4. 4
ابری رایانش:پنجم همگانی صنعت...FULLSTACKSECURITY
Application
Data
Runtime / API
Middleware
OS
Virtualization
Hypervisor
Networking
Storage
Server
Business /
Process
14. Cloud service
partner (CSN)
CSN:
Cloud
Auditor
CSN:
Cloud
service
developer
CSN:
Cloud
service
broker
Cloud service customer (CSC)
CSC: Service
Administer
and Security
CSC: Cloud
service user
CSC: Cloud
service
business
manager
CSC: Cloud
service
integrator
Cloud service provider (CSP)
CSP: Cloud
service
deployment
manager
CSP: Cloud
service
operations
manager
CSP: Cloud
service
manager
CSP: Cloud
service
business
manager
CSP: Inter-
cloud
provider
CSP: Customer
support and
care
representative
CSP: Service
security and
risk
manager
CSP:
Network
provider
ISO/IEC 17789: 2014
Cloud computing — Reference architecture
14
CSN:
Cloud
Auditor
CSP: Service
Security and
Risk
Manager
CSC: Service
Administer
and Security
FULLSTACKSECURITY
S
a
a
S
P
a
a
S
I
a
a
S
Application
Data
Runtime / API
Middleware
OS
Virtualization
Hypervisor
Networking
Storage
Server
Business /
Process
15. CSN:
Cloud
Auditor
CSP: Service
Security and
Risk
Manager
CSC: Service
Administer
and Security
16
Compliance Control
Regulatory Control
Privacy Impact
Encryption
Data at rest
/ in motion
Integrity Backup & Recovery
Policies
Change Management
Align Policies
& SLA
Risk Management Hardening
Compliance
Compatibility
Business Continuity
Monitoring &
Analysis
Vulnerabilities
Tenant Isolation
Personal & Physical
Security
IntegrationPrivacy & PII
Authorization &
Access Control
Network &
Communication
S
a
a
S
P
a
a
S
I
a
a
S
FULLSTACKSECURITY
Audit Interfaces
Assets and Inventory
Path & Update
Management
Authentication &
Identity Management
Application
Data
Runtime / API
Middleware
OS
Virtualization
Hypervisor
Networking
Storage
Server
Business /
Process
CSC: Cloud
Service
Customer
CSN:
Cloud
Auditor
CSP: Cloud
Service
Provider
18. مقررات تنظیم و نظارت
19
PaaSSaaSVisibility
&
Control
FULLSTACKSECURITY
Application
Data
Runtime / API
Middleware
OS
Virtualization
Hypervisor
Networking
Storage
Server
Business /
Process
19. HIPPA Compliant
انطباق و استانداردها رعایتامنیتی پذیری
ISMS ISO 27001
PCI DSS
SOC
FIPS
FedRAMP
...
20
Cloud Infrastructure
PCI Compliant
FULLSTACKSECURITY
Application
Data
Runtime / API
Middleware
OS
Virtualization
Hypervisor
Networking
Storage
Server
Business /
Process
20. کاری محکم مالحظات(Hardening)
•تصاویرمجازی ماشین(MI)الگوها و
•حذفدر کاربر دخالتسرویس استقرار
•استانداردهاامنیتی های محک و
•مختلف های الیه در امن های پیکربندی
•مختلف های درگاه بستن
•مختلف های الیه در رویداد ثبت و گیری گزارش
•میزبان سطح در آتش دیوارهای بکارگیری
•...
21
FULLSTACKSECURITY
Application
Data
Runtime / API
Middleware
OS
Virtualization
Hypervisor
Networking
Storage
Server
Business /
Process
24. ریسک مدیریت2009
25
Vendor Lock-in
Loss of Governance
Compliance Compatibility
Service Failure
Isolation Failure
Malicious Insider
•ها دارایی تحلیل
•ها ریسک تحلیل
•راهکار ارایه
25. ریسک مدیریت2012
26
Data protection
Loss of Governance
Malicious Insider / root access !
Risk from changes of jurisdiction
Management Interface Compromise
Isolation Failure
Insecure deletion of data
Subpoena
Compromise of Service Engine
Lock-in
26. 27
• Risk Analysis Case Study: Fax.ir
• Lock in
• Loss of Governance
• Supply chain failure
• Isolation Failure
• Malicious Insider
• Data leakage
• Insecure deletion of data
• DOS
28. Critical Research !
29
• Visit http://cvedetails.com/
• Visit http://cve.occc.ir/
• Find the vulnerabilities related to cloud and virtualization tools (KVM / Openstack / …)
• Select one of vulnerabilities and describe it in the class
29. TOP 10
StrategicTechnologyTrends
30
The Device Mesh
3D Printing
Materials
Ambient User
Experience
Autonomous Agents
andThings
Information of
Everything
Advanced Machine Learning
AdaptiveSecurity
Architecture
IoT Architecture
and Platforms
Advanced System
Architecture
Mesh App and
ServiceArchitecture
2016
Gartner, Oct 2015