Enviar pesquisa
Carregar
(Pdf) yury chemerkin _i-society-2013 proceedings
•
0 gostou
•
459 visualizações
STO STRATEGY
Seguir
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 7
Baixar agora
Baixar para ler offline
Recomendados
Security and Privacy Enhancing Multicloud Architecture
Security and Privacy Enhancing Multicloud Architecture
ijsrd.com
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013
STO STRATEGY
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
STO STRATEGY
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013
STO STRATEGY
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
IJERA Editor
Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture
IJECEIAES
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Project
Recomendados
Security and Privacy Enhancing Multicloud Architecture
Security and Privacy Enhancing Multicloud Architecture
ijsrd.com
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013
STO STRATEGY
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
STO STRATEGY
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013
STO STRATEGY
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
IJERA Editor
Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture
IJECEIAES
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Project
FRAMEWORK FOR SECURE CLOUD COMPUTING
FRAMEWORK FOR SECURE CLOUD COMPUTING
ijccsa
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
IJNSA Journal
Rp059 Icect2012 E694
Rp059 Icect2012 E694
Sandeep Saxena
Cloud Computing Security
Cloud Computing Security
Dhaval Dave
An approach for secured data transmission at client end in cloud computing
An approach for secured data transmission at client end in cloud computing
IAEME Publication
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
ClubHack
A Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and Consequences
Associate Professor in VSB Coimbatore
A dynamic policy based security-as-a-service infrastructure for cloud environ...
A dynamic policy based security-as-a-service infrastructure for cloud environ...
eSAT Publishing House
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
Survey on Security in Cloud Hosted Service & Self Hosted Services
Survey on Security in Cloud Hosted Service & Self Hosted Services
ijtsrd
Dn35636640
Dn35636640
IJERA Editor
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
TT L
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET Journal
Incident response in cloud environments
Incident response in cloud environments
Mohamed (Mody) Mohamed, MSc, CISSP
Cloud security
Cloud security
Mohamed Shalash
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
Cloud Security 2014 AASNET
Cloud Security 2014 AASNET
Farrukh Shahzad
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
Wise Pacific Venture
Cloud security and services
Cloud security and services
Jas Preet
Is data secure on the password protected blackberry device
Is data secure on the password protected blackberry device
STO STRATEGY
Love
Love
7Nitin7
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013
STO STRATEGY
Mais conteúdo relacionado
Mais procurados
FRAMEWORK FOR SECURE CLOUD COMPUTING
FRAMEWORK FOR SECURE CLOUD COMPUTING
ijccsa
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
IJNSA Journal
Rp059 Icect2012 E694
Rp059 Icect2012 E694
Sandeep Saxena
Cloud Computing Security
Cloud Computing Security
Dhaval Dave
An approach for secured data transmission at client end in cloud computing
An approach for secured data transmission at client end in cloud computing
IAEME Publication
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
ClubHack
A Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and Consequences
Associate Professor in VSB Coimbatore
A dynamic policy based security-as-a-service infrastructure for cloud environ...
A dynamic policy based security-as-a-service infrastructure for cloud environ...
eSAT Publishing House
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
Survey on Security in Cloud Hosted Service & Self Hosted Services
Survey on Security in Cloud Hosted Service & Self Hosted Services
ijtsrd
Dn35636640
Dn35636640
IJERA Editor
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
TT L
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET Journal
Incident response in cloud environments
Incident response in cloud environments
Mohamed (Mody) Mohamed, MSc, CISSP
Cloud security
Cloud security
Mohamed Shalash
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
Cloud Security 2014 AASNET
Cloud Security 2014 AASNET
Farrukh Shahzad
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
Wise Pacific Venture
Cloud security and services
Cloud security and services
Jas Preet
Mais procurados
(19)
FRAMEWORK FOR SECURE CLOUD COMPUTING
FRAMEWORK FOR SECURE CLOUD COMPUTING
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
Rp059 Icect2012 E694
Rp059 Icect2012 E694
Cloud Computing Security
Cloud Computing Security
An approach for secured data transmission at client end in cloud computing
An approach for secured data transmission at client end in cloud computing
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
A Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and Consequences
A dynamic policy based security-as-a-service infrastructure for cloud environ...
A dynamic policy based security-as-a-service infrastructure for cloud environ...
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
Survey on Security in Cloud Hosted Service & Self Hosted Services
Survey on Security in Cloud Hosted Service & Self Hosted Services
Dn35636640
Dn35636640
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
Incident response in cloud environments
Incident response in cloud environments
Cloud security
Cloud security
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
Cloud Security 2014 AASNET
Cloud Security 2014 AASNET
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
Cloud security and services
Cloud security and services
Destaque
Is data secure on the password protected blackberry device
Is data secure on the password protected blackberry device
STO STRATEGY
Love
Love
7Nitin7
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013
STO STRATEGY
Grammarly Test Club#1. Выступление Гали Братчик (Grammarly): "Тестирование лю...
Grammarly Test Club#1. Выступление Гали Братчик (Grammarly): "Тестирование лю...
GTestClub
Flowers..............
