6.1 基本属于与概念
IT安全措施旨在防御由于恶意的企图(malicious intent)和无心的用户错误(unintentional user error)造成的威胁(threat)和干扰(interference)。
6.1.1保密性(confidentiality)
是指事物只有被授权方才能访问的特性。
Confidentiality is the characteristic of something being made accessible only to authorized parties.
在云环境中,保密性主要是关于对传输和存储的数据进行访问限制的。
6.1.2完整性(integrity)
是指未被未授权方篡改的特性。
Integrity is the characteristic of not having been altered by an unauthorized party.
6.1.3真实性(authenticity)
是指事物是由经过授权的源提供的这一特性。
Authenticity is the characteristic of something having been provided by an authorized source.
这个概念包括不可否认性,也就是一方不能否认或质疑一次交互的真实性。
6.1.4可用性(availability)
是指在特定的时间段内可以访问和可以使用的特性。
Availability is the characteristic of being accessible and usable during a specified time period.
6.1.5威胁(threat)
是潜在的安全性违反,可以试图破坏隐私并/或导致危害,以此挑战防护。
A threat is a potential security violation that can challenge defenses in an attempt to breach privacy and/or cause harm.
6.1.6漏洞(vulnerability)
是一种可能被利用的弱点,可能是因为安全控制保护不够,也可能是因为攻击击败了现有的安全控制。
A vulnerability is a weakness that can be exploited either because it is protected by insufficient security controls, or because existing security controls are overcome by an attack.
6.1.7风险(risk)
是指执行一个行为带来损失或危害的可能性。
Risk is the possibility of loss or harm arising from performing an activity. Risk is typically measured according to its threat level and the number of possible or known vulnerabilities.
确定IT资源的风险的两个标准:
(1)威胁利用IT资源中漏洞的概率
(2)如果IT资源被损害,预期会造成的损失。
6.1.8安全控制
是用来预防或响应安全威胁以及降低或避免风险的对策。
Security controls are countermeasures used to prevent or respond to security threats and to reduce or avoid risk.
6.1.9安全机制
安全机制是构成保护IT资源、信息和服务的服务的防御框架的组成部分。
6.1.10安全策略
安全策略建立了一套安全规则和规章。
6.2威胁作用者
威胁作用者(threat agent)是引发威胁的实体,因为它能够实施攻击。
6.2.1 匿名攻击者(anonymous attacker)
匿名攻击者是云中没有权限、不被信任的云服务用户。通常是一个外部软件程序,通过公网发动网络攻击。
6.2.2恶意服务作用者(malicious service agent)
恶意服务作用者能截取并转发云内的网络流量。
6.2.3授信的攻击者(trusted attacker)
又称恶意的租户(malicious tenant)。
授权的攻击者与同一云环境中的云用户共享IT资源,试图利用合法的证书来把云提供者以及与他们共享IT资源的云租户作为攻击目标。
6.2.4恶意的内部人员(malicious insider)
是人为的威胁作用者,他们的行为代表云提供者或者与之有关。
通常是现任或前任的雇员,或者能够访问云提供者资源范围的第三方。
6.3云安全威胁
6.3.1流量窃听(traffic eavesdropping)
是指当数据在传输到云中或在云内部传输时被恶意的服务作用者被动的截获,用于非法的信息收集的目的。
这种攻击的目的就是直接破坏数据的保密性,也可能破坏了云用户和云提供者之间关系的保密性。
由于这种攻击被动的本质,这种攻击更容易长时间进行而不被发现。
6.3.2恶意媒介(malicious intermediary)
恶意媒介威胁是指信息被恶意服务作用者截获并且被篡改,因此可能会被破坏信息的保密性和完整性。
6.3.3拒绝服务
拒绝服务(DoS)攻击的目标是使IT资源过载至无法正确运行。
6.3.4授权不足
授权不足攻击是指错误地授予攻击者访问权限或者授权太宽泛,导致攻击者能够访问到本应该受到保护的IT资源。
6.3.5虚拟化攻击
虚拟化攻击利用的是虚拟化平台中的漏洞来危害虚拟化平台的保密性、完整性和可用性。
虚拟化攻击利用的是虚拟化环境中的漏洞,获得了对底层物理硬件未被授权的访问。
A virtualization attack exploits vulnerabilities within virtualized environments to gain unauthorized access to underlying physical hardware.
