Manualshelf

Datasheet

ManualsBrandsWiley ManualsSoftware978-0-470-62446-3
21222324252627282930
Chapter 1 Internet Era: E-Commerce 29
to delegate his rights further. Determining trust relations between participant
entities in the presence of delegation is important, and delegation mechanisms
must rely upon stringent trust requirements.
Freshness
Freshness is related to authentication and authorization and is important in
many management applications, or more generally, shared services. Validity of
a user’s proof of authentication and authorization is an issue when user rights
are delegated and where the duration of a job may span over a long period of
time. Furthermore, some applications may want to state the number of times a
given user or service may be allowed to access a resource. This is a nontrivial
problem when one user’s rights are delegated to another user that may thereafter
wish to access the resource. Asserting the freshness of the right to perform an
operation is a critical aspect of any cloud infrastructure.
Trust
Per Grandison and Sloman, trust is dened as “therm belief in the competence
of an entity to act dependably, securely, and reliably within a specified con-
text.” Because most complex applications can, and will, span multiple security
domains, trust relationships between domains are of paramount importance.
Participants in a distributed computing environment should be able to enter
into trust relationships with users and other applications. In a distributed
environment, trust is usually established through the exchange of credentials,
either on a session or a request basis. Because of the dynamic nature of cloud
computing environments, trust can be scarcely established prior to the execu-
tion of an operation. Further implementation details are provided in the “Trust
Governance” section.
Secure Isolation
The term isolationrefers to protecting the host data from outside workloads.
A job or workload from a malicious user can corrupt local data, crash co-located
workloads, and make the local system unusable. The isolation solutions aim to
protect against this behavior. Two common techniques to establish isolation are
effective confinement and signed application.
Effective Confinement
Effective confinement (or effective containment) is a type of isolation technique
that keeps the un-trusted workloads in a protected (aka sandboxed) environment so
624463c01.indd 29 3/29/11 2:26:36 AM