cloud computing: standards development for security, privacy and trust
TRANSCRIPT
Cloud Computing:
Standards Development
for Security, Privacy and Trust
ISSA Baltimore Chapter
InfoSec Summit -September 13, 2012
John Sabo, Director Global Government Relations, CA Technologies
Chair, OASIS IDtrust Member Section Steering Committee
Abstract
— Security, privacy and trust: major issues impacting the uptake
of cloud computing, particularly in public and hybrid cloud
deployments
— Addressing these barriers will require both policy and technical
interoperability and standardization, particularly in the areas
of security and data privacy
— Work is underway in OASIS (Organization for the Advancement
of Structured Information Standards) where cloud trust issues
are being addressed in several technical committees
Clouds and Public Policy
— Cloud Computing –“transformative” technology with huge
impact on international public policy
— World Economic Forum Research Study – 2009/2010
− Benefits and Barriers
— Major cybersecurity and data privacy implications
— “National” Economic Policies
− EU Data Protection Regulation (January 2012)
− European Commission consultations on cloud computing and Internet
of Things
− Related “protectionist” policies such as China’s “Indigenous
Innovation,” India’s “Preferential Market Access” (PMA), Brazil
Issues from International Cloud Symposium
— ISCS 1 -- October 10-13, 2011 conference in London
− Hosted by CA Technologies at Ditton Manor
— Focused on unique attributes of Cloud computing, and the
business and policy considerations − Governance and Legal impediments
− Security and Identity
− Privacy and Trust
− Interoperability, Data Portability, and Data Management
− Importance of standards development and adoption
— ICS2 – will be held in Bethesda, October 11-12 2012
− www.oasis-open.org - Events
Governance and Legal Impediments
— Cloud technical challenges are of a lower order of importance than the
policy issues - most cloud governance challenges are not new
— The need to address changes to business and operational processes, legal
impediments and other non-technical interoperability issues are most
relevant for the Cloud
— A workable governance structure necessitates
− understanding and managing effective Cloud computing contracts and
Service Level Agreements (SLAs)
− having standards-based metrics and instrumentation in place to ensure
compliance.
— “Technologies are a commodity -- it is information that has value”
Governance and Legal Impediments -2
— Areas in which Cloud computing is impacting current legal structures and
compliance practices:
− Cloud computing security and cybersecurity
− Reliable messaging and transactional patterns
− Federated identity (of humans and organizations)
− Remote data storage access
— Priorities for future guidance:
− Comparable Quality of Service measures
− Vocabularies for Service Level Agreements (SLAs) and “dashboardability”
− Data ownership and access
− Jurisdiction
− Identifier rigor
− Contract issues - scope, SLAs, liability cover; risk and governance.
Security
— Three key aspects of security (writ large) need to be addressed - risk
management, data classification and the use of open standards
− need to develop and leverage a common understanding of risk
management in Cloud based services, and adopt sound risk mitigation
practices
− Granularity required in classifying data so that appropriate risk
management strategies can be applied
• Clear principles must be applied to the use of public/shared infrastructure and
services such that data may be protected as appropriate to their classification
− standards are NOT optional. The migration of applications to the Cloud
should actually lead to the greater adoption of standards
Identity Management, etc.
— Trust in Identity - when services are offered via the Internet how can
you trust the identity of the user
− A particular challenge is confirming a user's attributes while protecting
privacy.
— Authentication - using the Cloud changes the risk profile and demands a
more flexible approach to authentication. The risk may vary depending
upon the location of the user, the device they are using, the nature and
size of the transaction. – context.