Flowers..............
7Nitin7
Brasi1
Brasi1
jchdepascual
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniques
STO STRATEGY
Solo Cars
Solo Cars
Soloten
Institutional regulations
Institutional regulations
gmisso33
NU Research Report #2
NU Research Report #2
Drew West
2 tazas de café
2 tazas de café
José de María Pinto Pinto
Silencios
Silencios
José de María Pinto Pinto
Slide nahu (2)
Slide nahu (2)
IFFAH K.ANUAR
Textual analysis united 93
Textual analysis united 93
gmisso33
Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...
Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...
GTestClub
Luquin_linkedin
Luquin_linkedin
Jose Luquin
Аутсорсинг маркетинга
Аутсорсинг маркетинга
Soloten
Men Plain Socks by Cl aovsocks
Men Plain Socks by Cl aovsocks
Aov Cleverknits Pvt Ltd
Diego 9º3
Diego 9º3
diegoandresvergaraavilez
Contra quién luchamos
Contra quién luchamos
José de María Pinto Pinto
Destaque
(20)
Is data secure on the password protected blackberry device
Is data secure on the password protected blackberry device
Love
Love
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013
Grammarly Test Club#1. Выступление Гали Братчик (Grammarly): "Тестирование лю...
Grammarly Test Club#1. Выступление Гали Братчик (Grammarly): "Тестирование лю...
Flowers..............
Flowers..............
Brasi1
Brasi1
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniques
Solo Cars
Solo Cars
Institutional regulations
Institutional regulations
NU Research Report #2
NU Research Report #2
2 tazas de café
2 tazas de café
Silencios
Silencios
Slide nahu (2)
Slide nahu (2)
Textual analysis united 93
Textual analysis united 93
Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...
Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...
Luquin_linkedin
Luquin_linkedin
Аутсорсинг маркетинга
Аутсорсинг маркетинга
Men Plain Socks by Cl aovsocks
Men Plain Socks by Cl aovsocks
Diego 9º3
Diego 9º3
Contra quién luchamos
Contra quién luchamos
Semelhante a (Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings
STO STRATEGY
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
IJNSA Journal
(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013
STO STRATEGY
SECURITY CONCERN ON CLOUD BASED ON ATTRIBUTES: AN SURVEY
SECURITY CONCERN ON CLOUD BASED ON ATTRIBUTES: AN SURVEY
Editor Jacotech
1376843836 94879193
1376843836 94879193
Editor Jacotech
1376843836 94879193
1376843836 94879193
Editor Jacotech
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and Services
IOSR Journals
SECURE DATA TRANSMISSION OVER CLOUD USING MOBILE TECHNOLOGY
SECURE DATA TRANSMISSION OVER CLOUD USING MOBILE TECHNOLOGY
ijsrd.com
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
IJERD Editor
Research On Preserving User Confidentiality In Cloud Computing – Design Of A ...
Research On Preserving User Confidentiality In Cloud Computing – Design Of A ...
IJERA Editor
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
VAST
A Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud Computing
IJMER
Cloud-Trust—a Security Assessment Modelfor Infrastructure as
Cloud-Trust—a Security Assessment Modelfor Infrastructure as
WilheminaRossi174
INFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTING
ijitcs
Outsourcing control
Outsourcing control
Shahbaz Sidhu
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
IOSR Journals
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
ijccsa
The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docx
cherry686017
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
ijfcstjournal
Semelhante a (Pdf) yury chemerkin _i-society-2013 proceedings
(20)
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013
SECURITY CONCERN ON CLOUD BASED ON ATTRIBUTES: AN SURVEY
SECURITY CONCERN ON CLOUD BASED ON ATTRIBUTES: AN SURVEY
1376843836 94879193
1376843836 94879193
1376843836 94879193
1376843836 94879193
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and Services
SECURE DATA TRANSMISSION OVER CLOUD USING MOBILE TECHNOLOGY
SECURE DATA TRANSMISSION OVER CLOUD USING MOBILE TECHNOLOGY
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
Research On Preserving User Confidentiality In Cloud Computing – Design Of A ...
Research On Preserving User Confidentiality In Cloud Computing – Design Of A ...
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
A Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud Computing
Cloud-Trust—a Security Assessment Modelfor Infrastructure as
Cloud-Trust—a Security Assessment Modelfor Infrastructure as
INFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTING
Outsourcing control
Outsourcing control
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docx
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
Mais de STO STRATEGY
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013
STO STRATEGY
(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013
STO STRATEGY
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013
STO STRATEGY
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013
STO STRATEGY
(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013
STO STRATEGY
(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013
STO STRATEGY
(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013
STO STRATEGY
(Pdf) yury chemerkin _icitst_2012
(Pdf) yury chemerkin _icitst_2012
STO STRATEGY
Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012
STO STRATEGY
(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011
STO STRATEGY
Pen test career. how to begin
Pen test career. how to begin
STO STRATEGY
State of art of mobile forensics
State of art of mobile forensics
STO STRATEGY
AWS Security Challenges
AWS Security Challenges
STO STRATEGY
Blackberry playbook – new challenges
Blackberry playbook – new challenges
STO STRATEGY
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
STO STRATEGY
Social network privacy.
