{"id":386,"date":"2018-06-22T11:06:46","date_gmt":"2018-06-22T03:06:46","guid":{"rendered":"http:\/\/www.sniper97.cn\/?p=386"},"modified":"2018-06-22T11:06:46","modified_gmt":"2018-06-22T03:06:46","slug":"%e7%ac%ac%e5%85%ad%e7%ab%a0-%e5%9f%ba%e6%9c%ac%e4%ba%91%e5%ae%89%e5%85%a8","status":"publish","type":"post","link":"http:\/\/www.sniper97.cn\/index.php\/note\/cloud-computing-concepts%ef%bc%8ctechnology-and-architecture\/386\/","title":{"rendered":"\u7b2c\u516d\u7ae0 \u57fa\u672c\u4e91\u5b89\u5168"},"content":{"rendered":"

6.1 \u57fa\u672c\u5c5e\u4e8e\u4e0e\u6982\u5ff5<\/h2>\n

IT\u5b89\u5168\u63aa\u65bd\u65e8\u5728\u9632\u5fa1\u7531\u4e8e\u6076\u610f\u7684\u4f01\u56fe(malicious intent)<\/strong>\u548c\u65e0\u5fc3\u7684\u7528\u6237\u9519\u8bef\uff08unintentional user error\uff09<\/strong>\u9020\u6210\u7684\u5a01\u80c1\uff08threat\uff09<\/strong>\u548c\u5e72\u6270\uff08interference<\/strong>\uff09\u3002<\/p>\n

6.1.1\u4fdd\u5bc6\u6027\uff08confidentiality\uff09<\/h3>\n

\u662f\u6307\u4e8b\u7269\u53ea\u6709\u88ab\u6388\u6743\u65b9\u624d\u80fd\u8bbf\u95ee\u7684\u7279\u6027\u3002
\nConfidentiality \u00a0is the characteristic of something being made accessible only to authorized parties.<\/b>
\n\u5728\u4e91\u73af\u5883\u4e2d\uff0c\u4fdd\u5bc6\u6027\u4e3b\u8981\u662f\u5173\u4e8e\u5bf9\u4f20\u8f93\u548c\u5b58\u50a8\u7684\u6570\u636e\u8fdb\u884c\u8bbf\u95ee\u9650\u5236\u7684\u3002<\/p>\n

6.1.2\u5b8c\u6574\u6027\uff08integrity\uff09<\/h3>\n

\u662f\u6307\u672a\u88ab\u672a\u6388\u6743\u65b9\u7be1\u6539\u7684\u7279\u6027\u3002
\nIntegrity\u00a0is the characteristic of not having been altered by an unauthorized party.\u00a0\u00a0<\/strong><\/p>\n

6.1.3\u771f\u5b9e\u6027\uff08authenticity\uff09<\/h3>\n

\u662f\u6307\u4e8b\u7269\u662f\u7531\u7ecf\u8fc7\u6388\u6743\u7684\u6e90\u63d0\u4f9b\u7684\u8fd9\u4e00\u7279\u6027\u3002
\nAuthenticity \u00a0is the characteristic of something having been provided by an authorized source.<\/b>
\n\u8fd9\u4e2a\u6982\u5ff5\u5305\u62ec\u4e0d\u53ef\u5426\u8ba4\u6027\uff0c\u4e5f\u5c31\u662f\u4e00\u65b9\u4e0d\u80fd\u5426\u8ba4\u6216\u8d28\u7591\u4e00\u6b21\u4ea4\u4e92\u7684\u771f\u5b9e\u6027\u3002<\/p>\n

6.1.4\u53ef\u7528\u6027\uff08availability\uff09<\/h3>\n

\u662f\u6307\u5728\u7279\u5b9a\u7684\u65f6\u95f4\u6bb5\u5185\u53ef\u4ee5\u8bbf\u95ee\u548c\u53ef\u4ee5\u4f7f\u7528\u7684\u7279\u6027\u3002
\n\u00a0Availability\u00a0is the characteristic of being accessible and usable during a specified time period.<\/b><\/p>\n

6.1.5\u5a01\u80c1\uff08threat\uff09<\/h3>\n

\u662f\u6f5c\u5728\u7684\u5b89\u5168\u6027\u8fdd\u53cd\uff0c\u53ef\u4ee5\u8bd5\u56fe\u7834\u574f\u9690\u79c1\u5e76\/\u6216\u5bfc\u81f4\u5371\u5bb3\uff0c\u4ee5\u6b64\u6311\u6218\u9632\u62a4\u3002
\n A\u00a0threat\u00a0is a potential security violation that can challenge defenses in an attempt to breach privacy and\/or cause harm.<\/strong><\/p>\n