— Authorization - there is no common standard authorization model
adopted by Cloud service providers and yet granular access control is a
key requirement
— Auditing - a major gap
Privacy and Trust
— No common definition of privacy internationally, and many
varied perspectives of what constitutes privacy and personal
information
— Common themes:
− User interests
− Context
− “Right to be Forgotten” – user controlled deletion of personal
information
− Jurisdiction and location
− Law enforcement and national security access
− Effective notice
− Availability
− Harmonization of privacy regulations across jurisdictions
Critical Importance of Standards
— Standards and their adoption are essential for Cloud deployments and are
beneficial for the economy as a whole
− they broaden choice, foster the emergence of new markets and provide a tool to
speed up the time for innovation to reach consumers
− There is a great deal of work underway within recognized standards bodies
applicable to the cloud
— Compelling need to continue the dialogue between public sector officials,
industry and Standards Development Organizations (SDOs) on the
deployment of Cloud based services
— Policy and technology convergence – SDO’s provide opportunity for
constructive and structured dialogue and useful outcomes
Technology and Policy Convergence: Standards for Managing Security and Data Privacy Policies
Cloud Computing and Cloud-based infrastructures
− e-identity systems
− Smart Grid systems
− electronic health systems
− government services
Cybersecurity risk management
Data protection, privacy and data retention and law
enforcement issues for international data flows
Policy Interoperability Increasingly Important
Example: U.S. National Strategy for Trusted Identities in Cyberspace (NSTIC)
public and private sector collaboration to raise the level of trust
associated with the identities of individuals, organizations,
networks, services, and devices involved in online transactions
an identity ecosystem that will:
enhance privacy and support of civil liberties
be secure and resilient and part of layered security
ensure policy and technology interoperability among identity
solutions
be built from identity solutions that are cost-effective and easy
to use
NSTIC Policy and Technical Interoperability and Standards
— Technical interoperability (including semantic interoperability) refers to the ability for different technologies to communicate and exchange data based upon well-defined and testable interface standards
— Policy- level interoperability is the ability for organizations to adopt common business policies and processes (e g , liability, identity proofing, and vetting) related to the transmission, receipt, and acceptance of data between systems
— The use of open and collaboratively developed security standards and the presence of auditable security processes are critical to an identity solution’s trustworthiness
A Sample of OASIS Technical Committees Developing Standards Supporting Trusted Cloud Computing Services
Topology and Orchestration Specification for Cloud
Applications (TOSCA)
Key Management Interoperability Protocol (KMIP)
Identity in the Cloud (IDCloud)
Privacy Management Reference Model (PMRM)
New: Cloud Authorization (CloudAuthZ)
New: Public Administration Cloud Requirements (PACR)
Topology and Orchestration Specification for Cloud Applications (TOSCA)
Formed in December 2011
Already one of the largest TCs (> 100 members)
Continues to attract new participants
Listed as one of IBM’s top 10 cloud standards at its Innovate
2012 conference
Co-Chairs:
Paul Lipton, CA Technologies
Simon Moser, IBM
Today's Cloud Services…
— How would you ensure the portability of a complex
cloud service running on complex software and
hardware infrastructure?
− Virtual images do not suffice at all
• They are “just” snapshots of the state of various components
— Another provider might not have a clue how to install,
deploy, run and manage your service
− Need detailed skills and information about the service and
the nature of its underlying hardware/software stack
TOSCA‘s Approach
— Standardizes the language to describe − The structure of an IT Service
(its topology model)
− How to orchestrate operational behavior (plans such as build, deploy, patch, shutdown, etc.)
— Declarative model that spans applications, virtual and physical infrastructure
Topology Model Orchestration Services (Plans)
Relationship
Type
Node
Type
Operation
Task
Service Templates – a model based approach
TOSCA Will Enable
— Service/solution portability without vendor lock-in
− Model-driven cloud services
− Cloud-to-cloud portability
− Automation with faster deploy, test, update, etc.
− Easier migration of existing applications to the cloud
− Cloud bursting with more consumer choice
− Multi-cloud provider applications
− Cloud service marketplaces
23
TOSCA Past, Present, and Future
— Initial spec submitted to OASIS in Dec. 2011
− CA Technologies, CapGemini, Cisco, Citrix, EMC, IBM, NetApp, PwC, Red
Hat, SAP, Software AG, Virtunomic, WSO2
− Many others have joined the OASIS TC such as ActiveState, CenturyLink,
China Internet Network Information Center, Google, Huawei, Nokia,
Primeton, Progress, Jericho Systems, Progress Software, rPath, Yaana
Technologies, VCE, Zenoss, many more
— Goal is to submit a 1.0 version of the standard for ratification
by the end of 2012 (very aggressive, but possible)
− TOSCA is by design a very thin standard: only a metamodel, some top-
level classes, and XML format
− The actual lower-level classes will be defined and submitted for
standardization as the industry and use cases continue to mature
24
Key Management Interoperability Protocol TC (KMIP)
•Chairs:
Robert Griffin, EMC/RSA
Subhash Sankuratripati, NetApp
•The OASIS KMIP TC works to define a single,
comprehensive protocol for communication between
encryption systems and a broad range of new and
legacy enterprise applications, including email,
databases, and storage devices.
•By removing redundant, incompatible key management
processes, KMIP will provide better data security while
at the same time reducing expenditures on multiple
products.