Social network privacy.
STO STRATEGY
Social network privacy
Social network privacy
STO STRATEGY
Interview with yury chemerkin
Interview with yury chemerkin
STO STRATEGY
To get round to the heart of fortress
To get round to the heart of fortress
STO STRATEGY
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
STO STRATEGY
Mais de STO STRATEGY
(20)
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013
(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _icitst_2012
(Pdf) yury chemerkin _icitst_2012
Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012
(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011
Pen test career. how to begin
Pen test career. how to begin
State of art of mobile forensics
State of art of mobile forensics
AWS Security Challenges
AWS Security Challenges
Blackberry playbook – new challenges
Blackberry playbook – new challenges
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
Social network privacy.
Social network privacy.
Social network privacy
Social network privacy
Interview with yury chemerkin
Interview with yury chemerkin
To get round to the heart of fortress
To get round to the heart of fortress
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
Último
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Jago de Vreede
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
Architecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Último
(20)
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Architecting Cloud Native Applications
Architecting Cloud Native Applications
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
(Pdf) yury chemerkin _i-society-2013 proceedings
1.
International Conference on
Information Society (i-Society 2013) Technical Co-Sponsored by IEEE Toronto Section June 24-26, 2013, Toronto, Canada Sponsors www.i-society.eu i-Society 2013 Proceedings Edited By Charles A. Shoniregun Galyna A. Akmayeva Contents Page Welcome Speech Program Committees PhD Consortium Workshops Sessions Copyright © i-Society 2013 Published by Infonomics Society Keynote Speakers ISBN: 978-1-908320-13-1 IEEE Catalog Number: CFP1329N-CDR
2.
Limitations of Security
Standards against Public Clouds Yury Chemerkin Russian State University for the Humanities (RSUH) Moscow, Russia yury.chemerkin@gmail.com Abstract – Since a web-technology has arisen and clouds has come, every application wants to be online and operates with sensitive data that cannot but attract anyone to get an access this data. It means an urgent need in security. Examining the clouds leads us to different visions of security controls and metrics per each cloud vendor while industrial organizations try to help to the vendors and their customers with an appropriate security level. They offer a transparency of security controls that belong to different vendors against the best security practices. Keywords: cloud security, amazon web services, aws, azure, compliance, csa recommendations, nist sp 800-53 rev.3, nist, csa I. INTRODUCTION A cloud goal is delivering various computing resources like computing, storage, databases as paid services over the web. It is generally known, cloud vendors provides it without infrastructure and location details that is partially wrong or depends on certain vendors as well as cloud may bring quite unique concerns on security field. As opposed to a private cloud, a public cloud hypervisor does not provide APIs unfortunately to manage any process and flows that totally has nothing new from managing a blackbox several decades ago. It is just as trust like downloading and buying third-party solutions while cloud solutions are third party too. To build a security and privacy, cloud vendors provide their customers with security controls on areas like data protection, identity management, application and system/network security and availability. However, the customers must meet a transparency of security controls in alignment with industrial standards, while vendors must enable them to comply with it. Standards like the documents of NIST, ISO, PCI DSS, etc. provide a measure on information security from the perspective of security at least because there are various ways to get the same security level. However, such standards look like more detailed and go deeply on security and privacy than guidance, best practices and metrics promoted by CSA. They try to bring a transparency on clouds but results are far away from it that makes the customers actions uncertain. This research examines MS Azure and AWS clouds in alignment modern security standards and goes to explain possible issues to obtain “trustable security controls” in according to a compliance and present a working out the details of recommendations among several standards. In addition, it addresses a deeply analysis between different cloud vendors on security. The paper extends the results of previous [2-4] on security, compliance and transparency of AWS controls. II. RELATED WORK MS Azure has become one more popular cloud platform along with Amazon Web Services (AWS) as an open cloud platform to operate with web sites, applications, mobile services, VMs, BigData, MediaStream and more. These clouds are both so popular that both are a background for iCloud [5]. An examination of AWS security controls with their transparency in alignment security guidance and ability to pass it easy were given in paper [4], [3]. A quick analysis of AWS and Azure was given in paper [2]. As Azure has purposed of data spreading, it shifts a significant part of security from typical layer (network, OS, etc.) to an application layer on standards examination as opposed to AWS [12]. That is key thing why a cloud security might have unique concerns under the mask of a non-typical interaction, but certainly known within a scope of a penstest and audit of applications. In general, it replaces a user/password plus MFA access to an x509 access keeping basic security rules. The standards with best practices together are known provides us with a least security that sometimes dumped with descriptive generalizations and properties, because simplification and reducing are not the same things. For example, a paper is about top nine cloud threats [1] as opposed to seven previous covers quite mixed facts related to private clouds than public. These examples in the link section are “1.0. Top Threat: Data Breaches // Cross-VM Side Channels and Their Use to Extract private Keys”, “7.0. Top Threat: Abuse of Cloud Services // CrossVM Side Channels and Their Use to Extract private Keys” “4.0. Top Threat: Insecurity Interfaces and APIs” // both examples The first case highlights how the public clouds e.g. AWS EC2 are vulnerable but totally focused on a private cloud case (VMware and XEN), while there is no a known way to apply it to AWS [9]. Instead, the work [7] explains how to compromise EC2 & S3 control interfaces with different modern techniques, but Amazon advises a native configuration against it [8]. The second case presents issues raised by a SSO access without relation to the public clouds (except Dropbox, SkyDrive) and addressed to insecurity of APIs. A paper is about issues of SSL validation [10] is a similar example, successfully solved by AWS. Dumping all generalized facts and recommendations into the basket is not good idea and may leads to the statements like “cloud vendors do not provide with full detailed to let us trust and ensure us in privacy”. First of all, the cloud vendors have their infrastructure built and Copyright © i-Society 2013 Technical Co-Sponsored by IEEE Toronto Section 58
3.
