ИССЛЕДОВАНИЕ И АНАЛИЗ ПРОБЛЕМ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ ОБЛАЧНЫХ ТЕХНОЛОГИЙ - Проблемы Информационных Технологий

ИССЛЕДОВАНИЕ И АНАЛИЗ ПРОБЛЕМ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ ОБЛАЧНЫХ ТЕХНОЛОГИЙ - Проблемы Информационных Технологий

ИССЛЕДОВАНИЕ И АНАЛИЗ ПРОБЛЕМ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ ОБЛАЧНЫХ ТЕХНОЛОГИЙ - Проблемы Информационных Технологий

ИССЛЕДОВАНИЕ И АНАЛИЗ ПРОБЛЕМ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ ОБЛАЧНЫХ ТЕХНОЛОГИЙ - Проблемы Информационных Технологий

ИССЛЕДОВАНИЕ И АНАЛИЗ ПРОБЛЕМ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ ОБЛАЧНЫХ ТЕХНОЛОГИЙ - Проблемы Информационных Технологий
ИССЛЕДОВАНИЕ И АНАЛИЗ ПРОБЛЕМ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ ОБЛАЧНЫХ ТЕХНОЛОГИЙ - Проблемы Информационных Технологий
НАЦИОНАЛЬНАЯ АКАДЕМИЯ НАУК АЗЕРБАЙДЖАНА

№1, 2013

ИССЛЕДОВАНИЕ И АНАЛИЗ ПРОБЛЕМ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ ОБЛАЧНЫХ ТЕХНОЛОГИЙ

Алгулиев Расим М., Абдуллаева Фаргана Д.

Статья посвящена анализу проблем обеспечения информационной безопасности облачных технологий. В процессе проведения исследования были изучены причины создания, основные понятия, характеристики, сервисные модели и модели развертывания облачных технологий. Исследованы актуальные задачи информационной безопасности облачных технологий, такие, как управление идентификацией, безопасность веб-программ, виртуализация и управление доверием. Выявлены существующие проблемы облачных технологий, предложены ряд рекомендаций в направлении устранения этих проблем. (стр. 3-14)