6.1.6\u6f0f\u6d1e\uff08vulnerability\uff09<\/h3>\n

\u662f\u4e00\u79cd\u53ef\u80fd\u88ab\u5229\u7528\u7684\u5f31\u70b9\uff0c\u53ef\u80fd\u662f\u56e0\u4e3a\u5b89\u5168\u63a7\u5236\u4fdd\u62a4\u4e0d\u591f\uff0c\u4e5f\u53ef\u80fd\u662f\u56e0\u4e3a\u653b\u51fb\u51fb\u8d25\u4e86\u73b0\u6709\u7684\u5b89\u5168\u63a7\u5236\u3002
\nA\u00a0vulnerability\u00a0is a weakness that can be exploited either because it is protected by insufficient security controls, or because existing security controls are overcome by an attack.<\/strong><\/p>\n

6.1.7\u98ce\u9669\uff08risk\uff09<\/h3>\n

\u662f\u6307\u6267\u884c\u4e00\u4e2a\u884c\u4e3a\u5e26\u6765\u635f\u5931\u6216\u5371\u5bb3\u7684\u53ef\u80fd\u6027\u3002
\n\u00a0Risk\u00a0is the possibility of loss or harm arising from performing an activity. Risk is typically measured according to its threat level and the number of possible or known vulnerabilities.<\/strong>
\n\u786e\u5b9aIT\u8d44\u6e90\u7684\u98ce\u9669\u7684\u4e24\u4e2a\u6807\u51c6\uff1a
\n\uff081\uff09\u5a01\u80c1\u5229\u7528IT\u8d44\u6e90\u4e2d\u6f0f\u6d1e\u7684\u6982\u7387
\n\uff082\uff09\u5982\u679cIT\u8d44\u6e90\u88ab\u635f\u5bb3\uff0c\u9884\u671f\u4f1a\u9020\u6210\u7684\u635f\u5931\u3002<\/p>\n

6.1.8\u5b89\u5168\u63a7\u5236<\/h3>\n

\u662f\u7528\u6765\u9884\u9632\u6216\u54cd\u5e94\u5b89\u5168\u5a01\u80c1\u4ee5\u53ca\u964d\u4f4e\u6216\u907f\u514d\u98ce\u9669\u7684\u5bf9\u7b56\u3002
\nSecurity controls are countermeasures used to prevent or respond to security threats and to reduce or avoid risk.<\/b><\/p>\n

6.1.9\u5b89\u5168\u673a\u5236<\/h3>\n

\u5b89\u5168\u673a\u5236\u662f\u6784\u6210\u4fdd\u62a4IT\u8d44\u6e90\u3001\u4fe1\u606f\u548c\u670d\u52a1\u7684\u670d\u52a1\u7684\u9632\u5fa1\u6846\u67b6\u7684\u7ec4\u6210\u90e8\u5206\u3002<\/p>\n

6.1.10\u5b89\u5168\u7b56\u7565<\/h3>\n

\u5b89\u5168\u7b56\u7565\u5efa\u7acb\u4e86\u4e00\u5957\u5b89\u5168\u89c4\u5219\u548c\u89c4\u7ae0\u3002
\n <\/p>\n

6.2\u5a01\u80c1\u4f5c\u7528\u8005<\/h2>\n

\u5a01\u80c1\u4f5c\u7528\u8005\uff08threat agent\uff09\u662f\u5f15\u53d1\u5a01\u80c1\u7684\u5b9e\u4f53\uff0c\u56e0\u4e3a\u5b83\u80fd\u591f\u5b9e\u65bd\u653b\u51fb\u3002<\/p>\n

6.2.1 \u533f\u540d\u653b\u51fb\u8005\uff08anonymous attacker\uff09<\/h4>\n

\u533f\u540d\u653b\u51fb\u8005\u662f\u4e91\u4e2d\u6ca1\u6709\u6743\u9650\u3001\u4e0d\u88ab\u4fe1\u4efb\u7684\u4e91\u670d\u52a1\u7528\u6237\u3002\u901a\u5e38\u662f\u4e00\u4e2a\u5916\u90e8\u8f6f\u4ef6\u7a0b\u5e8f\uff0c\u901a\u8fc7\u516c\u7f51\u53d1\u52a8\u7f51\u7edc\u653b\u51fb\u3002<\/p>\n

6.2.2\u6076\u610f\u670d\u52a1\u4f5c\u7528\u8005\uff08malicious service agent\uff09<\/h4>\n

\u6076\u610f\u670d\u52a1\u4f5c\u7528\u8005\u80fd\u622a\u53d6\u5e76\u8f6c\u53d1\u4e91\u5185\u7684\u7f51\u7edc\u6d41\u91cf\u3002<\/p>\n