configured in according
to the standards like ISO, PCI DSS, CoBIT that validated by independent auditors and experts every time. Second, providing such results under a NDA only (shifting details to private reports) should be mainly reasonable especially in technical cases. By way of example, an examination of AWS services against CSA requirements gives a vague answer about a real transparency bringing by CSA recommendations, because almost a third part of all responses covers such private reports [3-4]. However, not all solutions may provide the cloud customers with a proper protection. A forensics sanitization like an ERASERS proposed in [6] is a good concern for the clouds VM storages such as AWS EC2 only, not for a data storage provide by such services like AWS S3, Dropbox and similar. In this case, it is impossible to use wiping per each file; instead, it is allowed to data volumes upload as a single unit or rely on a cloud implementation according to DoD techniques. Such documents have a claim to be up-to-date with expertlevel understanding of significant threats and vulnerabilities to let to build an appropriate strategy to redress them. Everything taken together calls for an additional analysis on cloud TABLE I. Description compliance and transparency area to reduce misunderstanding of several standards’ requirements applied to clouds. III. EXAMINATION CSA REQ. ON AZURE AND AWS CSA documents are known try to level up a state of knowledge on cloud security; it gained to improve a visibility of cloud controls and features to help the customers easy meet with certain requirements, include local law regulations. The Table 1 addresses to the differences between AWS and Azure according to meet the CSA requirements as well as differences between the requirements of CAIQ [14] and CMM [13] against Azure in the docket; Microsoft has already filled the CAI Questionnaire [15], but it is CMM in fact. An examination takes a place to meet it from a technical (features) point of view in the first place. Each control ID is kept with a control group description but without ID control explanation; in addition, it is grouped by similar metrics. If there is any difference between CAIQ ID and CMM ID, there will often be a difference between AWS and Azure except cases such as swapping IDs or repeating it. DIFF. BETWEEN AWS AND AZURE VS. CSA REQ. CAIQ CID CO-01.1 CO-02.1-7 CO-03.1-2 CMM CID CO-01 CO-02 CO-03 Contact/AuthorityMaintenance Information System Regulatory Mapping Intellectual Property CO-04.1 CO-05.1-2 CO-04 CO-05 CO-06.1 CO-07.1 CO-08.1 CO-06 No CAIQ gets across a segmentation, while CMM makes it unclear at first glance No Ownership / Stewardship DG-01.1 DG-01 No Classification Handling / Labeling / Security Policy Retention Policy DG-02.1-5 DG-03.1 DG-02 DG-03 No No DG-04.1-2 DG-04 No Secure Disposal DG-05.1-2 DG-05 No Nonproduction Data Information Leakage DG-06.1 DG-07.1-2 DG-06 DG-07 No No Risk Assessments DG-08.1 DG-08 Policy User Access FS-01.1 FS-02.1 FS-01 FS-02 Controlled Access Points Unauthorized Persons Entry Secure Area Authorization FS-03.1 FS-05.1 FS-04.1 FS-03 FS-05 FS-04 CMM DG 08 aggregates CAIQ DG-02, DG-03, while CAIQ points to a control of health data and continuous monitoring No CMM F-02 refers to an equivalent CAIQ FS-03, while CAIQ FS-02 refers to the CMM HR-01 and the same CAIQ HR-01 No Offsite Authorization Offsite equipment Asset Management Background Screening FS-06.1 FS-07.1 FS-08.1-2 HR-01.1 FS-06 FS-07 FS-08 HR-01 Audit Planning Independent Audits Third Party Audits DIFF (CAIQ vs. CMM) No No No DIFF (AWS vs. AZURE) No No As opposed to AWS, Azure does not have a clearly defined statement whether their customers able to perform their own vulnerability test No AWS falls in details to comply it that results of differences between CAIQ and CMM Standards are different; AWS is in alignment with COBIT, ISO 27002 and PCI Data Security Standards; Azure is in alignment with ISO 27001, Digital Millennium Copyright Act AWS mentions about ISO 15489 standards while Azure does not No AWS falls in details what customers are allowed to do and how exactly while Azure does not AWS points to the customers’ responsibility to manage data, exclude moving between Availability Zones inside one region; Azure ensures on validation and processing with it, and indicate about data historical auto-backup No serious, AWS relies on DoD 5220.22 additionally while Azure does NIST 800-88 only No AWS relies on AMI and EBS services, while Azure does on Integrity data No No No CMM FS-04 was partially covered at FS03 and FS-05 No No No No No No No Copyright © i-Society 2013 Technical Co-Sponsored by IEEE Toronto Section 59
4.
