6. Cloud Mobile Social
Looking at it now, putting
my comments inline
I uploaded the draft– are
you ready to review?
I see your feedback,
working on it now
Thanks
0100110001101111011100100110010101101101001
0000001101001011100000111001101110101011011
0100100000011001000110111101101100011011110
1110010001000000111001101101001011101000010
0000011000010110110101100101011101000010110
0001000000110001101101111011011100111001101
1001010110001101110100011001010111010001110
1010111001000100000011000010110010001101001
0111000001101001011100110110001101101001011
0111001100111001000000110010101101100011010
0101110100001011100010000001010000011001010
1101100011011000110010101101110011101000110
0101011100110111000101110101011001010010000
0011001000110100101100011011101000111010101
1011010010110000100000011000010111001001100
0110111010100100000011000010111010000100000
0110110001101111011000100110111101110010011
1010001101001011100110010000001110110011101
0101101100011100000111010101110100011000010
1110100011001010010110000100000011100000111
0101011100100111010101110011001000000110010
Big data
テクノロジーの急速な進展
14. 1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
• Concept
• Melissa
• I LOVE YOU• SolarSunrise
• DDoS on DNS root
• MyDoom
•NetSky
•Bagle
Client-server/PC-LAN Internet
Computer Crimes
Protocol Weaknesses/Remote Buffer overflow
• SPAM Mails
• Spyware
• Phishing proliferated
Cyber Crimes
• WiityWorm• Agobot
• Sobig
• Yahoo DDoS
• Linux
• MOSAIC
• Net BSD
•Free BSD
•NetWare
• Targeted Attack
• Huge Data Leak
•Mac OS-X
• JP Gov. HP
• AT&T Janes
•IIJ
• ADSL• テレホーダイ
• Ping of Death
• Yahoo
•eBay
• Google
• Winny • Winny Incident
• Brown orifice
• Attacks for JP Soft
Virus via Media
• INN/phf
• Back Orifice
• statd,named,popd
•DDoS tools
Broad band Network
Virus via E-Mail
Worm communizationWorm in the wild
Document / Local BO
• Netscape
• Virus Creation Laboratory
• Michelangelo
• Netcat
• YouTube
• Skype
• Amazon
• mySpace
• mixi
• Blog
• First SPAM
• Java
• JavaScript
• Real Player• PDF
• Little Black Book
• Windows 3.0 • Windows 95 • Windows 98
•NT3.1 • NT 4.0 •Win 2000
•Win XP SP2 •Win Vista
•Win Server 2003
•Win XP
•Win Server 2008
•Internet Explorer
• Sasser
ADHOC /Product/Marketing
TwC (Trustworthy Computing)
STF
W2K
Pen-
testPREfix
XPPREfast
.NET
MSRC (secure@microsoft.com)
2003
SWI(Secure Windows Initiative)
• Slammer
• Blaster
SDL
Security Development Lifecycle
OF2003
SQL2K3
EXC2K-3
Etc..
Single User OS
Multi User OS
MSRC
• secure@Microsoft
• Windows Update
• メディア対応の一本化
STF: 有益な知見を得るが実施されず
SD3+C
WS2K: 多数のセキュリティ機能を実装、
しかしバグの多さが問題
SWI: 製品部門の教育、設計とコードレ
ビュー、問題の修正
Ship Stopper
XP: 魚を釣る代りに釣り方を教える
Security Day/Bug bash
.NET: First Security Push
W2K3: 8500人の開発を停止
良好な状態での出荷
1年以上の出荷遅れ
毎週水曜にセキュリティ更新
(2002年5月)
毎月第二火曜にセキュリティ更新
(2003年11月)
SDL: Ad hocからエンジニアリングへ
全ての製品がSDL必須に
年に二回、SDLを更新
• CodeRed
• Nimda
SecurityPush
+FinalSecurityReview
15. クラウドのセキュリティ
セキュリティ
Secure development, operations, and threat
mitigation practices provide a trusted
foundation
プライバシ
Unmatched legal commitments govern data
privacy, access, and use
コンプライアンス
Independent audits demonstrate compliance
with a broad range of regulatory standards
ISO/IEC
27018:2014
ISO/IEC 27001/
27002:2013
SOC 1 SOC 2
FIPS 140-2
FERPA
FedRAMPDefense Information
Systems Agency L2
Criminal Justice
Information
Services (CJIS)
HIPAA /
HITECH
Cloud Security Alliance
(CSA) Cloud Controls
Matrix (CCM)
Australian Signals
Directorate I-RAP
Assessment
FDA Code of Federal
Regulations (CFR)
Title 21 Part 11
FIPS 140-2
Center for Financial
Industry Information
Systems
Singapore
MTCS SS Tier 3
New Zealand Government
Chief Information Officer
(NZ GCIO)
United Kingdom
G-Cloud
PCI DSS L1 version 3
The Content Delivery
and Security
Association (CDSA)
Department of Defense
(DoD) Information
Assurance Certification
and Accreditation
Process
DIACAP