6.2.3\u6388\u4fe1\u7684\u653b\u51fb\u8005\uff08trusted attacker\uff09<\/h4>\n

\u53c8\u79f0\u6076\u610f\u7684\u79df\u6237\uff08malicious tenant\uff09\u3002
\n\u6388\u6743\u7684\u653b\u51fb\u8005\u4e0e\u540c\u4e00\u4e91\u73af\u5883\u4e2d\u7684\u4e91\u7528\u6237\u5171\u4eabIT\u8d44\u6e90\uff0c\u8bd5\u56fe\u5229\u7528\u5408\u6cd5\u7684\u8bc1\u4e66\u6765\u628a\u4e91\u63d0\u4f9b\u8005\u4ee5\u53ca\u4e0e\u4ed6\u4eec\u5171\u4eabIT\u8d44\u6e90\u7684\u4e91\u79df\u6237\u4f5c\u4e3a\u653b\u51fb\u76ee\u6807\u3002<\/p>\n

6.2.4\u6076\u610f\u7684\u5185\u90e8\u4eba\u5458\uff08malicious insider\uff09<\/h4>\n

\u662f\u4eba\u4e3a\u7684\u5a01\u80c1\u4f5c\u7528\u8005\uff0c\u4ed6\u4eec\u7684\u884c\u4e3a\u4ee3\u8868\u4e91\u63d0\u4f9b\u8005\u6216\u8005\u4e0e\u4e4b\u6709\u5173\u3002
\n\u901a\u5e38\u662f\u73b0\u4efb\u6216\u524d\u4efb\u7684\u96c7\u5458\uff0c\u6216\u8005\u80fd\u591f\u8bbf\u95ee\u4e91\u63d0\u4f9b\u8005\u8d44\u6e90\u8303\u56f4\u7684\u7b2c\u4e09\u65b9\u3002
\n <\/p>\n

6.3\u4e91\u5b89\u5168\u5a01\u80c1<\/h2>\n

6.3.1\u6d41\u91cf\u7a83\u542c\uff08traffic eavesdropping\uff09<\/h4>\n

\u662f\u6307\u5f53\u6570\u636e\u5728\u4f20\u8f93\u5230\u4e91\u4e2d\u6216\u5728\u4e91\u5185\u90e8\u4f20\u8f93\u65f6\u88ab\u6076\u610f\u7684\u670d\u52a1\u4f5c\u7528\u8005\u88ab\u52a8\u7684\u622a\u83b7\uff0c\u7528\u4e8e\u975e\u6cd5\u7684\u4fe1\u606f\u6536\u96c6\u7684\u76ee\u7684\u3002
\n\u8fd9\u79cd\u653b\u51fb\u7684\u76ee\u7684\u5c31\u662f\u76f4\u63a5\u7834\u574f\u6570\u636e\u7684\u4fdd\u5bc6\u6027\uff0c\u4e5f\u53ef\u80fd\u7834\u574f\u4e86\u4e91\u7528\u6237\u548c\u4e91\u63d0\u4f9b\u8005\u4e4b\u95f4\u5173\u7cfb\u7684\u4fdd\u5bc6\u6027\u3002
\n\u7531\u4e8e\u8fd9\u79cd\u653b\u51fb\u88ab\u52a8\u7684\u672c\u8d28\uff0c\u8fd9\u79cd\u653b\u51fb\u66f4\u5bb9\u6613\u957f\u65f6\u95f4\u8fdb\u884c\u800c\u4e0d\u88ab\u53d1\u73b0\u3002<\/p>\n

6.3.2\u6076\u610f\u5a92\u4ecb\uff08malicious intermediary\uff09<\/h4>\n

\u6076\u610f\u5a92\u4ecb\u5a01\u80c1\u662f\u6307\u4fe1\u606f\u88ab\u6076\u610f\u670d\u52a1\u4f5c\u7528\u8005\u622a\u83b7\u5e76\u4e14\u88ab\u7be1\u6539\uff0c\u56e0\u6b64\u53ef\u80fd\u4f1a\u88ab\u7834\u574f\u4fe1\u606f\u7684\u4fdd\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u3002<\/p>\n

6.3.3\u62d2\u7edd\u670d\u52a1<\/h4>\n

\u62d2\u7edd\u670d\u52a1\uff08DoS\uff09\u653b\u51fb\u7684\u76ee\u6807\u662f\u4f7fIT\u8d44\u6e90\u8fc7\u8f7d\u81f3\u65e0\u6cd5\u6b63\u786e\u8fd0\u884c\u3002<\/p>\n