Employment Agreements Employment Termination Management Program, Management Support / Involvement,
Policy Baseline Requirements HR-02.1-2 HR-03.1 IS-01.1 IS-02.1 IS-03.1-3 IS-04.1-3 HR-02 HR-03 IS-01 IS-02 IS-03 IS-04 Policy Reviews IS-05.1 IS-05 As opposed to CMM, CAIQ points to trusted VMs additionally that is allowed to be imported CAIQ Policy Enforcement User Access Policy User Access Restriction Authorization User Access Revocation User Access Reviews Training / Awareness IS-06.1-2 IS-07.1-2 IS-08.1-2 IS-06 IS-07 IS-08 No No No IS-09.1-2 IS-10.1-3 IS-11.1-2 IS-09 IS-10 IS-11 No No Industry Knowledge / Benchmarking Roles / Responsibilities Management Oversight Segregation of Duties User Responsibility Workspace Encryption, Encryption Key Management Vulnerability / Patch Management IS-12.1-2 IS-12 No No, except CMM IS-10 addressed to an access review and CAIQ IS-09 and HR02 No IS-13.1 IS-14.1 IS-15.1 IS-16.1-3 IS-17.1-3 IS-18.1-2 IS-19.1-4 IS-20.1-6 IS-13 IS-14 IS-15 IS-16 IS-17 IS-18 IS-19 IS-20 No No No No No No No No No AWS offers encryption features for VM, storage, DB, networks while Azure does for XStore (Azure Storage) AWS provides their customers to ask for their own pentest while Azure does not Antivirus / Malicious Software Incident Management Incident Reporting Incident Response Legal Preparation Incident Response Metrics Acceptable Use Asset Returns eCommerce Transactions Audit Tools Access Diagnostic / Configuration Ports Access, Network / Infrastructure Services Portable / Mobile Devices Source Code Access Restriction Nondisclosure Agreements Third Party Agreements IS-21.1-2 IS-22.1 IS-23.1-2 IS-24.1-4 IS-21 IS-22 IS-23 IS-24 IS-25.1-2 IS-26.1-3 IS-27.1-2 IS-28.1-2 IS-29.1 IS-30.1, IS-31.1-2 IS-25 IS-26 IS-27 IS-28 IS-29 IS-30, IS-31 No No No No No No No AWS provides more services and solutions that cover it No No IS-32.1 IS-33.1-2 IS-32 IS-33 No No LG-01.1 LG-02.1-3 LG-01 LG-02 No Policy Documentation Capacity / Resource Planning Equipment Maintenance OP-01.1 OP-02.1 OP-03.1-2 OP-04.1-5 OP-01 OP-02 OP-03 OP-04 No Program, Assessments, Mitigation/Acceptance, Business/Policy Change Impacts Third Party Access New Development / Acquisition Production Changes Quality Testing Outsourced Development Unauthorized Software Installations Management Program, Impact Analysis, Business Continuity Planning, Business Continuity RI-01.1-2 RI-02.1-2 RI-03.1-2 RI-04.1 RI-05.1-7 RM-01.1 RI-01 RI-02 RI-03 RI-04 RI-05 RM-01 No AWS highlights that they does not leverage any 3rd party cloud providers to deliver AWS services to the customers. Azure points to the procedures,NDA undergone with ISO AWS relies on CoBIT and PCI DSS additionally while Azure relies on ISO 27001 only No Additionally, AWS provides similar features on customers’ side to meet the requirements No No No No No RM-02.1 RM-03.1 RM-04 RM-05.1 RM-02 RM-03 RM-04 RM-05 No No No No As opposed to AWS, Azure details the SDLC controls No RS-01.1 RS-04.1 RS-02.1-3 RS-01 RS-02 RS-03 No No / No Additionally, CAIQ pentesting besides responsibilities No No No No No points to self the vendors’ Differences are in industrial standards AWS relies on CoBIT and PCI DSS additionally while Azure on ISO 27001 only AWS provides more high detailed how-to docs than Azure, allows to import trusted VM from VMware, Azure CAIQ points to a notifications of customers additionally, while CMM mentions to review only No No No No No No No Copyright © i-Society 2013 Technical Co-Sponsored by IEEE Toronto Section 60
5.
