Cloud Security Bibliography
18 views
Skip to first unread message
Doug Tidwell
Nov 18, 2009, 7:50:55 AM11/18/09
to Cloud Computing Use Cases
As we go forward, we need to make sure we're adding value to the
existing work various groups have done on cloud security. With that in
mind, what are the major documents on the topic? Here are a couple of
items for a bibliography; what else should be added?
* The Cloud Security Alliance's paper (http://
cloudsecurityalliance.org/csaguide.pdf)
* The SLA@SOI work that came out of the RESERVOIR project (http://sla-
at-soi.eu/ and http://www.reservoir-fp7.eu/, thanks to Gary Mazzaferro
for these two references)
What else should we consider? There are literally dozens of articles
out there, most of which were produced by cloud vendors. (That doesn't
mean they aren't full of good ideas, of course.)
Thanks,
-Doug
existing work various groups have done on cloud security. With that in
mind, what are the major documents on the topic? Here are a couple of
items for a bibliography; what else should be added?
* The Cloud Security Alliance's paper (http://
cloudsecurityalliance.org/csaguide.pdf)
* The SLA@SOI work that came out of the RESERVOIR project (http://sla-
at-soi.eu/ and http://www.reservoir-fp7.eu/, thanks to Gary Mazzaferro
for these two references)
What else should we consider? There are literally dozens of articles
out there, most of which were produced by cloud vendors. (That doesn't
mean they aren't full of good ideas, of course.)
Thanks,
-Doug
Paola Garcia Juarez
Nov 18, 2009, 2:58:30 PM11/18/09
to cloud-comput...@googlegroups.com
Good documents Doug.
I think that maybe we could post in the group the best papers/articles that we consider would be helpful for all the researchers in Cloud Computing (and explaining why, of course).
I have my own "library" in my google docs account, and I don´t mind sharing it with anybody who could need them. Just ask for!
regards,
Paola
--
Eng. Paola Garcia Juarez
(55-21) 83291885
pgarc...@gmail.com
http://www.linkedin.com/in/pgarciaj
Twitter: pgarciaj13
I think that maybe we could post in the group the best papers/articles that we consider would be helpful for all the researchers in Cloud Computing (and explaining why, of course).
I have my own "library" in my google docs account, and I don´t mind sharing it with anybody who could need them. Just ask for!
regards,
Paola
2009/11/18 Doug Tidwell <dtid...@us.ibm.com>
--
You received this message because you are subscribed to the Google Groups "Cloud Computing Use Cases" group.
To post to this group, send email to cloud-comput...@googlegroups.com.
To unsubscribe from this group, send email to cloud-computing-us...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/cloud-computing-use-cases?hl=.
--
Eng. Paola Garcia Juarez
(55-21) 83291885
pgarc...@gmail.com
http://www.linkedin.com/in/pgarciaj
Twitter: pgarciaj13
gary mazzaferro
Nov 18, 2009, 4:57:41 PM11/18/09
to cloud-comput...@googlegroups.com
Hi,
I have some others to post when I get back in tonight..
cheers,
gary
Sent from a Verizon PDA
I have some others to post when I get back in tonight..
cheers,
gary
Sent from a Verizon PDA
For more options, visit this group at http://groups.google.com/group/cloud-computing-use-cases?hl=en.
Message has been deleted
Message has been deleted
Gary Mazz
Nov 21, 2009, 10:50:34 PM11/21/09
to cloud-comput...@googlegroups.com
Hi,
These are the links to documents from SLA@SOI. These are not security
documents, but were part of the sla discussion.
I email Andy Edmond, one of the managers, asking for someone to
contribute to this use case document. We should hear something after
their meeting in the next week or so. This is the link to their focus
area documents:
http://sla-at-soi.eu/research/focus-areas/ Some of the "B" series
documents may not load in the US. They seems to load in the EU, I'm not
sure why, maybe its my ISP, COMCAST.
