ITU-T Y 3514-2017 Cloud computing C Trusted inter-cloud computing framework and requirements (Study Group 13).pdf

1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T Y.3514 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (05/2017) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS, NEXT-GENERATION NETWORKS, INTERNET OF THINGS AND SMART CITIES Cloud Computing Cloud co

2、mputing Trusted inter-cloud computing framework and requirements Recommendation ITU-T Y.3514 ITU-T Y-SERIES RECOMMENDATIONS GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS, NEXT-GENERATION NETWORKS, INTERNET OF THINGS AND SMART CITIES GLOBAL INFORMATION INFRASTRUCTURE General Y.100Y.199

3、 Services, applications and middleware Y.200Y.299 Network aspects Y.300Y.399 Interfaces and protocols Y.400Y.499 Numbering, addressing and naming Y.500Y.599 Operation, administration and maintenance Y.600Y.699 Security Y.700Y.799 Performances Y.800Y.899 INTERNET PROTOCOL ASPECTS General Y.1000Y.1099

4、 Services and applications Y.1100Y.1199 Architecture, access, network capabilities and resource management Y.1200Y.1299 Transport Y.1300Y.1399 Interworking Y.1400Y.1499 Quality of service and network performance Y.1500Y.1599 Signalling Y.1600Y.1699 Operation, administration and maintenance Y.1700Y.1

5、799 Charging Y.1800Y.1899 IPTV over NGN Y.1900Y.1999 NEXT GENERATION NETWORKS Frameworks and functional architecture models Y.2000Y.2099 Quality of Service and performance Y.2100Y.2199 Service aspects: Service capabilities and service architecture Y.2200Y.2249 Service aspects: Interoperability of se

6、rvices and networks in NGN Y.2250Y.2299 Enhancements to NGN Y.2300Y.2399 Network management Y.2400Y.2499 Network control architectures and protocols Y.2500Y.2599 Packet-based Networks Y.2600Y.2699 Security Y.2700Y.2799 Generalized mobility Y.2800Y.2899 Carrier grade open environment Y.2900Y.2999 FUT

7、URE NETWORKS Y.3000Y.3499 CLOUD COMPUTING Y.3500Y.3999 INTERNET OF THINGS AND SMART CITIES AND COMMUNITIES General Y.4000Y.4049 Definitions and terminologies Y.4050Y.4099 Requirements and use cases Y.4100Y.4249 Infrastructure, connectivity and networks Y.4250Y.4399 Frameworks, architectures and prot

8、ocols Y.4400Y.4549 Services, applications, computation and data processing Y.4550Y.4699 Management, control and performance Y.4700Y.4799 Identification and security Y.4800Y.4899 Evaluation and assessment Y.4900Y.4999 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T

9、Y.3514 (05/2017) i Recommendation ITU-T Y.3514 Cloud computing Trusted inter-cloud computing framework and requirements Summary Recommendation ITU-T Y.3515 specifies a framework of trusted inter-cloud computing and relevant use cases. It provides general requirements for trusted inter-cloud and spec

10、ific ones related to governance, management, resiliency, security and confidentiality of trusted inter-cloud. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T Y.3514 2017-05-22 13 11.1002/1000/13254 Keywords Cloud computing, confidentiality, governance, inter-cloud, managemen

11、t, resiliency, security, trust. * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/ 11830-en. ii Rec. ITU-T Y.3514 (05/2017) FOREWORD The International

12、Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating a

13、nd tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce

14、Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Re

15、commendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., intero

16、perability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest tha

17、t compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, va

18、lidity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be re

19、quired to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2017 All rights reserved. No part of this publication may be reprod

20、uced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T Y.3514 (05/2017) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 2 3.1 Terms defined elsewhere 2 3.2 Terms defined in this Recommendation . 3 4 Abbreviations and acronyms 3 5 Conventions 4 6

