控制提供了组织最佳利益的选项,来权衡事物,设置优先权,果断执行。风险管理是流程,用以识别和评估组织运营、组织资产或单个信息系统运行结果的风险,并且通过必要的步骤来降低风险到可接受的等级。这个流程包括进行风险评估,执行风险削减策略,及使用技术和程序来持续监控信息系统的安全状态。基于公有云的系统,像传统信息系统一样,需要在整个系统的生命周期都管理风险。

评估和管理云服务使用系统的风险是充满挑战的。FISMA和OMB策略要求,外部提供商代表联邦机构处理联邦信息或者操作信息系统的,能够满足与联邦机构相同的安全要求。为了最大程度的可行,组织必须确保隐私和安全控制得以正确执行,依照预期运行,并满足需求。组织应了解云服务的隐私和安全控制,在服务协议中建立足够的条款,进行必要的调整,并监控服务控制是否与协议一致。

建立云服务的信任级别依赖于组织的控制度,即促使提供商部署必要的安全控制来保护组织的数据和应用程序,并为这些控制的有效性提供证据[JTF10]。但是,有些情况下,尽可能广的验证子系统功能的正确性和验证安全控制的有效性并不可行,其他方式(例如,例如第三方审计)才可能用于建立信任级别。基本上,如果服务的信任级别低于预期,且组织不能够使用补偿措施,那么组织必须拒绝该服务或接受更大程度的风险。


--------本帖迄今已累计获得33安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 8 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 1 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
cron
华安信达(CISPS.org) ©2003 - 2012