Testing, Environmental Risks, Equipment Location, Equipment
Power Failures, Power/Telecommunications Customer Access Requirement User ID Credentials RS-03.1-2 RS-05.1 RS-06.1 RS-07.1 RS-08.1-2 SA-01.1 SA-02.1-7 RS-04 RS-05 RS-06 RS-07 RS-08 SA-01 SA-02 Data Security / Integrity Application Security Data Integrity (Non)Production nvironments, Network Security Remote User MFA Segmentation Wireless Security Shared Networks Clock Synchronization SA-03.1 SA-04.1-3 SA-05.1 SA-06.1-2 SA-08.1 SA-07.1 SA-09.1-4 SA-10.1-3 SA-11.1 SA-12.1 SA-03 SA-04 SA-05 SA-06 SA-08 SA-07 SA-09 SA-10 SA-11 SA-12 Equipment Identification SA-13.1 SA-13 CMM mentions synchronization No Audit Logging / IDS Mobile Code SA-14.1-3 SA-15.12 SA-14 SA-15 No No IV. No CMM falls in details about password credentials CMM refers more to the web host applications than services No No CMM highlights useful details EXAMINATION NIST REQ. ON AZURE AND AWS A paper [11] provides a brief examination several clouds (AWS EC2, Azure, GAE) against NIST through the mapping security and privacy attributes to NIST guidelines but not goes deeply. However, NIST documents SP800-144 [16], SP800146 [17] provide with general considerations how to improve a cloud security that does not bring a transparency of cloud controls and are still in progress to be similar to NIST SP80053 by reducing non-cloud statements that is partially helps the customers because of a limitedness and focusing only on cloud. In other words, even it seems as a non-applicable requirement, such excluding may remove some objects like mobile endpoints from an infrastructure and cripple a perceptual unity. That is why the Table 2 contains an examination cloud controls in alignment NIST SP800-53 Rev.3 (rev.4 has not released yet) [18] and covers a technical class only; withdrawn controls are missed. Several conditions used in the Table 2: Abbr. "w/o" means basic requirements. Abbr. "w" – with control enhancements. Abbr. "CE" means control enhancements where "None" means there are no enhancements. Abbr. "N" means there is no ability to meet this requirement. Abbr. "Y" means basic TABLE II. ID services of clock No Besides the AD (Active Directory) AWS IAM solution are alignment with both CAIQ, CMM requirements while Azure addresses to the AD to perform these actions AWS refers to the ISO 27001/27002, CoBIT, PCI DSS while Azure refers to the ISO 27001 AWS provides more details how-to documents to having a compliance No Besides vendor features, AWS provides quite similar mechanism in alignment CAIQ & CMM, while Azure points to features built in infrastructure on a vendor side No Additionally, AWS provides metadatas with tags together to helps the customers meet it No AWS points their clients to be responsible to meet such requirements, while Azure points to build solutions tracked for mobile code requirements like procedures or rest well-known solutions such as VPN. It means an ability to configure and use, however the customers need to use APIs, links a cloud layer solution with others like Active Directory or independent solutions (3rd party software, another cloud to backup data, etc.) or definitely noncloud layer, e.g. OS layer to meet such requirement. Abbr. "exc." means “Yes”, “No”, “prebuilt”, “poss.” or something else except several statements/clauses related to other meaning: for example, “Y” exc. "smth" means "smth" is difficult (ask for additional actions with APIs or similar) to meet a requirement, or "N/A". “N” exc. “smth” means “smth” is equals to “Y”. If “exc.” is followed by “N/A” or other, it means an explicitly definition that is all good but there is no information (N/A) about “smth”. Abbr. "prebuilt" means the same solution was able to use as it (besides a configuration); Abbreviation "part prebuilt" means covering not all services of certain cloud. Abbr. "poss." means a possibility to build because of outstanding a cloud (or non-cloud) object from a logical point of view. Abbr. "internal" means a possibility ("p.internal") to build or prebuilt the similar solutions allowed to extend with call for internal data, while "t.internal" points to internal cloud vendors solutions or reports. Abbr. "N/A" means there is no public information to execute a requirement as well as a need to request a third party reports from cloud vendors. AWS AND AZURE AGAINST NIST REQ. w/o CE NAME AWS w CE Azure AC1 AC2 Access Control Policy and Procedures Account Management Y Y Y Y exc. g AC3 AC4 AC5 AC6 AC7 AC8 AC9 Access Enforcement Information Flow Enforcement Separation of Duties Least Privilege Unsuccessful Login Attempts System Use Notification Previous Logon (Access) Notification Y Y Y Y poss. Y Y Y Y Y Y poss. Y Y AWS None Y: 1, 4, 6, 7; prebuilt: 2, 5a-b; poss.3,5c,5d Y: 1,2;prebuilt: 3-6 prebuilt:1-8,10-17;N/A:9 None Y poss. None None Copyright © i-Society 2013 Technical Co-Sponsored by IEEE Toronto Section Azure None Y: 1-4, 5a, 6, 7; N/A: 5b-d Y exc. 3 (partially) Y exc. N/A: 12-15 None Y poss. None None 61
6.