21、Overview of trusted inter-cloud 4 6.1 Governance of trusted inter-cloud 5 6.2 Management of trusted inter-cloud 6 6.3 Resiliency of trusted inter-cloud 8 6.4 Security and confidentiality of trusted inter-cloud . 9 6.5 Relationship between trusted inter-cloud and the cloud computing reference archite

22、cture . 9 7 General requirements for trusted inter-cloud 10 7.1 Data separation . 10 7.2 Data annotation . 10 7.3 Confidentiality of data 10 7.4 Operational statistics 10 7.5 Interoperability and dependability 10 7.6 Master service agreement . 10 8 Requirements for governance of trusted inter-cloud

23、10 8.1 Geographical policies . 10 8.2 Governance policies . 11 8.3 Governance roles 11 8.4 Regulatory policies . 11 8.5 Laws and regulations 11 9 Requirements for management of trusted inter-cloud 11 9.1 Management policies 11 9.2 Management roles 11 9.3 Distributed data 11 9.4 Identity management 1

24、1 9.5 Access management . 11 9.6 Policy language 11 10 Requirements for resiliency of trusted inter-cloud . 11 10.1 Service monitoring . 12 10.2 Service continuity . 12 10.3 Resiliency policies 12 iv Rec. ITU-T Y.3514 (05/2017) Page 10.4 Resiliency validation 12 11 Requirements for security and conf

25、identiality of trusted inter-cloud . 12 11.1 Security and confidentiality policies 12 11.2 Level of robustness . 12 11.3 Security policy negotiation . 12 11.4 Security and confidentiality policy . 12 11.5 Data security . 12 11.6 Security policy monitoring . 12 12 Security considerations . 12 Appendi

26、x I Use case of trusted inter-cloud computing . 13 I.1 Use case template . 13 I.2 Trusted inter-cloud related use cases . 13 Bibliography. 22 Rec. ITU-T Y.3514 (05/2017) 1 Recommendation ITU-T Y.3514 Cloud computing Trusted inter-cloud computing framework and requirements 1 Scope This Recommendation

27、 specifies a framework of trusted inter-cloud computing and relevant use cases, based on the framework of inter-cloud computing ITU-T Y.3511. The scope of this Recommendation includes: an overview of trusted inter-cloud computing; general requirements for trusted inter-cloud; requirements for govern

28、ance of trusted inter-cloud; requirements for management of trusted inter-cloud; requirements for resiliency of trusted inter-cloud; requirements for security and confidentiality of trusted inter-cloud. 2 References The following ITU-T Recommendations and other references contain provisions which, t

29、hrough reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applyi

30、ng the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T X

31、1601 Recommendation ITU-T X.1601 (2014), Security framework for cloud computing. ITU-T Y.3500 Recommendation ITU-T Y.3500 (2014) | ISO/IEC 17788:2014, Information technology Cloud computing Overview and vocabulary. ITU-T Y.3501 Recommendation ITU-T Y.3501 (2016), Cloud computing Framework and high-

32、level requirements. ITU-T Y.3502 Recommendation ITU-T Y.3502 (2014) | ISO/IEC 17789:2014, Information technology Cloud computing Reference architecture. ITU-T Y.3511 Recommendation ITU-T Y.3511 (2014), Framework of inter-cloud computing. ITU-T Y.3520 Recommendation ITU-T Y.3520 (2015), Cloud computi

33、ng framework for end to end resource management. ITU-T Y.3521 Recommendation ITU-T Y.3521 (2016), Overview of end-to-end cloud computing management. ITU-T Y.3522 Recommendation ITU-T Y.3522 (2016), End-to-end cloud service lifecycle management requirements. 2 Rec. ITU-T Y.3514 (05/2017) 3 Definition

34、s 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 availability ITU-T Y.3500: Property of being accessible and usable upon demand by an authorized entity. 3.1.2 confidentiality ITU-T Y.3500: Property that information is not made available or disclosed