6.3.4\u6388\u6743\u4e0d\u8db3<\/h4>\n

\u6388\u6743\u4e0d\u8db3\u653b\u51fb\u662f\u6307\u9519\u8bef\u5730\u6388\u4e88\u653b\u51fb\u8005\u8bbf\u95ee\u6743\u9650\u6216\u8005\u6388\u6743\u592a\u5bbd\u6cdb\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u80fd\u591f\u8bbf\u95ee\u5230\u672c\u5e94\u8be5\u53d7\u5230\u4fdd\u62a4\u7684IT\u8d44\u6e90\u3002<\/p>\n

6.3.5\u865a\u62df\u5316\u653b\u51fb<\/h4>\n

\u865a\u62df\u5316\u653b\u51fb\u5229\u7528\u7684\u662f\u865a\u62df\u5316\u5e73\u53f0\u4e2d\u7684\u6f0f\u6d1e\u6765\u5371\u5bb3\u865a\u62df\u5316\u5e73\u53f0\u7684\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002
\n\u865a\u62df\u5316\u653b\u51fb\u5229\u7528\u7684\u662f\u865a\u62df\u5316\u73af\u5883\u4e2d\u7684\u6f0f\u6d1e\uff0c\u83b7\u5f97\u4e86\u5bf9\u5e95\u5c42\u7269\u7406\u786c\u4ef6\u672a\u88ab\u6388\u6743\u7684\u8bbf\u95ee\u3002<\/span><\/strong>
\nA virtualization attack exploits vulnerabilities within virtualized environments to gain unauthorized access to underlying physical hardware.<\/b><\/p>\n

6.3.6\u4fe1\u4efb\u8fb9\u754c\u91cd\u53e0<\/h4>\n

\u5982\u679c\u4e91\u4e2d\u7684\u7269\u7406IT\u8d44\u6e90\u662f\u7531\u4e0d\u540c\u7684\u4e91\u670d\u52a1\u7528\u6237\u5171\u4eab\u7684\uff0c\u90a3\u4e48\u8fd9\u4e9b\u4e91\u670d\u52a1\u7528\u6237\u7684\u4fe1\u4efb\u8fb9\u754c\u662f\u91cd\u53e0\u7684\u3002
\n\u91cd\u53e0\u7684\u4fe1\u4efb\u8fb9\u754c\u6f5c\u85cf\u4e86\u4e00\u79cd\u5a01\u80c1\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u591a\u4e2a\u4e91\u7528\u6237\u5171\u4eab\u7684\u3001\u57fa\u4e8e\u4e91\u7684IT\u8d44\u6e90\u3002<\/span><\/strong>
\n Overlapping trust boundaries represent a threat whereby attackers can exploit cloud-based IT resources shared by multiple cloud consumers.<\/strong><\/p>\n

6.4\u5176\u4ed6\u8003\u91cf<\/h2>\n

6.4.1\u6709\u7f3a\u9677\u7684\u5b9e\u73b0<\/h4>\n

\u4e91\u670d\u52a1\u90e8\u7f72\u4e0d\u5408\u89c4\u8303\u7684\u8bbe\u8ba1\uff0c\u5b9e\u73b0\u6216\u914d\u7f6e\u4f1a\u6709\u4e0d\u5229\u7684\u540e\u679c\uff0c\u800c\u4e0d\u4ec5\u4ec5\u662f\u8fd0\u884c\u65f6\u7684\u5f02\u5e38\u548c\u5931\u6548\u3002<\/p>\n

6.4.2\u5b89\u5168\u7b56\u7565\u4e0d\u4e00\u81f4<\/h4>\n

\u5f53\u4e91\u7528\u6237\u628aIT\u8d44\u6e90\u653e\u5230\u516c\u6709\u4e91\u63d0\u4f9b\u8005\u90a3\u91cc\u65f6\uff0c\u5c31\u9700\u8981\u63a5\u53d7\u4e91\u63d0\u4f9b\u8005\u63d0\u4f9b\u7684\u4fe1\u606f\u5b89\u5168\u65b9\u6cd5\u4e0e\u4f20\u7edf\u7684\u65b9\u6cd5\u53ef\u80fd\u4f1a\u4e0d\u5b8c\u5168\u76f8\u540c\uff0c\u751a\u81f3\u4e0d\u76f8\u4f3c\u3002<\/p>\n

