Posts Tagged ‘AAA
There are many ways to compromise data. Deletion or alteration of records without a backup of the original content is an obvious example. Unlinking a record from a larger context may render it unrecoverable, as can storage on unreliable media. Loss of an encoding key may result in effective destruction. Finally, unauthorized parties must be prevented from gaining access to sensitive data.
The threat of data compromise increases in the cloud, due to the number of and interactions between risks and challenges which are either unique to cloud, or more dangerous because of the architectural or operational characteristics of the cloud environment.
Data loss or leakage can have a devastating impact on a business. Beyond the damage to one’s brand and reputation, a loss could significantly impact employee, partner, and customer morale and trust. Loss of core intellectual property could have competitive and financial implications. Worse still, depending upon the data that is lost or leaked, there might be compliance violations and legal ramifications.
Insufficient authentication, authorization, and audit (AAA) controls;inconsistent use of encryption and software keys; operational failures;persistence and remanence challenges: disposal challenges; risk of association; jurisdiction and political issues; data center reliability; and disaster recovery.
- Implement strong API access control.
- Encrypt and protect integrity of data in transit.
- Analyzes data protection at both design and run time.
- Implement strong key generation, storage and management,and destruction practices.
- Contractually demand providers wipe persistent media before it is released into the pool.
- Contractually specify provider backup and retention strategies.
One aspect that has been overlooked in mobile research is link layer access. Most mobility solutions assume that the link layer configuration will be automatic and base trigger mechanisms in the presence of network layer connectivity.We believe that there is the need for a framework for link layer access, to standardize the operating system interface, creating an unified API to report the presence of access point in the vicinity of the mobile, and to do AAA(Authentication, Authorization and Accounting). A multiplexing transport protocol has to be aware of new link layers that become available, and of link layers that can no longer be used, to add and remove these interfaces from protocol processing. To this end, a link-layer aware transport protocol needs the following support:
Link layer management: a management entity can usedirect information (by probing or listening to the link layer for the presence of access points) or indirect information(by using an existing connection to query the infrastructure for the existence of additional access points) to find new access points. This is called link layer discovery. Management also encompasses measuring signal strength and possibly location hints to rule that a link layer is nolonger usable. This is called link layer disconnection.
Network layer management: before using a link layer,the mobile has to acquire an IP address for that interface. The most common protocol for acquiring a network addressin broadcast media is DHCP (Dynamic Host Configuration Protocol). For point-to-point links, such as infrared, acquiring a network address also entails creatinga point-to-point link. In this case, the link will only be created on demand, as creating the link precludes other mobiles from using the same access point.
Transport layer notification: the transport layer has to benotified of new access points (in the form of a new IP address it can use) and of the loss of an active access point(an IP that can no longer be used). The transport protocols can also notify a management entity about the available bandwidth of each link. Because this bandwidth is closely tied with the available bandwidth of the last hop, by controlling the maximum bandwidth each protocol instance can use the management entity to enforce usage policies for cooperating protocols.