AC10 AC11 AC14 AC16 Concurrent Session Control Session
Lock Permitted actions w/o Authentication Security Attributes Y Y AC17 AC18 AC19 AC20 AC21 AC22 AU1 AU2 AU3 AU4 AU5 AU6 AU7 AU8 AU9 AU10 AU11 AU12 AU13 AU14 IA1 IA2 IA3 IA4 IA5 Remote Access Wireless Access Access Control for Mobile Devices Use of External Information Systems User-Based Collaboration & Data Sharing Publicly Accessible Content Audit ,Accountability Policy and Procedures Auditable Events Content of Audit Records Audit Storage Capacity Response to Audit Processing Failures Audit Review, Analysis, and Reporting Audit Reduction and Report Generation Time Stamps Protection of Audit Information Non-repudiation Audit Record Retention Audit Generation Monitoring for Information Disclosure Session Audit Identification & AuthPolicy & Procedures Identification & Authentication Org. Users Device Identification & Authentication Identifier Management Authenticator Management Identification, Y Y prebuilt None None prebuilt None None None None poss. Y poss. Y Y None None None part prebuilt None prebuilt. p.internal p.internal Y poss. p.internal None Y None None None Y Y poss. Y SC2 SC3 SC4 SC5 SC6 SC7 SC8 SC9 SC10 SC11 SC12 SC13 SC14 SC15 SC16 SC17 SC18 SC19 SC2021 SC22 SC23 SC24 SC25 SC26 Authenticator Feedback CryptoModule Authentication Identification , Authentication Non-Org. Users System ,Communications Protection Policy & Procedures Application Partitioning Security Function Isolation Data In Shared Resources Denial of Service Protection Resource Priority Boundary Protection Transmission Integrity Transmission Confidentiality Network Disconnect Trusted Path CryptoKey Establishment & Management Use of Cryptography Public Access Protections Collaborative Computing Devices Transmission of Security Attributes Public Key Infrastructure Certificates Mobile Code Voice Over Internet Protocol Secure Name/Address Resolution Service (Authoritative Source, Recursive, Caching Resolver) Architecture & Provisioning for Name/Address Resolution Service Session Authenticity Fail in Known State Thin Nodes Honeypots Y prebuilt: 1 exc. poss: c; prebuilt: 2 exc. poss: c; prebuilt: rest Y Y Y Y Y Y None None None poss. Y poss. Y Y None None None N/A None poss. t.internal t.internal Y poss. t.internal None Y None None None Y Y poss. prebuilt: 1 exc. poss: c; prebuilt: 2 exc. poss: c; prebuilt: rest exc. N/A:6 None None None Y Y None None Y t.internal p.internal p.internal prebuilt Y t.internal p.internal p.internal prebuilt prebuilt IA6 IA7 IA8 SC1 Y Y Y Y Y Y Y Y part prebuilt part prebuilt poss. Y p.internal Y Y Y Y Y Y poss. Y Y Y Y prebuilt N/A:5 Y Y Y Y Y Y Y Y Y N/A poss. Y t.internal Y Y Y Y Y Y poss. Y Y Y Y prebuilt poss. poss. poss. Y Y poss. poss. poss.1;p.internal:2 poss. Y p.internal poss. poss. poss. poss. Y Y poss. poss. poss.1;p.internal:2 poss. Y p.internal poss. prebuilt t.internal None p.internal None prebuilt:1-6,11 exc. poss. 4c; prebuilt:7,8,9, 12,15,16; prebuilt:10 exc. N/A: iii, t.internal:v;p.internal:13,14,17 t.internal:1;poss. 2 prebuilt: 1;poss. 2 poss. None Y poss. None None None None p.internal None prebuilt t.internal None p.internal None prebuilt: 1-6, 11; N/A: 3-4, 8, 10, 17; poss. 7, 9, 12, 15; p.internal: 13, 14, 17 t.internal: 1;poss. 2 prebuilt: 1;poss. 2 poss. None Y poss. None None None None p.internal None prebuilt t.internal prebuilt t.internal prebuilt t.internal prebuilt t.internal p.internal prebuilt prebuilt poss. p.internal prebuilt prebuilt poss. p.internal None None None p.internal None None None prebuilt exc. None None Copyright © i-Society 2013 Technical Co-Sponsored by IEEE Toronto Section 62
7.