31
Encrypting Storage
Host
Enterprise Key Manager
@!$%!%!%!%%^& *&^%$#&%$#$%*!^ @*%$*^^^^%$@*) %#*@(*$%%%%#@
Request
Header Get
Unique
Identifier
Symmetric
Key
Response
Header
Unique
Identifier
Key
Value
KMIP Request / Response Model
Unencrypted data Encrypted data
Name: XYZ SSN: 1234567890 Acct No: 45YT-658 Status: Gold
32
Create
Create Key Pair
Register
Re-key
Derive Key
Certify
Re-certify
Locate
Check
Get
Get Attributes
Get Attribute List
Add Attribute
Modify Attribute
Delete Attribute
Obtain Lease
Get Usage Allocation
Activate
Revoke
Destroy
Archive
Recover
Validate
Query
Cancel
Poll
Notify
Put
Unique Identifier
Name
Object Type
Cryptographic Algorithm
Cryptographic Length
Cryptographic Parameters
Cryptographic Domain Parameters
Certificate Type
Certificate Identifier
Certificate Issuer
Certificate Subject
Digest
Operation Policy Name
Cryptographic Usage Mask
Lease Time
Usage Limits
State
Initial Date
Activation Date
Process Start Date
Protect Stop Date
Deactivation Date
Destroy Date
Compromise Occurrence Date
Compromise Date
Revocation Reason
Archive Date
Object Group
Link
Application Specific ID
Contact Information
Last Change Date
Custom Attribute
Certificate
Symmetric Key
Public Key
Private Key
Split Key
Template
Policy Template
Secret Data
Opaque Object
Managed Objects Protocol Operations Object Attributes
Key Block (for keys)
or
Value (for certificates)
KMIP defines a set of Operations that apply to Managed Objects that consist of Attributes and possibly cryptographic material
Cloud Service Provider
App Data
Enterprise IT
Key
Server
HSM
Cloud Key Management
Application
Users CSP
Administrators
Enterprise
Administrators
Enterprise App
Key DB
vSphere
Cloud Service Provider
App Data
Enterprise IT
Key
Server
HSM
Use Cases for Hybrid Cloud
Application
Users CSP
Administrators
Enterprise
Administrators
Enterprise App
Key DB
vSphere
Use Case
• Tenant administration
• Key migration
• Policy distribution
Implications
• Tenant
granularity
• Key export/import
• Policy distribution
• Client registration
KMIP Interop at RSA Conference 2012
Interop Network
Server Server 2 x Server
2 x Server
3 x Client
Server
Client Client Client 3 x Client
Client
Oasis Identity in the Cloud (IDCloud)
Towards standardizing Cloud
Identity
Co-Chairs:
Anil Saldhana Red Hat
Tony Nadalin, IBM
Among the Technical Committee are:
Red Hat, IBM, Microsoft, CA Technologies, Cisco Systems,
SAP, EBay, Novell, Ping Identity, Safe Net, Symantec, Boeing
Corp, US DOD, VeriSign, Akamai, Alfresco, Citrix, Cap
Gemini, Google, Rackspace, Axciom, Huawei, Symplified,
Thales, Conformity, Skyworth TTG, MIT, Jericho Systems,
PrimeKey, Aveksa, Mellanox, Vanguard Integrity
Professionals, NZ Govt ...
Cloud Identity Management
TC works to address Identity Management challenges
related to Cloud Computing
Cloud Identity Management is considered a top security
concern
Identity Management is not completely solved at Enterprise
level
Standards are evolving
Cloud is a new paradigm, so the same problems in new
packaging
Motivation : Example Use Case
Users have Facebook, Google, LinkedIn and similar Cloud
Service accounts
A small manufacturing company requires its employees to
use an online benefits system annually, to choose health
care benefits for the entire year.
The employees work in workshops/units do not use
computers regularly at work. Majority of them have
Facebook accounts.
In this use case, employees may be able to use Facebook
Connect, for the Benefits system
IDCloud Key Objectives
Identifying detailed Use Cases
Identity deployment, provisioning and management in a
cloud context
Gap Analysis of existing Identity Management standards
and protocols when applied in the context of Cloud
Based on Use Cases and Interoperability Profiles
Feed analysis back to the WG responsible for a
standard
Define Interoperability Profiles for Identity in the Cloud
Profiles will be based on use and combinations of
existing standards, protocols and formats
Additional Objectives
Glossary on Cloud Identity
Harmonized set of definitions, terminologies
and vocabulary on Identity in the context of
Cloud
Do not re-invent the wheel
Build on existing standards and specifications
Strong liaison relationships with other
international working groups
ITU-T, DMTF
Status Update
Three stages:
Formalization of Use Cases [Finished]
Oasis Identity In The Cloud Use Case Document v1.0
http://docs.oasis-open.org/id-cloud/IDCloud-
usecases/v1.0/cn01/IDCloud-usecases-v1.0-cn01.html
Gap Analysis of existing IDM standards using the Use
Cases. [In Progress]
Defining Profiles for Identity In The Cloud. [Scheduled]
Use Cases
Received 35 Cloud Identity Management Use Cases
Structure of Use Cases:
Description / user story
Goal / Desired outcome
Categories covered
Applicable Deployment Models
Actors
Systems
Notable Services
Dependencies
Assumptions
Process Flow
Use Case Categories
Authentication
Single Sign On (SSO)
Multi factor Authentication
Infrastructure Identity Establishment
General Identity Management
Infrastructure IdM
Federated IdM
Authorization
Account & Attribute Management
Account & Attribute Provisioning
Security Tokens
Audit & Compliance
Highly-Ranked Use Cases
Managing Identities at all levels in the Cloud
Need for Federated Single Sign On across
multiple environments
Enterprise to Cloud SSO
Auditing
Multi-factor Authentication for Privileged User
Access
Mobile Identity authentication using Cloud
Provider
OASIS PRIVACY MANAGEMENT REFERENCE MODEL (PMRM) Committee Draft Specification - Overview
— Co-Chairs:
— John Sabo, CA Technologies
— Michael Willett
— Status:
— Committee Specification
— Recently completed public review – now editing revision
9/12/2012 47
Health Information Exchange Functional and Roles Diagram
Business Intelligence
Policies and PI Across Domains
What is the Privacy Management Reference Model (PMRM)?
