(CADF) - 6 Data Format and Interface Definitions Specification
Total Page:16
File Type:pdf, Size:1020Kb
1 2 Document Identifier: DSP0262 3 Version: 1.0.0 4 Date: 2014-06-19 5 Cloud Auditing Data Federation (CADF) - 6 Data Format and Interface Definitions Specification 7 Document Type: Specification 8 Document Status: DMTF Standard 9 Document Language: en-US 10 Cloud Auditing Data Federation - Data Format and Interface Definitions Specification DSP0262 11 Copyright Notice 12 Copyright © 2014 Distributed Management Task Force, Inc. (DMTF). All rights reserved. 13 DMTF is a not-for-profit association of industry members dedicated to promoting enterprise and systems 14 management and interoperability. Members and non-members may reproduce DMTF specifications and documents 15 for uses consistent with this purpose, provided that correct attribution is given. As DMTF specifications may be 16 revised from time to time, the particular version and release date should always be noted. 17 Implementation of certain elements of this standard or proposed standard may be subject to third party patent 18 rights, including provisional patent rights (herein "patent rights"). DMTF makes no representations to users of the 19 standard as to the existence of such rights, and is not responsible to recognize, disclose, or identify any or all such 20 third party patent right, owners or claimants, nor for any incomplete or inaccurate identification or disclosure of such 21 rights, owners or claimants. DMTF shall have no liability to any party, in any manner or circumstance, under any 22 legal theory whatsoever, for failure to recognize, disclose, or identify any such third party patent rights, or for such 23 party’s reliance on the standard or incorporation thereof in its product, protocols or testing procedures. DMTF shall 24 have no liability to any party implementing such standard, whether such implementation is foreseeable or not, nor 25 to any patent owner or claimant, and shall have no liability or responsibility for costs or losses incurred if a standard 26 is withdrawn or modified after publication, and shall be indemnified and held harmless by any party implementing 27 the standard from any and all claims of infringement by a patent owner for such implementations. 28 For information about patents held by third-parties which have notified the DMTF that, in their opinion, such patent 29 may relate to or impact implementations of DMTF standards, visit: 30 http://www.dmtf.org/about/policies/disclosures.php. 2 DMTF Standard Version 1.0.0 DSP0262 Cloud Auditing Data Federation - Data Format and Interface Definitions Specification 31 Contents 32 Foreword ...................................................................................................................................................................... 9 33 Acknowledgements .............................................................................................................................................. 9 34 Introduction ................................................................................................................................................................ 10 35 Document versioning scheme ........................................................................................................................... 10 36 Cloud auditing data federation use cases ......................................................................................................... 10 37 Auditing cloud applications independently of provider....................................................................................... 10 38 Auditing hybrid cloud applications ..................................................................................................................... 11 39 Granular use cases ............................................................................................................................................ 12 40 1 Scope and goals ................................................................................................................................................ 13 41 1.1 Scope ...................................................................................................................................................... 13 42 1.2 Goals ....................................................................................................................................................... 13 43 1.2.1 Audit data integrity and security ................................................................................................. 14 44 1.2.2 Audit data set sizes and performance ........................................................................................ 14 45 1.2.3 Extensibility................................................................................................................................. 14 46 1.2.4 Use cases and examples ........................................................................................................... 14 47 1.3 Out of scope ............................................................................................................................................ 15 48 1.3.1 Translation .................................................................................................................................. 15 49 1.3.2 Security policies ......................................................................................................................... 15 50 1.3.3 Forensic information ................................................................................................................... 15 51 1.3.4 Debug information ...................................................................................................................... 15 52 1.3.5 Configuration data ...................................................................................................................... 16 53 1.3.6 Audit event alerting ..................................................................................................................... 16 54 2 Normative references ........................................................................................................................................ 16 55 3 Terms and definitions ........................................................................................................................................ 17 56 3.1 General terms .......................................................................................................................................... 17 57 3.2 Interface definitions ................................................................................................................................. 21 58 3.3 Interaction model ..................................................................................................................................... 22 59 3.4 Document versioning scheme ................................................................................................................. 22 60 4 CADF Event Model ............................................................................................................................................ 22 61 4.1 Basic concepts ........................................................................................................................................ 23 62 4.1.1 Resource .................................................................................................................................... 23 63 4.1.2 Actual Event, Event Record, CADF Event Record..................................................................... 23 64 4.2 Required model components .................................................................................................................. 23 65 4.2.1 Basic conceptual event model.................................................................................................... 24 66 4.2.2 The OBSERVER perspective ..................................................................................................... 25 67 4.2.3 Notes .......................................................................................................................................... 25 68 4.3 Conditional model components ............................................................................................................... 26 69 4.3.1 MEASUREMENT ....................................................................................................................... 26 70 4.3.2 REASON .................................................................................................................................... 26 71 4.3.3 Basic conceptual event model with optional components .......................................................... 26 72 4.4 Optional components .............................................................................................................................. 27 73 4.4.1 Reporters and the Reporter chain .............................................................................................. 27 74 4.5 Types of CADF Events ............................................................................................................................ 29 75 4.5.1 Valid EventType values .............................................................................................................. 30 76 4.5.2 EventType requirements ............................................................................................................ 31 77 4.6 Refinement of Event semantics based upon the selected EventType value .........................................