6.4.3\u5408\u7ea6(Contrast)<\/h4>\n

 <\/p>\n

6.4.4\u98ce\u9669\u7ba1\u7406(Risk Management)<\/h4>\n

\u4e3b\u8981\u7684\u5de5\u4f5c\uff1a
\n\uff081\uff09\u98ce\u9669\u8bc4\u4f30\uff08risk assessment\uff09
\n\uff082\uff09\u98ce\u9669\u5904\u7406\uff08risk treatment\uff09
\n\uff083\uff09\u98ce\u9669\u63a7\u5236\uff08risk control\uff09
\n\"\"
\n\u5173\u952e\u70b9\u603b\u7ed3\uff1a
\n\uff081\uff09\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u3001\u771f\u5b9e\u6027\u548c\u53ef\u7528\u6027\u662f\u53ef\u4ee5\u4e0e\u8861\u91cf\u5b89\u5168\u6027\u76f8\u5173\u8054\u7684\u7279\u6027\u3002
\n\uff082\uff09\u5a01\u80c1\u3001\u6f0f\u6d1e\u548c\u98ce\u9669\u662f\u4e0e\u8861\u91cf\u548c\u8bc4\u4f30\u4e0d\u5b89\u5168\u6027\u6216\u5b89\u5168\u6027\u7f3a\u4e4f\u76f8\u5173\u8054\u7684\u3002
\n\uff083\uff09\u5b89\u5168\u63a7\u5236\u3001\u673a\u5236\u548c\u7b56\u7565\u662f\u4e0e\u5efa\u7acb\u652f\u6301\u6539\u8fdb\u5b89\u5168\u6027\u7684\u5bf9\u7b56\u548c\u4fdd\u62a4\u6d4b\u8bd5\u76f8\u5173\u8054\u7684\u3002
\n\uff084\uff09\u533f\u540d\u653b\u51fb\u8005\u662f\u4e0d\u88ab\u4fe1\u4efb\u7684\u5a01\u80c1\u653b\u51fb\u8005\uff0c\u901a\u5e38\u8bd5\u56fe\u4ece\u4e91\u5916\u754c\u7684\u5916\u90e8\u8fdb\u884c\u653b\u51fb\u3002
\n\uff085\uff09\u6076\u610f\u670d\u52a1\u4f5c\u7528\u8005\u622a\u53d6\u7f51\u7edc\u901a\u4fe1\uff0c\u8bd5\u56fe\u6076\u610f\u7684\u7be1\u6539\u6216\u4f7f\u7528\u6570\u636e\u3002
\n\uff086\uff09\u6388\u6743\u7684\u653b\u51fb\u8005\u662f\u7ecf\u8fc7\u6388\u6743\u7684\u4e91\u670d\u52a1\u7528\u6237\uff0c\u5177\u6709\u5408\u6cd5\u7684\u8bc1\u4e66\uff0c\u4ed6\u4eec\u4f1a\u4f7f\u7528\u8fd9\u4e9b\u8bc1\u4e66\u6765\u8bbf\u95ee\u57fa\u4e8e\u4e91\u7684IT\u8d44\u6e90\u3002
\n\uff087\uff09\u6076\u610f\u7684\u5185\u90e8\u4eba\u5458\u662f\u8bd5\u56fe\u6ee5\u7528\u5bf9\u4e91\u8d44\u6e90\u8303\u56f4\u7684\u8bbf\u95ee\u7279\u6743\u7684\u4eba\u3002<\/span>
\n\uff088\uff09\u6d41\u91cf\u7a83\u542c\u548c\u6076\u610f\u5a92\u4ecb\u653b\u51fb\u901a\u5e38\u662f\u7531\u622a\u53d6\u7f51\u7edc\u6d41\u91cf\u7684\u6076\u610f\u670d\u52a1\u4f5c\u7528\u8005\u5b9e\u65bd\u7684\u3002
\n\uff089\uff09\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u7684\u53d1\u751f\u662f\u5f53\u76ee\u6807IT\u8d44\u6e90\u7531\u4e8e\u8bf7\u6c42\u8fc7\u591a\u800c\u8d1f\u8f7d\u8fc7\u91cd\uff0c\u8fd9\u4e9b\u8bf7\u6c42\u610f\u5728\u4f7fIT\u8d44\u6e90\u6027\u80fd\u9677\u4e8e\u762b\u75ea\u6216\u4e0d\u53ef\u7528\u3002\u6388\u6743\u4e0d\u8db3\u653b\u51fb\u662f\u6307\u9519\u8bef\u5730\u6388\u4e88\u4e86\u653b\u51fb\u8005\u8bbf\u95ee\u6743\u9650\u6216\u662f\u6743\u9650\u592a\u5bbd\u6cdb\uff0c\u6216\u662f\u4f7f\u7528\u4e86\u5f31\u5bc6\u7801\u3002
\n\uff0810\uff09\u865a\u62df\u5316\u653b\u51fb\u5229\u7528\u7684\u662f\u865a\u62df\u5316\u73af\u5883\u4e2d\u7684\u6f0f\u6d1e\uff0c\u83b7\u5f97\u4e86\u5bf9\u5e95\u5c42\u7269\u7406\u786c\u4ef6\u672a\u88ab\u6388\u6743\u7684\u8bbf\u95ee\u3002\u91cd\u53e0\u7684\u4fe1\u4efb\u8fb9\u754c\u6f5c\u85cf\u4e86\u4e00\u79cd\u5a01\u80c1\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u591a\u4e2a\u4e91\u7528\u6237\u5171\u4eab\u7684\u3001\u57fa\u4e8e\u4e91\u7684IT\u8d44\u6e90\u3002
\n\uff0811\uff09\u4e91\u7528\u6237\u9700\u8981\u610f\u8bc6\u5230\uff0c\u90e8\u7f72\u6709\u7f3a\u9677\u7684\u57fa\u4e8e\u4e91\u7684\u89e3\u51b3\u65b9\u6848\u53ef\u80fd\u4f1a\u5f15\u5165\u5b89\u5168\u98ce\u9669\u3002