— An analytic tool and methodology developed to:
− improve the ability to analyze use cases in which personal information
is used, communicated, processed and stored
− understand and implement appropriate operational privacy
management functionality and supporting mechanisms
− achieve compliance across policy and system boundaries
− support the stakeholders having an interest in the use case service or
application
— See www.oasis-open.org for TC information
— Spec at: http://docs.oasis-open.org/pmrm/PMRM/v1.0/csd01/PMRM-v1.0-csd01.pdf
(Authoritative)
Why is the PMRM Important?
Support for networked, interoperable services, applications and
devices and the complexity of managing personal information across
legal, regulatory and policy environments in interconnected domains
Applicability to privacy management and compliance in cloud
computing, health IT, smart grid, social networking, federated identity
and similarly complex environments
An organizing structure for exposing privacy requirements for specific
business systems, organizing privacy management mechanisms,
and improving systemic privacy management risk assessment
Support for “privacy by design” concepts
PMRM is Not a static or a prescriptive model - implementers have
flexibility in determining the level and granularity of analysis
necessary for a particular use case
Three Major Components
— A conceptual model of privacy management,
including definitions of terms
— A methodology
— A set of operational services together with the inter-
relationships among these three elements.
Cloud Authorization Technical Committee (CloudAuthZ)
— Issues: − Address lack of standardized profiles for authorization and entitlements where
resources such as bandwidth and memory are constrained and where the access policy enforcement of a cloud resource needs to be performed as close to the consumer as possible
− This requires availability of attributes, including contextual attributes
— Key Objectives: − use existing standards, to provide mechanisms for enabling the delivery of
cloud contextual attributes as close as possible to Policy Enforcement Points
− enable the development of cloud infrastructures that provide in real time a subset of contextual entitlements sets that a decision point can use to authorize or deny a consumer’s use of a specific resource
− reduce the need to customize the interactions between customer and vendor systems, decrease the overhead needed to support authorization and entitlement, and improve portability across multiple systems
Public Administration Cloud Requirements Technical Committee (PACR)
— TC should be launched in October 2012
— Primary goals: − capture key findings of ICS2011 into a framework of non-technical
requirements for public sector Clouds that can be used in the procurement, certification and auditing processes of deploying cloud services
− leverage topologies of cloud computing service functionality and service models and integrate them into common, readily-understood rules that inform procurement, auditable assurance and conformance testing and acquisition criteria
− provide a vendor-neutral information mapping of such requirements to the rather large but loosely-organized body of existing ICT standards.
Public Administration Cloud Requirements Technical Committee (PACR) - 3
— Among Issue areas to be addressed:
− Safety, reliability, and stability
− Legislative and regulatory compliance
− Degree of control and auditability by or on behalf of the responsible public
administration
− Reliance on and vulnerability to single sources, vendors, formats,
applications or computing protocols
− Usability and extensibility of data and data functions by stakeholders;
− Portability of data;
− Portability and composability of data functions across multiple systems and
clouds operating in concert
− More agile enhancement and maintenance and multi-site resilience
Public Administration Cloud Requirements Technical Committee (PACR) -3
— Deliverables:
− a set of common required functional elements, and measurable criteria or qualities that should be present in cloud computing services or installations employed by public administration entities, whether purchased, hired or self-created and self-installed.
− "should be present" refers to aspects of a cloud service or installation that are likely to be necessary to reflect public sector risk profiles in order to satisfy
• public policy
• governmental reliability and stability requirements
• responsibility to citizens and constituent stakeholders
• and broad, platform-neutral accessibility that generally are expected and desirable from useful, long-term government ICT resources.
More on OASIS or Joining OASIS Technical Committees:
Carol Geyer
Senior Director, OASIS
+1-941-284-0403
www.oasis-open.org