クラウド・コンピューティングにおける情報セキュリティ管理の課題と対応

Size: px

Start display at page:

Download "クラウド・コンピューティングにおける情報セキュリティ管理の課題と対応"

みさえこやぎ
6 years ago
Views:

1 / /

2 multi-tenancy 228 /2011.1

3 SaaS 4 Vamosi [2008] 1 CPU CPU Ristenpart, Tromer, Shacham, and Savage [2009] Armbrust et al. [2009] ENISA [2009] 2009 Wang, Wang, Ren, and Lou [2009] Bowers et al. [2010] Gentry [2009] SaaS Software as a Service 229

4 2. 1 IT 2009 National Institute for Standards and Technology; NIST 5 Mell and Grance [2009] ffl ffl ffl ffl ffl NIST Cloud Security Alliance Open Cloud Manifesto ENISA 5 NIST CSA [2009] ENISA [2009] OCM [2010] NIST 6 5ENISA European Network and Information Security Agency EU /2011.1

5 2 1 NIST 1 231

6 3. ffl SaaS Software as a Service Ajax 7 SaaS ID ffl PaaS Platform as a Service PaaS PaaS ffl IaaS Infrastructure as a Service OS IaaS. ffl 7Ajax Asynchronous JavaScript C XML 232 /2011.1

7 ffl ffl 1 ffl 4 ffl ffl 1 ffl 233

8 PDCA PDCA Plan Do Check Act /2011.1

9 PDCA PDCA D Plan Do Check Act PDCA. Plan

10 2 A B C 2 CPU Ristenpart, Tromer, Shacham, and Savage [2009] US Patriot Act EU 25 EU 236 /2011.1

11 ENISA ENISA [2009] 12 ENISA ENISA service level agreement; SLA EU 12 ENISA 1 13 Armbrust et al. [2009] 14 basically available soft state eventual consistency 3 BASE A B C D 16 PaaS 237

12 . Do Check Do Plan Check. Act Check SLA IaaS OS SaaS SLA /2011.1

13 ENISA [2009] 1 R DoS IP

14 ffl ffl ffl ffl Amazon EC /2011.1

16 3 Wang, Wang, Ren, and Lou [2009] Bowers et al. [2010] Gentry [2009] RSA * van Dijk and Juels [2010] * 22 Wang, Wang, Ren, and Lou [2009] Bowers et al. [2010] Gentry [2009] van Dijk and Juels [2010] van Dijk, Gentry, Halevi, and Vaikuntanathan [2010] /2011.1

17 . 1 SAS-70 Statement on Auditing Standards ISMS ISMS Information Security Management System ISMS ISMS JIS Q ENISA [2009] ISMS PCI DSS * *PCIDSS Payment Card Industry Data Security Standard 5 Amex Discover JCB MasterCard VISA 243

18 /2011.1

19 NBL SaaS SLA IT 2010-CSEC Amazon EC2 DDoS BP

20 NBL CSEC IC BP Armbrust, Micheal, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy H. Katz, Andrew Konwinski, Gunho Lee, David A. Patterson, Ariel Rabkin, Ion Stoica, and Matei Zaharia, Above the Clouds: A Berkeley View of Cloud Computing, Technical Report No. UCB/EECS , Electrical Engineering and Computer Sciences, University of Berkeley, 10 February, Bowers, Kevin, Marten van Dijk, Ari Juels, Alina Oprea, and Ronald L. Rivest, How to Tell if Your Cloud Files Are Vulnerable to Drive Crashes, IACR eprint 2010/214, IACR, Cloud Security Alliance (CSA), Security Guidance for Critical Area of Focus in Cloud Computing, V2.1, CSA, December, van Dijk, Marten, Craig Gentry, Shai Halevi, and Vinod Vaikuntanathan, Fully Homomorphic Encryption over the Integers, Proceedings of Eurocrypt 2010, LNCS 6110, Springer-Verlag, May, 2010, pp , and Ari Juels, On the Impossibility of Cryptography Alone for Privacy- Preserving Cloud Computing, IACR eprint 2010/305, IACR, European Network and Information Security Agency (ENISA), Cloud Computing Benefits, Risks and Recommendations for Information Security, ENISA, 20 November, 2009 ( cloud-computing-risk-assessment/). Gentry, Craig, A Fully Homomorphic Encryption Scheme, A Dissertation Submitted to the Department of Computer Science and the Committee on Graduate Studies of Stanford University, September, Mell, Peter, and Tim Grance, The NIST Definition of Cloud Computing, Version 15, NIST, 7 October, 2009 ( Open Cloud Manifesto (OCM), Cloud Computing Use Cases White Paper Version 3.0, OCM, 2 February, 2010 ( 246 /2011.1

21 Ristenpart, Thomas, Eran Tromer, Hovav Shacham, and Stefan Savage, Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, Proceedings of the 6th ACM Conference on Computer and Communications Security, ACM, Vamosi, Robert, Gmail Cookie Stolen via Google Spreadsheets, CNET, 14 April, 2008 ( Wang, Cong, Qian Wang, Kui Ren, and Wenjing Lou, Ensuring Data Storage Security in Cloud Computing, IACR eprint 2009/081, IACR,

22 1. ENISA [2009] R.1 R.2 R.3 R.4 R.5 R.6 R.7 R.8 R.9 R.10 R.11 R.12 R.13 R.14 R.15 Distributed Denial of Service 248 /2011.1

23 R.16 Economic Denial of Service R.17 R.18 R.19 R.20 R.21 R.22 R.23 R.24 service engine e-discovery R.25 R.26 R.27 R.28 R.29 R.30 R.31 R.32 R.33 R.34 R.35 R.2 R.3 R.23 R

24 Wang, Wang, Ren, and Lou [2009] 26 RSA % 26 Google File System /2011.1

25 Bowers et al. [2010] Bowers et al. [2010] Gentry [2009] van Dijk, Gentry, Halevi, and Vaikuntanathan [2010] 28 Bowers et al. [2010] 251

26 van Dijk and Juels [2010] Gentry [2009] Gentry [2009] /2011.1

クラウド・コンピューティングにおける情報セキュリティ管理の課題と対応

クラウド・コンピューティングにおける情報セキュリティ管理の課題と対応 IMES DISCUSSION PAPER SERIES Discussion Paper No. 2010-J-24 INSTITUTE FOR MONETARY AND ECONOMIC STUDIES BANK OF JAPAN 103-8660 2-1-1 http://www.imes.boj.or.jp IMES Discussion Paper Series 2010-J-24 2010