\n\uff0812\uff09\u5728\u9009\u62e9\u4e91\u63d0\u4f9b\u5382\u5546\u65f6\uff0c\u7406\u89e3\u4e91\u63d0\u4f9b\u8005\u5982\u4f55\u5b9a\u4e49\u548c\u5f3a\u52a0\u6240\u6709\u6743\uff0c\u4ee5\u53ca\u53ef\u80fd\u7684\u4e0d\u517c\u5bb9\u7684\u4e91\u5b89\u5168\u7b56\u7565\uff0c\u662f\u5f62\u6210\u8bc4\u4f30\u6807\u51c6\u7684\u5173\u952e\u90e8\u5206\u3002
\n\uff0813\uff09\u5728\u4e91\u7528\u6237\u548c\u4e91\u63d0\u4f9b\u8005\u7b7e\u7f72\u7684\u6cd5\u5f8b\u534f\u8bae\u4e2d\uff0c\u9700\u8981\u660e\u786e\u5b9a\u4e49\u548c\u4e92\u76f8\u7406\u89e3\u5bf9\u6f5c\u5728\u7684\u5b89\u5168\u6cc4\u9732\u7684\u8d23\u4efb\u3001\u514d\u8d23\u548c\u8d23\u95ee\u3002
\n\uff0814\uff09\u5bf9\u4e8e\u4e91\u7528\u6237\u6765\u8bf4\uff0c\u5728\u7406\u89e3\u5177\u4f53\u9488\u5bf9\u67d0\u4e2a\u7279\u5b9a\u4e91\u73af\u5883\u7684\u5b89\u5168\u76f8\u5173\u7684\u53ef\u80fd\u7684\u95ee\u9898\u4e4b\u540e\uff0c\u5bf9\u8bc6\u522b\u51fa\u7684\u98ce\u9669\u8fdb\u884c\u76f8\u5e94\u7684\u8bc4\u4f30\u662f\u5f88\u91cd\u8981\u7684\u3002
\n 
\n\u5178\u578b\u4f8b\u9898\uff1a
\n\u4e00\u3001\u5224\u65ad\u9898<\/span><\/span><\/b><\/b>
\n1. Authenticity<\/span>\u00a0\u00a0<\/span>is the characteristic of something being made accessible only to authorized parties.<\/span>\u00a0( \u00a0 F )<\/span>
\n(Confidentiality \u00a0is the characteristic of something being made accessible only to authorized parties.)<\/strong>
\n2. Integrity<\/span>\u00a0<\/span>is the characteristic of not having been altered by an unauthorized party. \u00a0(\u00a0 T \u00a0 )<\/span>
\n3.<\/span>\u00a0Confidentiality<\/span>\u00a0<\/span>is the characteristic of something having been provided by an authorized source.<\/span>\u00a0(\u00a0 F\u00a0 )<\/span>
\n(Authenticity \u00a0is the characteristic of something having been provided by an authorized source.)<\/strong>
\n4.<\/span>\u00a0Availability<\/span>\u00a0<\/span>is the characteristic of being accessible and usable during all time period.<\/span>\u00a0(\u00a0 F\u00a0 )<\/span>
\n(\u00a0Availability\u00a0is the characteristic of being accessible and usable during a specified time period.)<\/strong>
\n5. A<\/span>\u00a0<\/span>threat<\/span>\u00a0<\/span>is a potential security violation that can challenge defenses in an attempt to breach privacy and\/or cause harm. ( \u00a0 T\u00a0 )<\/span>
\n6. A<\/span>\u00a0<\/span>vulnerability<\/span>\u00a0<\/span>is a weakness that can be exploited either because it is protected by insufficient security controls, or because existing security controls are overcome by an attack. ( T\u00a0 )<\/span>
\n7.<\/span>\u00a0Risk<\/span>\u00a0<\/span>is the possibility of loss or harm arising from performing an activity. Risk is typically measured according to its threat level and the number of possible or known vulnerabilities.<\/span>\u00a0<\/span>( \u00a0 T )<\/span>
\n8.<\/span>\u00a0Security policies are countermeasures used to prevent or respond to security threats and to reduce or avoid risk. <\/span>
\n\u00a0( F \u00a0 )<\/span>
\n(Security controls are countermeasures used to prevent or respond to security threats and to reduce or avoid risk. )<\/strong><\/p>\n

9. A virtualization attack exploits vulnerabilities within physical environments to gain unauthorized access to underlying physical hardware. ( F \u00a0 )<\/span><\/p>\n

(A virtualization attack exploits vulnerabilities within virtualized environments to gain unauthorized access to underlying physical hardware.)<\/strong><\/p>\n

10. Overlapping trust boundaries represent a threat whereby attackers can exploit cloud-based IT resources shared by multiple cloud consumers. ( T \u00a0 )<\/span>
\n\u4e8c\u3001\u9009\u62e9\u9898<\/span><\/span><\/b><\/b>
\n1.<\/span>\u00a0Confidentiality, integrity, authenticity, and availability are characteristics that can be associated with <\/span>\u00a0\u00a0 A \u00a0 \u00a0\u00a0 <\/span><\/u>.<\/span>
\nA. measuring security \u00a0\u00a0<\/strong>\u00a0\u00a0\u00a0B. measuring and assessing insecurity <\/span>
\nC. establishing countermeasures and safeguards \u00a0\u00a0D.all<\/span>
\n2.<\/span> \u00a0 \u00a0\u00a0 D \u00a0 <\/span><\/u>are associated with measuring and assessing insecurity, or the lack of security.<\/span>
\nA.Threats \u00a0\u00a0B.Vulnerabilities \u00a0\u00a0C. Risks \u00a0\u00a0D.all<\/strong><\/span>
\n3. <\/span>\u00a0\u00a0 D \u00a0 \u00a0\u00a0 <\/span><\/u>are associated with establishing countermeasures and safeguards in support of improving security.<\/span>
\nA.Security controls \u00a0B. Security mechanisms \u00a0C. Security policies \u00a0D.all<\/strong><\/span>
\n4. <\/span>\u00a0 \u00a0 D \u00a0 \u00a0 <\/span><\/u>is a non-trusted threat agent that usually attempts attacks from outside of a cloud\u2019s boundary.<\/span>
\nA<\/span><\/span>. A malicious insider \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0B. A trusted attacker <\/span>
\nC. A malicious service agent \u00a0D. An anonymous attacker<\/strong><\/span>
\n5. <\/span>\u00a0 C \u00a0 \u00a0 \u00a0 <\/span><\/u>intercepts network communication in an attempt to maliciously use or augment the data.<\/span>
\nA<\/span><\/span>. A malicious insider \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0B. A trusted attacker <\/span>
\nC. A malicious service agent<\/strong> \u00a0D. An anonymous attacker<\/span>
\n6. <\/span>\u00a0 \u00a0\u00a0 B \u00a0 \u00a0<\/span><\/u> exists as an authorized cloud service consumer with legitimate credentials that it uses to exploit access to cloud-based IT resources.<\/span>
\nA. A malicious insider \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0B. A trusted attacker<\/strong> <\/span>
\nC. A malicious service agent \u00a0D. An anonymous attacker<\/span>
\n7.<\/span> \u00a0\u00a0 A \u00a0 \u00a0 <\/span><\/u>is a human that attempts to abuse access privileges to cloud premises.<\/span>
\nA<\/span><\/span><\/strong>. A malicious insider \u00a0<\/strong>\u00a0\u00a0\u00a0\u00a0\u00a0B. A trusted attacker <\/span>
\nC. A malicious service agent \u00a0D. An anonymous attacker<\/span>
\n8. Traffic eavesdropping and malicious intermediary attacks are usually carried out by <\/span>\u00a0 \u00a0\u00a0 C \u00a0\u00a0 <\/span><\/u>that intercept network traffic.<\/span>
\nA<\/span><\/span>. malicious insiders \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0B. trusted attackers <\/span>
\nC. malicious service agents<\/strong> \u00a0\u00a0D. anonymous attackers<\/span>
\n9. A <\/span>\u00a0 A \u00a0 \u00a0 \u00a0\u00a0<\/span><\/u> attack occurs when a targeted IT resource is overloaded with requests in an attempt to cripple or render it unavailable.<\/span>
\nA<\/span><\/span><\/strong>. denial of service<\/strong> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0B. traffic eavesdropping <\/span>
\nC. malicious intermediary \u00a0\u00a0D. insufficient authorization<\/span>
\n10.The <\/span>\u00a0 \u00a0\u00a0 D \u00a0 \u00a0<\/span><\/u> attack occurs when access is granted to an attacker erroneously or too broadly, or when weak passwords are used.<\/span>
\nA<\/span><\/span>. denial of service \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0B. traffic eavesdropping <\/span>
\nC. malicious intermediary \u00a0\u00a0D. insufficient authorization<\/strong><\/span>
\n\u7b80\u7b54\u9898\uff1a
\n1. <\/span><\/span>About the<\/span><\/b>\u00a0threat agents<\/span><\/i><\/b>.<\/span><\/b><\/span>\u00a0( 8 points )<\/span><\/b>
\na) What is<\/span><\/span><\/b>\u00a0a<\/span><\/b>\u00a0<\/span><\/b>threat agent<\/span><\/i><\/b>\u00a0<\/span><\/b>\uff1f<\/span><\/span><\/b>( 2 points )<\/span><\/b>
\nA\u00a0 threat agent is an entity that poses a threat because it is capable of carrying out an attack.<\/span><\/span>
\nb) fill in the table.<\/span><\/b>\u00a0( 6 points )<\/span><\/b><\/b><\/p>\n\n\n\n\n\n\n\n
\n

threat agent<\/span><\/span><\/b><\/i><\/p>\n<\/td>\n

\n

Defintion<\/span><\/b><\/b><\/p>\n<\/td>\n<\/tr>\n

\n

An<\/span>\u00a0<\/span>anonymous attacke<\/span><\/i><\/span><\/i><\/b><\/p>\n<\/td>\n

\n

\u00a0<\/span><\/span><\/b><\/p>\n

is a non-trusted threat agent that usually attempts attacks from outside of a cloud\u2019s boundary<\/span><\/b><\/p>\n

\u00a0<\/span><\/b><\/p>\n

\u00a0<\/span><\/b><\/p>\n<\/td>\n<\/tr>\n

\n

A<\/span>\u00a0<\/span>malicious service agent<\/span><\/i><\/span><\/i><\/b><\/p>\n<\/td>\n

\n

\u00a0<\/span><\/span><\/b><\/p>\n

Is able to intercept and forward the network traffic that flows within a cloud.<\/b><\/b><\/p>\n

\u00a0<\/span><\/b><\/p>\n<\/td>\n<\/tr>\n

\n

\u00a0<\/span><\/b><\/p>\n

A trust attacker<\/i><\/b><\/i><\/b><\/p>\n<\/td>\n

\n

shares IT resources in the same cloud environment as the cloud consumer and attempts to exploit legitimate credentials to target cloud providers and the cloud tenants with whom they share IT resources<\/span>\u00a0<\/span><\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Malicious insiders<\/span><\/span><\/i><\/b><\/b><\/p>\n<\/td>\n

\n

\u00a0<\/span><\/span>are human threat agents acting on behalf of or in relation to the cloud provider.<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

2. When does the following<\/span><\/b>\u00a0<\/span><\/span>cloud security threat <\/span><\/i><\/b>occur?( 8 points )<\/span><\/b><\/b>
\na)<\/span><\/span><\/b>\u00a0Traffic eavesdropping<\/span><\/i><\/b><\/i><\/b>
\noccurs when data being transferred to or within a cloud is passively intercepted by a malicious service agent for illegitimate information gathering purposes.
\n\u00a0\u00a0b) M<\/span><\/b>alicious intermediary <\/span><\/i><\/b>threat<\/span><\/i><\/b><\/i><\/b>
\narises when message are intercepted and altered by a malicious service agent
\nc) D<\/span><\/b>enial of service<\/span><\/i><\/b>\u00a0<\/span><\/b>(DoS) attack<\/span><\/i><\/b><\/b>
\noccurs when a targeted IT resource is overloaded to the point where they cannot function properly.
\n 
\n 
\n <\/p>\n","protected":false},"excerpt":{"rendered":"

6.1 \u57fa\u672c\u5c5e\u4e8e\u4e0e\u6982\u5ff5 IT\u5b89\u5168\u63aa\u65bd\u65e8\u5728\u9632\u5fa1\u7531\u4e8e\u6076\u610f\u7684\u4f01\u56fe(malicious intent)\u548c\u65e0\u5fc3 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[27],"tags":[],"views":7636,"_links":{"self":[{"href":"http:\/\/www.sniper97.cn\/index.php\/wp-json\/wp\/v2\/posts\/386"}],"collection":[{"href":"http:\/\/www.sniper97.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.sniper97.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.sniper97.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.sniper97.cn\/index.php\/wp-json\/wp\/v2\/comments?post=386"}],"version-history":[{"count":0,"href":"http:\/\/www.sniper97.cn\/index.php\/wp-json\/wp\/v2\/posts\/386\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.sniper97.cn\/index.php\/wp-json\/wp\/v2\/media?parent=386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.sniper97.cn\/index.php\/wp-json\/wp\/v2\/categories?post=386"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.sniper97.cn\/index.php\/wp-json\/wp\/v2\/tags?post=386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}