6.3.6信任边界重叠
如果云中的物理IT资源是由不同的云服务用户共享的,那么这些云服务用户的信任边界是重叠的。
重叠的信任边界潜藏了一种威胁,攻击者可以利用多个云用户共享的、基于云的IT资源。
Overlapping trust boundaries represent a threat whereby attackers can exploit cloud-based IT resources shared by multiple cloud consumers.
6.4其他考量
6.4.1有缺陷的实现
云服务部署不合规范的设计,实现或配置会有不利的后果,而不仅仅是运行时的异常和失效。
6.4.2安全策略不一致
当云用户把IT资源放到公有云提供者那里时,就需要接受云提供者提供的信息安全方法与传统的方法可能会不完全相同,甚至不相似。
6.4.3合约(Contrast)
6.4.4风险管理(Risk Management)
主要的工作:
(1)风险评估(risk assessment)
(2)风险处理(risk treatment)
(3)风险控制(risk control)
关键点总结:
(1)保密性、完整性、真实性和可用性是可以与衡量安全性相关联的特性。
(2)威胁、漏洞和风险是与衡量和评估不安全性或安全性缺乏相关联的。
(3)安全控制、机制和策略是与建立支持改进安全性的对策和保护测试相关联的。
(4)匿名攻击者是不被信任的威胁攻击者,通常试图从云外界的外部进行攻击。
(5)恶意服务作用者截取网络通信,试图恶意的篡改或使用数据。
(6)授权的攻击者是经过授权的云服务用户,具有合法的证书,他们会使用这些证书来访问基于云的IT资源。
(7)恶意的内部人员是试图滥用对云资源范围的访问特权的人。
(8)流量窃听和恶意媒介攻击通常是由截取网络流量的恶意服务作用者实施的。
(9)拒绝服务攻击的发生是当目标IT资源由于请求过多而负载过重,这些请求意在使IT资源性能陷于瘫痪或不可用。授权不足攻击是指错误地授予了攻击者访问权限或是权限太宽泛,或是使用了弱密码。
(10)虚拟化攻击利用的是虚拟化环境中的漏洞,获得了对底层物理硬件未被授权的访问。重叠的信任边界潜藏了一种威胁,攻击者可以利用多个云用户共享的、基于云的IT资源。
(11)云用户需要意识到,部署有缺陷的基于云的解决方案可能会引入安全风险。
(12)在选择云提供厂商时,理解云提供者如何定义和强加所有权,以及可能的不兼容的云安全策略,是形成评估标准的关键部分。
(13)在云用户和云提供者签署的法律协议中,需要明确定义和互相理解对潜在的安全泄露的责任、免责和责问。
(14)对于云用户来说,在理解具体针对某个特定云环境的安全相关的可能的问题之后,对识别出的风险进行相应的评估是很重要的。
典型例题:
一、判断题
1. Authenticity is the characteristic of something being made accessible only to authorized parties. ( F )
(Confidentiality is the characteristic of something being made accessible only to authorized parties.)
2. Integrity is the characteristic of not having been altered by an unauthorized party. ( T )
3. Confidentiality is the characteristic of something having been provided by an authorized source. ( F )
(Authenticity is the characteristic of something having been provided by an authorized source.)
4. Availability is the characteristic of being accessible and usable during all time period. ( F )
( Availability is the characteristic of being accessible and usable during a specified time period.)
