CADF Data Format and Interface Specification - DMTF Data Format and Interface Definitions Specification…

  • View
    212

  • Download
    0

Embed Size (px)

Transcript

  • 1

    Document Identifier: DSP0262 2

    Version: 1.0.0 3

    Date: 2014-06-19 4

    Cloud Auditing Data Federation (CADF) - 5 Data Format and Interface Definitions Specification 6

    Document Type: Specification 7

    Document Status: DMTF Standard 8

    Document Language: en-US 9 10

  • Cloud Auditing Data Federation - Data Format and Interface Definitions Specification DSP0262

    2 DMTF Standard Version 1.0.0

    Copyright Notice 11

    Copyright 2014 Distributed Management Task Force, Inc. (DMTF). All rights reserved. 12

    DMTF is a not-for-profit association of industry members dedicated to promoting enterprise and systems 13 management and interoperability. Members and non-members may reproduce DMTF specifications and documents 14 for uses consistent with this purpose, provided that correct attribution is given. As DMTF specifications may be 15 revised from time to time, the particular version and release date should always be noted. 16

    Implementation of certain elements of this standard or proposed standard may be subject to third party patent 17 rights, including provisional patent rights (herein "patent rights"). DMTF makes no representations to users of the 18 standard as to the existence of such rights, and is not responsible to recognize, disclose, or identify any or all such 19 third party patent right, owners or claimants, nor for any incomplete or inaccurate identification or disclosure of such 20 rights, owners or claimants. DMTF shall have no liability to any party, in any manner or circumstance, under any 21 legal theory whatsoever, for failure to recognize, disclose, or identify any such third party patent rights, or for such 22 partys reliance on the standard or incorporation thereof in its product, protocols or testing procedures. DMTF shall 23 have no liability to any party implementing such standard, whether such implementation is foreseeable or not, nor 24 to any patent owner or claimant, and shall have no liability or responsibility for costs or losses incurred if a standard 25 is withdrawn or modified after publication, and shall be indemnified and held harmless by any party implementing 26 the standard from any and all claims of infringement by a patent owner for such implementations. 27

    For information about patents held by third-parties which have notified the DMTF that, in their opinion, such patent 28 may relate to or impact implementations of DMTF standards, visit: 29 http://www.dmtf.org/about/policies/disclosures.php. 30

    http://www.dmtf.org/about/policies/disclosures.php

  • DSP0262 Cloud Auditing Data Federation - Data Format and Interface Definitions Specification

    Version 1.0.0 DMTF Standard 3

    Contents 31

    Foreword ...................................................................................................................................................................... 9 32 Acknowledgements .............................................................................................................................................. 9 33

    Introduction ................................................................................................................................................................ 10 34 Document versioning scheme ........................................................................................................................... 10 35 Cloud auditing data federation use cases ......................................................................................................... 10 36 Auditing cloud applications independently of provider....................................................................................... 10 37 Auditing hybrid cloud applications ..................................................................................................................... 11 38 Granular use cases ............................................................................................................................................ 12 39

    1 Scope and goals ................................................................................................................................................ 13 40 1.1 Scope ...................................................................................................................................................... 13 41 1.2 Goals ....................................................................................................................................................... 13 42

    1.2.1 Audit data integrity and security ................................................................................................. 14 43 1.2.2 Audit data set sizes and performance ........................................................................................ 14 44 1.2.3 Extensibility................................................................................................................................. 14 45 1.2.4 Use cases and examples ........................................................................................................... 14 46

    1.3 Out of scope ............................................................................................................................................ 15 47 1.3.1 Translation .................................................................................................................................. 15 48 1.3.2 Security policies ......................................................................................................................... 15 49 1.3.3 Forensic information ................................................................................................................... 15 50 1.3.4 Debug information ...................................................................................................................... 15 51 1.3.5 Configuration data ...................................................................................................................... 16 52 1.3.6 Audit event alerting ..................................................................................................................... 16 53

    2 Normative references ........................................................................................................................................ 16 54 3 Terms and definitions ........................................................................................................................................ 17 55

    3.1 General terms .......................................................................................................................................... 17 56 3.2 Interface definitions ................................................................................................................................. 21 57 3.3 Interaction model ..................................................................................................................................... 22 58 3.4 Document versioning scheme ................................................................................................................. 22 59

    4 CADF Event Model ............................................................................................................................................ 22 60 4.1 Basic concepts ........................................................................................................................................ 23 61

    4.1.1 Resource .................................................................................................................................... 23 62 4.1.2 Actual Event, Event Record, CADF Event Record..................................................................... 23 63

    4.2 Required model components .................................................................................................................. 23 64 4.2.1 Basic conceptual event model.................................................................................................... 24 65 4.2.2 The OBSERVER perspective ..................................................................................................... 25 66 4.2.3 Notes .......................................................................................................................................... 25 67

    4.3 Conditional model components ............................................................................................................... 26 68 4.3.1 MEASUREMENT ....................................................................................................................... 26 69 4.3.2 REASON .................................................................................................................................... 26 70 4.3.3 Basic conceptual event model with optional components .......................................................... 26 71

    4.4 Optional components .............................................................................................................................. 27 72 4.4.1 Reporters and the Reporter chain .............................................................................................. 27 73

    4.5 Types of CADF Events ............................................................................................................................ 29 74 4.5.1 Valid EventType values .............................................................................................................. 30 75 4.5.2 EventType requirements ............................................................................................................ 31 76

    4.6 Refinement of Event semantics based upon the selected EventType value .......................................... 31 77 4.6.1 Resource classification ......