[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [id-cloud] IDCloud TC Meeting Minutes - 7 Jan 2013
As mentioned in our meeting discussion, security concern related to public cloud structure include disclosure of confidential information or intellectual property via side channel attacks - references below: Cross-VM side-channel attack: Virtual Machines (VMs) that execute on the same physical machine share a range of hardware resources-computing, memory, and so forth. Even when solid logical isolation ensures against abuse of explicit logical channels, shared hardware creates vulnerabilities to side-channel attacks, i.e., data leakage through implicit channels. Recent research has demonstrated how hostile VMs can potentially extract sensitive data, such as passwords and cryptographic keys, from other VMs resident on the same physical machine by using memory caches as side channels. Cross-VM side channel attack is one security threats that presents a security risk in the public/multi-tenant clouds. https://www.rsa.com/rsalabs/staff/bios/ajuels/publications/HomeAlone.pdf https://www.rsa.com/rsalabs/staff/bios/ajuels/publications/crossVMattack.pdf Dominique -----Original Message----- From: id-cloud@lists.oasis-open.org [mailto:id-cloud@lists.oasis-open.org] On Behalf Of Anil Saldhana Sent: Monday, January 07, 2013 11:47 AM To: id-cloud Subject: [id-cloud] IDCloud TC Meeting Minutes - 7 Jan 2013 1. Roll Call, Agenda Review and Minute Taker Nomination. Attendees: NEC Corporation Felix Gomez Marmol Voting Member IBM David Kern Voting Member Microsoft Anthony Nadalin Chair Bank of America Dominique Nguyen Voting Member Red Hat Anil Saldhana Chair Daon Cathy Tilton Voting Member Quorum: 6 out of 11 Voting Members (54%). Achieved. 2. Meeting Minutes Approval Deferred. 3. Gap Analysis Document Deferred. 4. IDCloud Profiles - Anil started a discussion on the IDCloud PaaS profile document: https://www.oasis-open.org/committees/download.php/47817/IDCloud-paas-v1d.pdf * A new PaaS Architecture diagram and description was added to the Definitions section. - Good suggestions offered to improve the document. (Please see chat transcript) 5. Other Business 6. Adjourn Chat Transcript ========================= AnilSaldhana(RedHat): 1. Roll Call, Agenda Review and Minute Taker Nomination. 2. Meeting Minutes Approval 3. Gap Analysis Document 4. IDCloud Profiles 5. Other Business 6. Adjourn AnilSaldhana(RedHat): https://www.oasis-open.org/committees/download.php/47816/IDCloud-paas-v1d.odt AnilSaldhana(RedHat): https://www.oasis-open.org/committees/download.php/47817/IDCloud-paas-v1d.pdf AnilSaldhana(RedHat): https://www.oasis-open.org/committees/download.php/47817/IDCloud-paas-v1d.pdf anonymous morphed into Cathy Tilton (Daon) David Kern (IBM): A few notes on the diagram on page 6... David Kern (IBM): authentication and authorization are covered under Identity Services David Kern (IBM): but should encryption of data at rest be included in the storage box and encryption of data in motion in the networking box? David Kern (IBM): Data integrity - where would that be represented? David Kern (IBM): Should application integrity (signing of binaries, etc) be shown? David Kern (IBM): and to continue the trend, should operating system integrity checking (tripwire, re-instantiation from a "clean" r/o source, etc) be mentioned? AnilSaldhana(RedHat): cathy: Cloud Provider security services may have additional services. AnilSaldhana(RedHat): cathy: does this include Physical Security concerns? AnilSaldhana(RedHat): Not in the PaaS document. Maybe in the cloud security guidelines or such document. AnilSaldhana(RedHat): can you hear me? AnilSaldhana(RedHat): dialing back AnilSaldhana(RedHat): stay David Kern (IBM): no, we can't hear you Cathy Tilton (Daon): Anil - are you on the line? AnilSaldhana(RedHat): is the diagram helpful? AnilSaldhana(RedHat): cathy: yes, diagrams are always helpful ========================= --------------------------------------------------------------------- To unsubscribe, e-mail: id-cloud-unsubscribe@lists.oasis-open.org For additional commands, e-mail: id-cloud-help@lists.oasis-open.org ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]