5. A threat is a potential security violation that can challenge defenses in an attempt to breach privacy and/or cause harm. ( T )
6. A vulnerability is a weakness that can be exploited either because it is protected by insufficient security controls, or because existing security controls are overcome by an attack. ( T )
7. Risk is the possibility of loss or harm arising from performing an activity. Risk is typically measured according to its threat level and the number of possible or known vulnerabilities. ( T )
8. Security policies are countermeasures used to prevent or respond to security threats and to reduce or avoid risk.
( F )
(Security controls are countermeasures used to prevent or respond to security threats and to reduce or avoid risk. )
9. A virtualization attack exploits vulnerabilities within physical environments to gain unauthorized access to underlying physical hardware. ( F )
(A virtualization attack exploits vulnerabilities within virtualized environments to gain unauthorized access to underlying physical hardware.)
10. Overlapping trust boundaries represent a threat whereby attackers can exploit cloud-based IT resources shared by multiple cloud consumers. ( T )
二、选择题
1. Confidentiality, integrity, authenticity, and availability are characteristics that can be associated with A .
A. measuring security B. measuring and assessing insecurity
C. establishing countermeasures and safeguards D.all
2. D are associated with measuring and assessing insecurity, or the lack of security.
A.Threats B.Vulnerabilities C. Risks D.all
3. D are associated with establishing countermeasures and safeguards in support of improving security.
A.Security controls B. Security mechanisms C. Security policies D.all
4. D is a non-trusted threat agent that usually attempts attacks from outside of a cloud’s boundary.
A. A malicious insider B. A trusted attacker
C. A malicious service agent D. An anonymous attacker
5. C intercepts network communication in an attempt to maliciously use or augment the data.
A. A malicious insider B. A trusted attacker
C. A malicious service agent D. An anonymous attacker
6. B exists as an authorized cloud service consumer with legitimate credentials that it uses to exploit access to cloud-based IT resources.
A. A malicious insider B. A trusted attacker
C. A malicious service agent D. An anonymous attacker
7. A is a human that attempts to abuse access privileges to cloud premises.
A. A malicious insider B. A trusted attacker
C. A malicious service agent D. An anonymous attacker
8. Traffic eavesdropping and malicious intermediary attacks are usually carried out by C that intercept network traffic.
A. malicious insiders B. trusted attackers
C. malicious service agents D. anonymous attackers
9. A A attack occurs when a targeted IT resource is overloaded with requests in an attempt to cripple or render it unavailable.
A. denial of service B. traffic eavesdropping
C. malicious intermediary D. insufficient authorization
10.The D attack occurs when access is granted to an attacker erroneously or too broadly, or when weak passwords are used.
A. denial of service B. traffic eavesdropping
C. malicious intermediary D. insufficient authorization
简答题:
1. About the threat agents. ( 8 points )
a) What is a threat agent ?( 2 points )
A threat agent is an entity that poses a threat because it is capable of carrying out an attack.
b) fill in the table. ( 6 points )
|
threat agent |
Defintion |
|
An anonymous attacke |
is a non-trusted threat agent that usually attempts attacks from outside of a cloud’s boundary
|
|
A malicious service agent |
Is able to intercept and forward the network traffic that flows within a cloud.
|
|
A trust attacker |
shares IT resources in the same cloud environment as the cloud consumer and attempts to exploit legitimate credentials to target cloud providers and the cloud tenants with whom they share IT resources |
|
Malicious insiders |
are human threat agents acting on behalf of or in relation to the cloud provider. |
2. When does the following cloud security threat occur?( 8 points )
a) Traffic eavesdropping
occurs when data being transferred to or within a cloud is passively intercepted by a malicious service agent for illegitimate information gathering purposes.
b) Malicious intermediary threat
arises when message are intercepted and altered by a malicious service agent
c) Denial of service (DoS) attack
occurs when a targeted IT resource is overloaded to the point where they cannot function properly.
0 条评论