35、 to unauthorized individuals, entities, or processes. 3.1.3 cloud computing ITU-T Y.3500: Paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand. NOTE Examples of resources include ser

36、vers, operating systems, networks, software, applications, and storage equipment. 3.1.4 cloud service ITU-T Y.3500: One or more capabilities offered via cloud computing invoked using a defined interface. 3.1.5 cloud service customer ITU-T Y.3500: Party which is in a business relationship for the pur

37、pose of using cloud services. NOTE A business relationship does not necessarily imply financial agreements. 3.1.6 cloud service partner ITU-T Y.3500: Party which is engaged in support of, or auxiliary to, activities of either the cloud service provider or the cloud service customer, or both. 3.1.7 c

38、loud service provider ITU-T Y.3500: Party which makes cloud services available. 3.1.8 governance b-ISO/IEC 38500:2015: System of directing and controlling. 3.1.9 information security b-ISO/IEC 27000:2016: Preservation of confidentiality, integrity and availability of information. NOTE In addition, o

39、ther properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved. 3.1.10 integrity ITU-T Y.3500: Property of accuracy and completeness. 3.1.11 inter-cloud computing ITU-T Y.3511: The paradigm for enabling the interworking between two or more cloud service

40、providers. NOTE Inter-cloud computing is also referred as inter-cloud. 3.1.12 service level agreement ITU-T Y.3500: Documented agreement between the service provider and customer that identifies services and service targets. NOTE 1 A service level agreement can also be established between the servic

41、e provider and a supplier, an internal group or a customer acting as a supplier. NOTE 2 A service level agreement can be included in a contract or another type of documented agreement. 3.1.13 service management interface ITU-T Y.3521: Interface that provides a set of management capabilities exposed

42、by a cloud service through which the cloud service can be managed. NOTE For additional details of SMI concepts, see ITU-T Y.3520 and b-TMF TR198. 3.1.14 trusted cloud service ITU-T Y.3501: A cloud service that satisfies a set of requirements such as transparency for governance, management and securi

43、ty so that a cloud service customer (CSC) can be confident in using the cloud service. NOTE 1 The set of requirements will vary depending on the involved cloud service customer, the nature of the cloud service and the governing jurisdiction. Rec. ITU-T Y.3514 (05/2017) 3 NOTE 2 The set of requiremen

44、ts could also be related to additional cross-cutting aspects ITU-T Y.3502 such as performance, resiliency, reversibility, SLAs, etc. NOTE 3 Transparency means that the cloud service provider (CSP) should commit to the CSC that they have appropriate and clear control and reporting mechanisms for gove

45、rnance, management and security, such as SLA commitments, online announcements, data handling policies, etc. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 dependability: The availability performance and its influencing factors on reliability performa

46、nce, maintainability performance and maintenance support performance. 3.2.2 inter-cloud governance: System by which the use of inter-cloud is directed and controlled. 3.2.3 reliability: The ability of a system, product or component to perform and maintain under stated conditions as required for a sp

47、ecified period of time. 3.2.4 resiliency: The ability of a system, product or component to provide, maintain, or return to an acceptable level of service in the face of faults (unintentional, intentional or naturally caused) affecting normal operation. 4 Abbreviations and acronyms This Recommendatio

48、n uses the following abbreviations and acronyms: AAA Authentication, Authorization and Accounting BSS Business Support System CSC Cloud Service Customer CSN Cloud Service Partner CSP Cloud Service Provider DDoS Distributed Denial of Service KPI Key Performance Indicator MSA Master Service Agreement

49、NaaS Network as a Service NAT Network Address Translation NFV Network Functions Virtualization OSS Operations Support System PaaS Platform as a Service PII Personally Identifiable Information QoS Quality of Service SaaS Software as a Service SDN Software-Defined Networking SLA Service Level Agreement SMI Service Management Interface vFW Virtual Firewall vHGW Virtual Home Gateway 4 Rec. ITU-T Y.3514 (05/2017) vLB Virtual Loa