Back on the security track:
Enca http://www.enisa.europa.eu/ has just released their document on
cloud security. Here is the link to the report:
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport
Here is the copy of their survey document
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-sme-survey/at_download/fullReport
and a the link to their cloud assurance framework:
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-information-assurance-framework
Here is a little known kantara initiative working identity management
issues http://www.kantarainitiative.org Here is a link to their
collaboration groups web page:
http://kantarainitiative.org/wordpress/groups This is the link to
their identity framework document:
http://kantarainitiative.org/confluence/download/attachments/655421/Kantara+IAF-1200-Levels+of+Assurance.doc
Here is the liberty alliance application and detailing of the levels :
http://eap.projectliberty.org/docs/Trust_Framework_010605_final.pdf
As I get though my notes, I'll send out more links to docs relevant to
the level of the use case document. A challenge when posting this
information is that many security and assurance documents quickly deep
dive, IMO, losing the bigger picture for the casual reader.
cheers,
gary
gary mazzaferro wrote:
> Hi,
>
> I have some others to post when I get back in tonight..
>
> cheers,
> gary
>
> Sent from a Verizon PDA
>
> On Wed, Nov 18, 2009 at 12:58 PM, Paola Garcia Juarez
> <pgarc...@gmail.com <mailto:pgarc...@gmail.com>> wrote:
>
> Good documents Doug.
>
> I think that maybe we could post in the group the best
> papers/articles that we consider would be helpful for all the
> researchers in Cloud Computing (and explaining why, of course).
> I have my own "library" in my google docs account, and I don�t
> mind sharing it with anybody who could need them. Just ask for!
>
> regards,
> Paola
>
> 2009/11/18 Doug Tidwell <dtid...@us.ibm.com
> <mailto:dtid...@us.ibm.com>>
> <mailto:cloud-computing-use-cases%2Bunsu...@googlegroups.com>.
> <mailto:cloud-computing-use-cases%2Bunsu...@googlegroups.com>.
These are the links to documents from SLA@SOI. These are not security
documents, but were part of the sla discussion.
I email Andy Edmond, one of the managers, asking for someone to
contribute to this use case document. We should hear something after
their meeting in the next week or so. This is the link to their focus
area documents:
http://sla-at-soi.eu/research/focus-areas/ Some of the "B" series
documents may not load in the US. They seems to load in the EU, I'm not
sure why, maybe its my ISP, COMCAST.
Back on the security track:
Enca http://www.enisa.europa.eu/ has just released their document on
cloud security. Here is the link to the report:
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport
Here is the copy of their survey document
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-sme-survey/at_download/fullReport
and a the link to their cloud assurance framework:
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-information-assurance-framework
Here is a little known kantara initiative working identity management
issues http://www.kantarainitiative.org Here is a link to their
collaboration groups web page:
http://kantarainitiative.org/wordpress/groups This is the link to
their identity framework document:
http://kantarainitiative.org/confluence/download/attachments/655421/Kantara+IAF-1200-Levels+of+Assurance.doc
Here is the liberty alliance application and detailing of the levels :
http://eap.projectliberty.org/docs/Trust_Framework_010605_final.pdf
As I get though my notes, I'll send out more links to docs relevant to
the level of the use case document. A challenge when posting this
information is that many security and assurance documents quickly deep
dive, IMO, losing the bigger picture for the casual reader.
cheers,
gary
gary mazzaferro wrote:
> Hi,
>
> I have some others to post when I get back in tonight..
>
> cheers,
> gary
>
> Sent from a Verizon PDA
>
> On Wed, Nov 18, 2009 at 12:58 PM, Paola Garcia Juarez
> <pgarc...@gmail.com <mailto:pgarc...@gmail.com>> wrote:
>
> Good documents Doug.
>
> I think that maybe we could post in the group the best
> papers/articles that we consider would be helpful for all the
> researchers in Cloud Computing (and explaining why, of course).
> I have my own "library" in my google docs account, and I don�t
> mind sharing it with anybody who could need them. Just ask for!
