{"title":"分析推荐的云安全控制以验证OpenPMF“策略即服务”","authors":"Ulrich Lang , Rudolf Schreiner","doi":"10.1016/j.istr.2011.08.001","DOIUrl":null,"url":null,"abstract":"<div><p>This paper describes some of the findings of a cloud research project the authors carried out in Q2/2011. As part of the project, the authors first identified security concerns related to cloud computing, and gaps in cloud-related standards/regulations. The authors then identified several hard-to-implement, but highly cloud-relevant, security requirements in numerous cloud (and non-cloud) regulations and guidance documents, especially related to “least privilege”, “information flow control”, and “incident monitoring/auditing/analysis”. Further study revealed that there are significant cloud technology gaps in cloud (and non-cloud) platforms, which make it difficult to effectively implement those security policy requirements. The project concluded that model-driven security policy automation offered as a cloud service and tied into the protected cloud platform is ideally suited to achieve correct, consistent, low-effort/cost policy implementation for cloud applications.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 3","pages":"Pages 131-141"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.08.001","citationCount":"11","resultStr":"{\"title\":\"Analysis of recommended cloud security controls to validate OpenPMF “policy as a service”\",\"authors\":\"Ulrich Lang , Rudolf Schreiner\",\"doi\":\"10.1016/j.istr.2011.08.001\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>This paper describes some of the findings of a cloud research project the authors carried out in Q2/2011. As part of the project, the authors first identified security concerns related to cloud computing, and gaps in cloud-related standards/regulations. The authors then identified several hard-to-implement, but highly cloud-relevant, security requirements in numerous cloud (and non-cloud) regulations and guidance documents, especially related to “least privilege”, “information flow control”, and “incident monitoring/auditing/analysis”. Further study revealed that there are significant cloud technology gaps in cloud (and non-cloud) platforms, which make it difficult to effectively implement those security policy requirements. The project concluded that model-driven security policy automation offered as a cloud service and tied into the protected cloud platform is ideally suited to achieve correct, consistent, low-effort/cost policy implementation for cloud applications.</p></div>\",\"PeriodicalId\":100669,\"journal\":{\"name\":\"Information Security Technical Report\",\"volume\":\"16 3\",\"pages\":\"Pages 131-141\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1016/j.istr.2011.08.001\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Security Technical Report\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S136341271100046X\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Security Technical Report","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S136341271100046X","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Analysis of recommended cloud security controls to validate OpenPMF “policy as a service”
This paper describes some of the findings of a cloud research project the authors carried out in Q2/2011. As part of the project, the authors first identified security concerns related to cloud computing, and gaps in cloud-related standards/regulations. The authors then identified several hard-to-implement, but highly cloud-relevant, security requirements in numerous cloud (and non-cloud) regulations and guidance documents, especially related to “least privilege”, “information flow control”, and “incident monitoring/auditing/analysis”. Further study revealed that there are significant cloud technology gaps in cloud (and non-cloud) platforms, which make it difficult to effectively implement those security policy requirements. The project concluded that model-driven security policy automation offered as a cloud service and tied into the protected cloud platform is ideally suited to achieve correct, consistent, low-effort/cost policy implementation for cloud applications.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
