6.1. Fundamental Cloud Security ( Basic Terms and Concepts )

6.1. Basic Terms and Concepts

Information security is a complex ensemble of techniques, technologies,regulations, and behaviors that collaboratively protect the integrity of and access to computer systems and data.
IT security measures aim to defend against threats and interference that arise from both malicious intent and unintentional user error.
The upcoming sections define fundamental security terms relevant to cloud computing and describe associated concepts.

1.Confidentiality
Confidentiality is the characteristic of something being made accessible only to authorized parties.
Within cloud environments, confidentiality primarily pertains to restricting access to data in transit and storage.
The message issued by the cloud consumer to the cloud service is considered confidential only if it is not accessed or read by an unauthorized party.

Figure 6.1. The message issued by the cloud consumer to the cloud service is considered confidential only if it is not accessed or read by an unauthorized party.

2.Integrity
Integrity is the characteristic of not having been altered by an unauthorized party.
An important issue that concerns data integrity in the cloud is whether a cloud consumer can be guaranteed that the data it transmits to a cloud service matches the data received by that cloud service.
Integrity can extend to how data is stored, processed, and retrieved by cloud services and cloud-based IT resources.
The message issued by the cloud consumer to the cloud service is considered to have integrity if it has not been altered.
Figure 6.2. The message issued by the cloud consumer to the cloud service is considered to have integrity if it has not been altered

3.Authenticity
Authenticity is the characteristic of something having been provided by an authorized source.
This concept encompasses non-repudiation, which is the inability of a party to deny or challenge the authentication of an interaction.
Authentication in non-repudiable interactions provides proof that these interactions are uniquely linked to an authorized source.
For example, a user may not be able to access a non-repudiable file after its receipt without also generating a record of this access.

4.Availability
Availability is the characteristic of being accessible and usable during a specified time period.
In typical cloud environments, the availability of cloud services can be a responsibility that is shared by the cloud provider and the cloud carrier.
The availability of a cloud-based solution that extends to cloud service consumers is further shared by the cloud consumer.

5.Threat
A threat is a potential security violation that can challenge defenses in an attempt to breach privacy and/or cause harm.
Both manually and automatically instigated threats are designed to exploit known weaknesses, also referred to as vulnerabilities.
A threat that is carried out results in an attack.

6.Vulnerability
A vulnerability is a weakness that can be exploited either because it is protected by insufficient security controls, or because existing security controls are overcome by an attack.
IT resource vulnerabilities can have a range of causes,including configuration deficiencies, security policy weaknesses, user errors, hardware or firmware flaws, software bugs, and poor security architecture.

7.Risk
Risk is the possibility of loss or harm arising from performing an activity.
Risk is typically measured according to its threat level and the number of possible or known vulnerabilities.

Two metrics that can be used to determine risk for an IT resource are:
• the probability of a threat occurring to exploit vulnerabilities in the IT resource
• the expectation of loss upon the IT resource being compromised
8.Security Controls
Security controls are countermeasures used to prevent or respond to security threats and to reduce or avoid risk.
Details on how to use security countermeasures are typically outlined in the security policy, which contains a set of rules and practices specifying how to implement a system, service, or security plan for maximum protection of sensitive and critical IT resources.

9.Security Mechanisms
Countermeasures are typically described in terms of security mechanisms, which are components comprising a defensive framework that protects IT resources, information, and services.
10.Security Policies A security policy establishes a set of security rules and regulations.
Often,security policies will further define how these rules and regulations are implemented and enforced.
For example, the positioning and usage of security controls and mechanisms can be determined by security policies.

Comments

Post a Comment

Popular posts from this blog

Load Data From Excel To Grid View in Asp.net C#

Image
Load Data From Excel To Grid View in Asp.net C# This is very easy to load data from excel sheet to grid view in asp.net web page using c#. In this tutorial you can learn how to Load excel sheet data to Grid View easily using asp.net C# code. This tutorial also covers how to get data from any excel file to Grid View dynamically in c# using file Upload control. Follow this steps 1. Create an asp.net project. 2. design asp.net page with file Upload, button control and a Grid View control. 3. create an excel connection string in the web config file. 4. Write code to load data from excel sheet to Grid View asp.net using C#. code:- using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.IO; using System.Collections; using System.Configuration; using System.Data.OleDb; using System.Data; public partial class _Default : System.Web.UI.Page {     protected void Page_Load(...
Read more

Advance Web Programming | TYIT | Mumbai University | Practical 1A | Product of 4 Value

Image
Advance Web Programming | TYIT | Mumbai University | Practical 1A | Product of 4 Value ASP.net Design :- csharp Code :- #using System; namespace WebApplicationpractical1 { public partial class WebForm1practical1A : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void Button1_Click(object sender, EventArgs e) { int value1, value2, value3, value4, Product; value1 = Convert.ToInt32( TextBoxvalue1.Text); value2 = Convert.ToInt32( TextBoxvalue2.Text); value3 = Convert.ToInt32( TextBoxvalue3.Text); value4 = Convert.ToInt32( TextBoxvalue4.Text); Product = value1 * value2 * value3 * value4; FinalProduct.Text = Product.ToString(); } } }
Read more

10.5. Identity and Access Management (IAM) in Cloud Computing

Image
10.5. Identity and Access Management (IAM) The identity and access management (IAM) mechanism encompasses the components and policies necessary to control and track user identities and access privileges for IT resources, environments, and systems. Specifically, IAM mechanisms exist as systems comprised of four main components: • Authentication – Username and password combinations remain the most common forms of user authentication credentials managed by the IAM system, which also can support digital signatures, digital certificates, biometric hardware (fingerprint readers), specialized software (such as voice analysis programs), and locking user accounts to registered IP or MAC addresses. • Authorization – The authorization component defines the correct granularity for access controls and oversees the relationships between identities, access control rights, and IT resource availability. • User Management – Related to the administrative capabilities of the system, the user manag...
Read more