Cloud Security Frame

- J.D. Meier, Prashant Bansode, Paul Enfield.

We organize our scenarios for key problem areas into a frame. We use the scenarios to figure out where customers need more help, and to test how well the guidance, tools, and platform address the problems.

Hot Spots

  • Auditing
  • Authentication
  • Authorization
  • Code Access Security
  • Communication
  • Data Access
  • Deployment Considerations
  • Exception Management
  • Logging
  • Message and Data Validation
  • Message Protection
  • Message Replay Protection
  • Sensitive Data
  • Session Mgmt
  • Troubleshooting and Debugging
  • Validation

Frame

Hot Spot Key Decisions
Auditing P1
* How to audit.
* How to use platform features to log information in the cloud.
* How to avoid storing PKI in log files.
* How to avoid storing sensitive information in log files.
P2
* How to identify the operations and events to be audited.
* How to archive log information.
* How to handle log failures.
* How to retrieve log information from the cloud.
* How to implement a notification system
Authentication P1
* How to choose authentication strategy for cloud based application.
* How to manage user credentials.
P2
* How to authenticate mobile device users against cloud user store.
* How to use existing user security stores with cloud based application.
* How to using existing user credentials with a cloud based application.
* How deploy and use a user store in the cloud.
* How to map user in local user security store to a STS.
* How to map user attributes to claims.
* How to combine claims associated with identities from separate user stores into new set of claims useful for your application.
* How to manage user accounts securely
* How to build a basic STS
* How to build a basic Identity Provider
Authorization P1
* How to choose authorization strategy.
* How to integrate with Active Directory.
* How to integrate with my Membership Provider.
P2
* How to combine multiple claims from separate providers into single token.
* How to use claims to isolate authentication and authorization logic in your application.
* How to decide what you can authorize in your security infrastructure and what requires application level action.
* How to decide authorization granularity for your application.
* How to use role store in clouds.
* How to map groups in local directory to roles in the claims.
* How to use roles with claims.
* How to map a Windows login ID to a claims token.
* How to use resources with claims.
* How to authorize users based on claims.
* How to prevent your application from relying on administrative privileges it will not have in the cloud.
Communication P1
* How to choose between REST, SOAP, or Web/Http.
* How to choose protocol, security and communication-style for communication with your cloud application.
* How to choose between message security and transport security.
P2
* How to handle interruptions in access to cloud applications.
* How to handle asynchronous calls between cloud and non-cloud applications.
* How to interact with non cloud applications that require fixed IP address.
Data Access P1
* How to choose where to store your connection strings.
* How to encrypt your connection strings.
* If existing data, how to choose whether to move my data to the cloud.
* If starting from scratch, how to choose whether to put my data in the cloud or in a local data center.
P2
* How to connect to a non-cloud data store.
* How to connect to Azure blobs and tables.
* How to connect to Azure SQL.
* How to secure your application from SQL injection.
* How to validate un-trusted input passed to your data access methods.
Deployment Considerations P1
* How to securely deploy my app to the cloud.
* How to handle encryption keys securely in production.
* How to protect my configuration.
P2
* How to securely deploy an app to Azure.
* How to deploy certificates to the cloud.
* How to enable secure communication using SSL.
* How to handle encryption keys securely in production.
* How to secure configuration sections containing sensitive data.
Logging *
Message and Data Validation P1
* How to efficiently and securely validate input data.
* How to design your validation strategy to constrain, reject, and sanitize malicious input.
P2
* How to identify trust boundaries within your distributed cloud application.
* How to handle data and message validation failures.
Exception Management P1
* How to design an effective exception management strategy.
* How to deal with sensitive information when handling the exception.
P2
* How to scrub exception message for secure exception handling.
* How to deal with unhandled exceptions.
Message Protection P1
* How to secure any sensitive data that is sent between cloud applications.
Message Replay Protection P1
* How to detect and manage replay attacks.
Sensitive Data P1
* How to store sensitive data in the cloud.
* How to secure sensitive data sent to a cloud app.
Session Mgmt P1
* How to design your session state strategy.
* How to secure your session store.
P2
* How to identify the data to be stored in session store.
* How to handle session state in a single application instance.
* How to handle session state in multiple application instances.
Troubleshooting and Debugging P1
* How to debug a cloud application without compromising sensitive data or break application security.
* How to handle sensitive information in debug logs.
P1
* How to provide the necessary information for debugging cloud applications.
* How to use platform features to log debugging information without impacting application performance.
* How to archive debug logs.
* How to handle debug log failures.
* How to get notified of problems in a cloud application.
* How to ascertain and send health status information.
Validation P1
* How to effectively and securely validate input data.
* How to design your validation strategy to constrain, reject, and sanitize malicious input.
P2
* How to identify trust boundaries for validation.


Last edited Sep 8, 2009 at 9:25 PM by paulenfield, version 1

Comments

No comments yet.