SC27 SC28 SC29 SC30 SC31 SC32 SC33 SC34 OS Independent Applications Protection
of data at Rest Heterogeneity Virtualization Techniques Covert Channel Analysis Information System Partitioning Transmission Preparation Integrity Non-Modifiable Executable Programs V. poss. poss. Y t.internal poss. Y Y poss. CONCLUSION Vendors are known are not tend to make some details on cloud security public to their customers. Clouds vendors explain it as “security through obscurity” matters and provides with independent auditors’ reports at the same time. It often leads to questions of trust level, ability to verify the controls and way it should be done. Industrial organizations with their security vision has relived but raised more questions on transparency instead of reducing it. These documents refer to known vulnerabilities beside the point and bring misunderstanding, e.g. there are several attacks successfully applied to Xen, VMware or other private clouds. It means an application domain that often excludes the public clouds in case of AWS and Azure. Some cases are not clear in according to the roles and responsibilities of cloud vendors and their customers. As it is not defined clearly, it makes uncertain whether the vendors should provide the customers any control opportunities; it leads to swapping responsibilities and shifting vendor job on to customer shoulders. The vendors address to their reports too much instead of providing the public details. It should be strong defined which controls are allowed to be available to the customers, which built and detailed in public documents, and the rest is covered by independent reports; ex. [Assignment: organization-defined frequency]. Any discrepancy must shift the security level from the highest to one level lower as it is in NIST. Other cases cover an announcement about compliance in alignment to certain standards on vendor side that is partially good and should be enhanced by independent analysis reports. It yields the technical details from Amazon and well-known statements multiplied with internal reports from Microsoft. CSA puts the cross references to other standards in their documents, that impact on complexity and lack of clarity in case of NIST. It makes very unobvious how the same controls related to each other and how general requirements correspond to clearly detailed requirements. Anyway, it makes a good showing to rely on differences of these requirements to improve the last and recreate new set to keep a comprehensive unity of cloud security that is signification part to remediate issues and enhance transparency of cloud controls on technical requirements more than it was according to industrial documents. Examination the following cloud solutions, such as Office365 with Cloud BES, AWS and Azure against other standards (CoBIT, NIST SP 800-53 rev.4 and ISO 27001 ’13) is a part of further research too. REFERENCES [1] “CSA The Notorious Nine Cloud Computing Top Threats in 2013” [Online resource: downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorio poss. None None poss. None None Y None None t.internal t.internal t.internal poss. p.internal p.internal Y None None Y None None poss. poss. poss. us_Nine_Cloud_Computing_Top_Threats_in_2013.pdf, Accessed 06March-2013] [2] Y. Chemerkin, “AWS Cloud Security from the point of view of the Compliance”, PenTest Magazine, Software Press Sp. z o.o. Sp. Komandytowa Warszawa, vol. 2 №10 Issue 10/2012 (12) ISSN 20841116, pp. 50-59, December 2012 [3] Y. Chemerkin, “Cloud Securtiy Analysis against the modern and old security standarts, regulation reccomendations”, draft (is going to be published in PenTest Magazine, Software Press Sp. z o.o. Sp. Komandytowa Warszawa in April-May [4] Y. Chemerkin, “Security compliance challenges on clouds”,Cyber Times International Journal of Technology & Management 2013, Vol. 6 Issue-1, ISSN No.: 2278-7518, March 2013 [5] A. Belenko, D. Sklyarov “Dark and Bright Sides of iCloud (In)security”, [Online resource: viaforensics.com/android-forensics/icloud-insecurityexamining-ios-data-backup-cloud.html, Accessed 01-March- 2013] [6] J. Medsger, A. Srinivasan, "ERASE- EntRopy-based SAnitization of SEnsitive Data for Privacy Preservation", The 7th International Conference for Internet Technology and Secured Transactions (ICITST2012), pp.427 – 432, December 2012 [7] J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, L. L. Iacono, "All Your Clouds are Belong to us – Security Analysis of Cloud Management Interfaces", 3rd ACM workshop on Cloud computing security workshop (CCSW), pp.3-14, October 2011 [8] “Reported SOAP Request Parsing Vulnerabilities”, [Online resource: aws.amazon.com/security/security-bulletins/reported-soap-requestparsing-vulnerabilities-reso/, Accessed 15-January-2013] [9] “Xen Security Advisories”, [Online resource: aws.amazon.com/security/security-bulletins/xen-security-advisories/, Accessed 15-January-2013] [10] “The most dangerous code in the world: validating SSL certificates in non-browser software”, 19th ACM Conference on Computer and Communications Security, pp.38-49, October 2012 [11] A. Abuhussein, H. Bedi, S. Shiva, “Evaluating Security and Privacy in Cloud Computing Services:A Stakeholder’s Perspective”, The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012), pp.388 – 395, December 2012 [12] Windows Azure Security Overview whitepaper, [Online resource: go.microsoft.com/?linkid=9740388, Accessed: 01-Februarry-2013] [13] CSA Cloud Controls Matrix v1.3” [Online resource: cloudsecurityalliance.org/research/cai/, Accessed 15-January-2013] [14] “CSA Consensus Assessments Initiative Questionnaire v1.1” [Online resource: cloudsecurityalliance.org/research/cai/, Accessed 15- Jan2013] [15] “CSA Consensus Assessments Initiative Questionnaire v1.1” / CSA Cloud Controls Matrix v1.3” [Online resource: https cloudsecurityalliance.org/wp-content/uploads/2012/03/Microsoft-AzureCAIQ-v1.1-2012-03-25.zip, Accessed 15-January-2013] [16] “Guidelines on Security and Privacy in Public Cloud Computing”, [Online resource: csrc.nist.gov/publications/nistpubs/800-144/SP800144.pdf, Accessed 04-February-2013] [17] “Cloud Computing Synopsis and Recommendations”, [Online resource: www.nist.gov/customcf/get_pdf.cfm?pub_id=911075, Accessed 04February -2013] [18] “Recommended Security Controls for Federal Information Systems and Organizations. Revision 3”, [Online resource: csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3final_updated-errata_05-01-2010.pdf, Accessed 04-February-2013] Copyright © i-Society 2013 Technical Co-Sponsored by IEEE Toronto Section 63
Baixar agora