IF-MAP and Cloud Computing

Posted by Ken Y-N on November 27th, 2008 at 09:36am

I recently read a rather interesting post (both the contents and the writing style!) on how the Trusted Computing Group’s (TCG) Interface For Metadata Access Protocol (IF-MAP) should spread to the cloud, in a post by Chris Hoff on his Rational Survivability blog, entitled I Can Haz TCG IF-MAP Support In Your Security Product, Please….

He had previously posted on Cloud Computing: Invented By Criminals, Secured By ??? where he mentioned how a new security paradigm was needed for dynamic distributed computing:

This basically means that we should distribute the sampling, detection and prevention functions across the entire networked ecosystem, not just to dedicated security appliances; each of the end nodes should communicate using a standard signaling and telemetry protocol so that common threat, vulnerability and effective disposition can be communicated up and downstream to one another and one or more management facilities.

This can be addressed by the IF-MAP extension to the Trusted Network Connect (TNC) architecture from the TCG, which allows devices to exchange their security status information in realtime.

One of the things the author gets excited about is extending IF-MAP to cover virtualisation:

Integrating, for example, IF-MAP with VM-Introspection capabilities (in VMsafe, XenAccess, etc.) would be fantastic as you could tie the control planes of the hypervisors, management infrastructure, and provisioning/governance engines with that of security and compliance in near-time.

Tags: , ,

Under Advocacy+ TNC Tags: , ,

Leave a Comment for IF-MAP and Cloud Computing

Required

Required, hidden

RSS Comments Feed RSS Comments Feed  |  Trackback this post

Translations
Recent Articles
Categories
Tags
Adverts

Blogroll
Pages