Firesmith Framework.

Consists of nine layers:

1. access control
2. Attack harm detection
3. Non repudiation
4. Interity
!. "ecurity Auditin
#. $hysical $rotection
%. $ri&acy and con'dentiality
(. reco&ery
). $rosecution
a* Access control
Characteri+es the point to which a system restricts its resources access
only to its authorised outsiders who can ,e prorams- ser&ices- actual
humans- de&ices applications- framents or &arious other systems. Access
control may,e summarised as mi.ture of authori+ation- identi'cation and
authentication- the purpose of all ,ein the super&ision and manaement
of a certain le&els of permissions allowed to those entities that can pro&e
their identity and permitted access to e.plain pri&ileed o&er desinated
resources.
,* Attack /arm0detection
Ascertains e.tent of tried or successful attacks in terms of them ,ein
noti'ed- detected and recorded. "olutions can ,e dormant a&oidance and
detection throuh employment of 'lter structures. 1e, ,rowser cloud
access presents a &ariety of security threats.
"er&ices dependent on /22$ and 345 are suscepti,le to 6o" attacks
employment. "afe mechanism which handles 'ltration and detection of
malinant re7uests is dependent on incorporation of a 'lter tree. 8N689
system which is a se7uel to cloud protector is more e7uipped in dealin
with mitiation and detection of 6o" attacks.
c* Non repudiation
It:s the pre&ention of denial of reardin any facet of the transaction ,y
any two parties su,;ect to the interaction.
2hey do incorporate employment of $<I and pu,lic key e.chane
sinatures or certi'cates. Information security is uaranteed in "aa"
applications throuh the "aa" Application "ecurity 4odel which is used
6ecentralised Information Control.
2rust code is used in incorporation of ensurin data is deli&ered to the
correct user at the correct address of propaation.
/omomorphic distri,ution &eri'cation protocol has ,een recommended ,y
many researches as a solution to non=repudiation attempts.
d* Interity
4ake system more safe and secure aainst deli,erate and illeitimate
e.ploitation or harm. Interity can ,e classi'ed into- software interity-
hardware interity- data interity and personnel interity. Common way of
ful'llin re7uirements is introduction of contracts in the form of "er&ice
5e&el Areements ,etween cloud ser&ice pro&ider and user. "er&ice 5e&el
Areements comprises of cloud infrastructure alon with other certain
,enchmarks.
>ne important infrastructural notion associated with the cloud
en&ironment is the concept of &irtuali+ation which is actually a
representation of the &irtual ha,itat instead of speci'ed physical machine.
?ene'ts of &irtuali+ation are security scala,ility and cost e@ecti&e.
6ata interity is supported ,y the concept of the &irtual machine fork.
6ata encryption durin transmission or storae is also &ia,le for interity
checks. >ne solution suests two di@erent cryptoraphic techni7ues for
software and hardware sides in order to preser&e data interity. Another
recommends the use of the homomorphic distri,ution &eri'cation protocol
to ascertain data interity and security which in principal relies on the
employment of the cyclic error correction code to ensure data interity.
e* "ecurity Auditin
Analysis of security associated occurrences allow for usae- &ulnera,ility
and status auditin of security methods ,y security sta@ mem,ers.
"ecurity auditin is linked to the dynamic &eri'cation approach which is
in comparison to the auditin in principal is linked is linked to the dynamic
&eri'cation approach which in comparison to the static approaches is
con&entional ac7uired ,y o&erseein system e.ecutions con'rmin and
scrutini+in its compliance aainst a certain set of standards. 6espite
e.istence of auditin standards the introduction of cloud applica,le
auditin standards is still in 7uestion. "olution calls for the hih
performance ,atch auditin protocol for e.terior third party auditors who
are crucial in terms of data security and interity assurance for cloud
ser&ice users. An additional approach proposes a three layered framework-
the introduction of a new lanuae for the e.pression of rules related to
the monitorin and a 'nite state machine scheme for the impro&isation of
monitorin enines.
f* $hysical $rotection
9efers to the e.tent to which a system will o to protect itself and its
constituents from attacks. 2erm physical attacks include natural
disasters e. earth 7uakes and damae caused ,y natural occurrences
alon with stealin of hardware or machines ,y attackers or intruders.
All such natural disasters and frauds are considered part of the "er&ice
5e&el Areements ,etween the ser&ice pro&ider and the user.
Insurance terms should ,e introduced for ,oth the ser&ice pro&ider and
the user to deal with such scenarios.
* $ri&acy and con'dentiality
6etermines e.tent to which illeitimate parties are refrained from
accessin pri&ate data and information. $roposals ha&e ,een made on
implementation of access control methods to ensure con'dentiality of
sensiti&e information and data.
h* 9eco&ery
9efers to the e.tent to which corrupted- lost unintentionally
mishandled or corrupted data sements miht ,e partly or fully
retrie&ed. Cloud ser&ice pro&ider and users miht ,e su,;ected to
instantaneous reco&ery or miht ,e presented as an optional ser&ice.
Auditin models with roll ,ack solutions also help in facilitation of data
reco&ery solutions.
i* $rosecution
4iht ha&e two meanins when it comes to cloud computin
en&ironment the 'rst ,ein the capacity and ;urisdictional
authori+ation of law administration to prosecute- in&estiate and
sei+e systems which are deemed responsi,le for ,reakin the law
and second ,ein the power to indict malicious or suspicious
conduct and users inside the cloud the en&ironment