>
> regards,
> Paola
>
> 2009/11/18 Doug Tidwell <dtid...@us.ibm.com
>
> As we go forward, we need to make sure we're adding value to the
> existing work various groups have done on cloud security. With
> that in
> mind, what are the major documents on the topic? Here are a
> couple of
> items for a bibliography; what else should be added?
>
> * The Cloud Security Alliance's paper (http://
> cloudsecurityalliance.org/csaguide.pdf
> <http://cloudsecurityalliance.org/csaguide.pdf>)
> * The SLA@SOI work that came out of the RESERVOIR project
> (http://sla-
> at-soi.eu/ <http://at-soi.eu/> and
> As we go forward, we need to make sure we're adding value to the
> existing work various groups have done on cloud security. With
> that in
> mind, what are the major documents on the topic? Here are a
> couple of
> items for a bibliography; what else should be added?
>
> * The Cloud Security Alliance's paper (http://
> cloudsecurityalliance.org/csaguide.pdf
> <http://cloudsecurityalliance.org/csaguide.pdf>)
> * The SLA@SOI work that came out of the RESERVOIR project
> (http://sla-
> http://www.reservoir-fp7.eu/, thanks to Gary Mazzaferro
> for these two references)
>
> What else should we consider? There are literally dozens of
> articles
> out there, most of which were produced by cloud vendors. (That
> doesn't
> mean they aren't full of good ideas, of course.)
>
> Thanks,
> -Doug
>
> --
>
> You received this message because you are subscribed to the
> Google Groups "Cloud Computing Use Cases" group.
> To post to this group, send email to
> cloud-comput...@googlegroups.com
> <mailto:cloud-comput...@googlegroups.com>.
> for these two references)
>
> What else should we consider? There are literally dozens of
> articles
> out there, most of which were produced by cloud vendors. (That
> doesn't
> mean they aren't full of good ideas, of course.)
>
> Thanks,
> -Doug
>
> --
>
> You received this message because you are subscribed to the
> Google Groups "Cloud Computing Use Cases" group.
> To post to this group, send email to
> cloud-comput...@googlegroups.com
> <mailto:cloud-computing-use-cases%2Bunsu...@googlegroups.com>.
> For more options, visit this group at
> http://groups.google.com/group/cloud-computing-use-cases?hl=.
>
>
>
>
>
> --
> Eng. Paola Garcia Juarez
> (55-21) 83291885
> pgarc...@gmail.com <mailto:pgarc...@gmail.com>
> http://groups.google.com/group/cloud-computing-use-cases?hl=.
>
>
>
>
>
> --
> Eng. Paola Garcia Juarez
> (55-21) 83291885
> http://www.linkedin.com/in/pgarciaj
> Twitter: pgarciaj13
>
> --
>
> You received this message because you are subscribed to the Google
> Groups "Cloud Computing Use Cases" group.
> To post to this group, send email to
> cloud-comput...@googlegroups.com
> <mailto:cloud-comput...@googlegroups.com>.
> Twitter: pgarciaj13
>
> --
>
> You received this message because you are subscribed to the Google
> Groups "Cloud Computing Use Cases" group.
> To post to this group, send email to
> cloud-comput...@googlegroups.com
> <mailto:cloud-computing-use-cases%2Bunsu...@googlegroups.com>.
michael versace
Nov 23, 2009, 3:53:40 PM11/23/09
to cloud-comput...@googlegroups.com
Another work item that we might want to consider is from The European Network & Information Security Agency (ENISA). Here is its report released recently on cloud computing risk and security. You can download it here: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/.
"ENISA helps European Commission, the Member States and the business community to address, respond and especially to prevent Network and Information Security problems"
I can not comment on the credibility of this work or the level of independence achieved in the construction of the paper, but would be interested in the groups impressions. I'll already noted a few statements that I'd take exception with.
Mike
--
You received this message because you are subscribed to the Google Groups "Cloud Computing Use Cases" group.
To post to this group, send email to cloud-comput...@googlegroups.com.
To unsubscribe from this group, send email to cloud-computing-us...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages