|
1 Cloud Environment Security Landscape |
|
|
1 | (18) |
|
1.1 Cloud Computing Model Background |
|
|
1 | (2) |
|
|
|
3 | (3) |
|
|
|
6 | (2) |
|
1.4 Cloud Storage Classification |
|
|
8 | (4) |
|
1.4.1 Corporate Cloud Storage Types |
|
|
9 | (1) |
|
1.4.2 Corporate Cloud Storage Components |
|
|
10 | (1) |
|
1.4.3 Centralization Features |
|
|
11 | (1) |
|
|
|
11 | (1) |
|
1.5 Cloud Security Requirements |
|
|
12 | (7) |
|
1.5.1 Top Cloud Security Threats |
|
|
14 | (3) |
|
1.5.2 Cloud Security Requirements Recommendation |
|
|
17 | (1) |
|
|
|
18 | (1) |
|
2 Common Cloud Attacks and Vulnerabilities |
|
|
19 | (18) |
|
2.1 Types of Attacks in Cloud Systems |
|
|
19 | (6) |
|
2.2 Classification of Attacks According to General Security Mechanisms |
|
|
25 | (2) |
|
2.3 Classification of Vulnerabilities According to General Security Mechanisms |
|
|
27 | (1) |
|
2.4 Threats Applied to Cloud Solutions |
|
|
27 | (4) |
|
2.5 Classification of Threats According to General Security Mechanisms |
|
|
31 | (1) |
|
2.6 Adversary Types Related to Cloud Solution Providers |
|
|
31 | (6) |
|
|
|
34 | (3) |
|
3 Cloud Storage Security Mechanisms |
|
|
37 | (32) |
|
3.1 Authentication and Tokenization |
|
|
37 | (4) |
|
3.1.1 Definition and Specific Characteristics |
|
|
37 | (1) |
|
3.1.2 Types of Authentication |
|
|
38 | (2) |
|
3.1.3 Usage of Tokens in the Cloud Storage |
|
|
40 | (1) |
|
3.2 Key Distribution and Data Encryption |
|
|
41 | (8) |
|
3.2.1 Encryption in the Cloud |
|
|
42 | (2) |
|
|
|
44 | (1) |
|
|
|
45 | (1) |
|
3.2.4 Key Storing and Using |
|
|
45 | (4) |
|
3.3 Authorization and Access Control Support |
|
|
49 | (5) |
|
3.3.1 Definition and Implementation of Access Control |
|
|
49 | (1) |
|
3.3.2 Access Control Models and Policies |
|
|
50 | (1) |
|
3.3.3 Access Control Methods |
|
|
51 | (2) |
|
3.3.4 Key Renewal and Revocation |
|
|
53 | (1) |
|
3.3.5 Authorization Vulnerabilities, Attacks, and Requirements |
|
|
53 | (1) |
|
|
|
54 | (4) |
|
3.5 Cloud Storage Component Security |
|
|
58 | (11) |
|
3.5.1 Server-Side Protection |
|
|
59 | (2) |
|
3.5.2 Client-Side Protection |
|
|
61 | (1) |
|
3.5.3 Mobile Device Protection |
|
|
62 | (3) |
|
3.5.4 Channel Protection Mechanisms |
|
|
65 | (1) |
|
|
|
66 | (3) |
|
4 Cloud Storage Security Architecture |
|
|
69 | (32) |
|
4.1 General Model of the Security System |
|
|
69 | (2) |
|
4.2 Step-by-Step Security System Construction |
|
|
71 | (3) |
|
4.3 Identification of the Identity Management Infrastructure |
|
|
74 | (4) |
|
4.3.1 Formal Model of Identity Management Infrastructure |
|
|
74 | (1) |
|
4.3.2 Types of IMI in Relation to Cloud Storages |
|
|
75 | (2) |
|
4.3.3 Proposed Authentication Solutions |
|
|
77 | (1) |
|
4.4 Identification of Access Control Framework |
|
|
78 | (8) |
|
4.4.1 Setting Up Security Policies |
|
|
78 | (3) |
|
4.4.2 Configuring the Data Encryption |
|
|
81 | (2) |
|
4.4.3 Configuring Key Management |
|
|
83 | (3) |
|
4.5 Identification of Threat Intelligence Unit |
|
|
86 | (1) |
|
4.6 Identification of the Component Security Framework |
|
|
86 | (5) |
|
4.6.1 The Basic Strategies to Organize the Server Protected Storage |
|
|
87 | (3) |
|
4.6.2 The Basic Strategies to Secure the Client Application |
|
|
90 | (1) |
|
4.7 Security Optimization and Verification |
|
|
91 | (3) |
|
4.7.1 Attack Prevention Verification |
|
|
91 | (1) |
|
4.7.2 Component Security Testing |
|
|
91 | (1) |
|
4.7.3 Security Optimization |
|
|
91 | (3) |
|
4.8 The Practical Implementation |
|
|
94 | (7) |
|
|
|
100 | (1) |
| Afterword |
|
101 | (1) |
| Reference |
|
101 | |
