RIA Security Frame
- J.D. Meier,
Prashant Bansode, Paul Enfield
Frames are a lens for looking at Cloud Security. The frame is simply a collection of Hot Spots. Each Hot Spot represents an actionable category for information. Using Hot Spots, you can quickly find pain and opportunities, or key decision points. It helps us
organize principles, patterns, and practices by relevancy. For example, in this case, we use the Rich Internet Applicatoin Security Frame to organize threats, attacks, vulnerabilities and countermeasures.
|Auditing and Logging
||Auditing and logging refers to how security-related events are recorded, monitored, and audited.
||Authentication is the process where an entity proves the identity of another entity, typically through credentials, such as a user name and password.
||Authorization is how your application provides access controls for resources and operations.
|Code Access Security
||What level of privileges does your application run under? Can you lower the trust levels of the application context?
||Communication encompasses how data is transmitted over the wire. Transport security versus message encryption is covered here.
||Cross-domain covers threats to RIA sites from Cross-site scripting and CSRF (Cross-site Request Forgery) type attacks.
||Data access covers how an application handles data including secure data stores and protecting your data provider connection information.
||Deployment security addresses securing your application or code when deploying it to the cloud. Protecting confidential information and intellectual property (IP) in the application deployment package is of concern here.
||Exception management refers to how you handle exceptions within your application, including fault contracts.
||Sensitive data includes data integrity and confidentiality of your user and application data that you need to protect. This includes how you protect sensitive data from being stolen from memory, from configuration files or when transmitted over the network.
||A session refers to a series of related interactions between a client and your service.
||Message validation refers to how you verify the message payload against schema, as well as message size, content and character sets. This includes how your service filters, scrubs and rejects input and output before additional processing. Input and output
includes input from clients consuming the service as well as file-system input, as well as input from network resources, such as databases. Output typically includes the return values from your service or disk / database writes among others.