Ключевые слова: облачные технологии, виртуализация, управление идентификацией, управление доверием, единый вход, федеративное управление идентификацией
Литература
  • Abdullayeva F.C. Bulud hesablamaları sistemlərinin informasiya təhlükəsizliyi problemləri / Beynəlxalq İnformasiya Təhlükəsizliyi gününə həsr olunmuş Elmi-Praktiki seminarın materialları, Bakı, 2012, s. 23–24.
  • Abdullayeva F.C. Kloud Kompyutinq mühitində təhlükəsizlik problemlərinin analizi / Riyaziyyatın tətbiqi məsələləri və yeni informasiya texnologiyaları, II Respublika elmi konfransının materialları, 2012, s. 100–102.
  • Angin P., Bhargava B., Ranchal R., Singh N., Linderman M. An Entity-centric Approach for Privacy and Identity Management in Cloud Computing / Proc. of the IEEE 29th International Symposium on Reliable Distributed Systems, 2010, pp. 177–183.
  • Baldwin A., Mont M.C., Shiu S. Using Modelling and Simulation for Policy Decision Support in Identity Management / Proc. of the IEEE International Symposium on Policies for Distributed Systems and Networks, 2009, pp. 17–24.
  • Stihler M., Santin A.O., Arlindo L.M., Fraga J.S. Integral Federated Identity Management for Cloud Computing / Proc. of the IEEE 5th International Conference on New Technologies, Mobility and Security (NTMS), 2012, pp. 1–5.
  • Vaidya V. Virtualization Vulnerabilities and Threats: A Solution White Paper. RedCannon Security, 2009, http://www.redcannon.com/vDefense/pdf.
  • Wei J., Zhang X., Ammons G., Bala V., Ning P. Managing security of virtual machine images in a cloud environment / Proc. of the ACM workshop on Cloud computing security, 2009, http://users.cis.fiu.edu/~weijp/Jinpeng_Homepage_files/ccsw09.pdf.
  • Romero M., Bolivar S., Haddad H.M.  Asset Assessment in Web Applications / Proc. of the IEEE 7th International Conference on Information Technology: New Generations (ITNG), 2010, pp. 762–767.
  • Barton R.R., Hery W.J., Liu P. An S-vector for Web Application Security Management / Proc. of the 1st ACM Workshop on Business Driven Security Engineering (BIZSEC), 2004, http://www.smeal.psu.edu/cdt/ebrcpubs/res_papers /2004_01.pdf.
  • Chen  D., Le J., Wei  A Peer-to-Peer Access Control Management Based on Web of Trust / İEEE International Conference on  Future Computer and Communication (ICFCC), 2009, pp. 192–194.
  • Jensen M., Schage S., Schwenk J. Towards an Anonymous Access Control and Accountability Scheme for Cloud Computing / Proc. of the IEEE 3rd International Conference on Cloud Computing, 2010, pp. 540–541. 
  • SP 800-145. The NIST Definition of Cloud Computing. National Institute of Standards and Technology Special Publication, 2011, 7 p.
  • Alhamad M., Dillon T., Chang E. A Trust-Evaluation Metric for Cloud applications // International Journal of Machine Learning and Computing, 2011, V.1, No4, pp. 416–421.
  • Sosinsky B. Cloud Computing Bible. İndiana: Wiley Publishing, 2011, 532 p.
  • Security Guidance for Critical Areas of Focus in Cloud Computing. Cloud Security Alliance, 2011, 176
  • IDC SaaS Summit Spring, The Israeli Association of Grid, 2009, http://www.grid.org.il/_Uploads/dbsAttachedFiles/IDC_ppt.
  • Manavi S., Mohammadalian S., Udzir N.I., Abdullah A. Secure Model for Virtualization Layer in Cloud Infrastructure // IEEE International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2012, No1, pp. 32–40.
  • Takabi H., Joshi D., Ahn G. SecureCloud: Towards a comprehensive security framework for cloud computing environment / Proc. of the IEEE 34th Annual Computer Software and Applications Conference Workshops, 2010, pp. 393–398. 
  • Josang A., Pope S. User Centric Identity Management / AusCERT Conference, 2005, pp. 1–13.
  • Lee H., Jeun I., Jung H. Criteria for evaluating the privacy protection level of Identity Management Services / Proc. of the IEEE Third International Conference on Emerging Security Information, Systems and Technologies, 2009, pp.  155–160.
  • Woda A.  Identity Management in the Cloud / Proc. of the North America Information Security and Risk Management (ISRM) and IT Governance Risk and Compliance Conference (IT GRC), 2012, http://www.isaca.org/Education/ Conferences/Documents/NAISRM-ITGRC-Presentations/211.pdf.
  • Leslie P.A. Manager’s Guide to Identity Management and Federated Identity // Information Systems Control Journal, 2005, V.4, pp. 4–7.
  • SP 800-63-1. Electronic Authentication Guide. National Institute of Standards and Technology (NIST), 2011, 110 p.
  • Liberty Identity Assurance Framework. Liberty Alliance Project, 2008, V.1.1, 128 p.
  • Wan X. TVPDc: A Model for Secure Managing Virtual Infrastructure in IaaS Cloud / Proc. of the IEEE Eighth International Conference on Computational Intelligence and Security (CIS), 2012, 136–141.
  • Manavi S.  Hierarchical secure virtualization model for cloud / Proc. of the IEEE International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012, pp. 219–224.
  • Luo  S., Lin Z., Chen X., Yang Z., Chen J. Virtualization security for cloud computing service / Proc. of the IEEE International Conference on Cloud and Service Computing (CSC), 2011, pp. 174–179.
  • Sharma P., Sood S.K., Kaur S. Security Issues in Cloud Computing // High Performance Architecture and Grid Computing Communications in Computer and Information Science, 2011, V.169, pp. 36–45.
  • Tsai  H., Siebenhaar M., Miede A., Huang Y., Steinmetz R. Threat as a Service?: Virtualization's Impact on Cloud Security // IT Professional, 2012, pp. 32–37.
  • Grobauer B.,  Walloschek T.  Stocker E.,  Understanding Cloud Computing Vulnerabilities // IEEE Security & Privacy, 2011, Vol. 9, pp. 50–57.
  • SP 800-95. Guide to Secure Web Services. Recommendations of the National Institute of Standards and Technology, 2007, 128 p.
  • SANS Report: 60% Of All Attacks Hit Web Applications, Dark Reading's special September issue on Web Applications security, 2009, http://www.darkreading.com.
  • OWASP Top 10 Project. The Open Web Application Security Project, 2010, http://www.owasp.org/index.php/Top_10_2010.
  • Web Application Security Scanners, http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List
  • Xie W., Ma A policy-based security model for Web system / Proc. of the International Conference on Communication Technology Proc. (ICCT), 2003, Vol. 1, pp. 187–191.
  • Guan H., Chen W., Liu L., Yang H. Estimating Security Risk for Web Applications using Security Vectors // Journal of Computers, 2012, Vol. 23, No 1, pp. 1–5.
  • Hwang K., Kulkarni  , Hu Y. Cloud Security with Virtualized Defense and Reputation-based Trust Management / Proc. of the IEEE 8th International Conference on Dependable, Autonomic and Secure Computing, 2009, pp. 717–722.
  • Rashidi A., Movahhedinia N.A. Model for User Trust in Cloud Computing // IEEE International Journal on Cloud Computing: Services and Architecture (IJCCSA), 2012, Vol. 2, No 2, pp. 1–8.
  • Cabarcos P.A., Mendoza F.A., Lo´pez A.M., Sa´nchez D.D., Guerrero R.S. A Metric-Based Approach to Assess Risk for ‘‘On Cloud’’ Federated Identity Management // Journal of Network and System Management, 2012, Vol. 20, No 4, pp. 513–533.