Page 977 - Cloud computing: From paradigm to operation
P. 977
Security 7
3.1.13 hypervisor [b-NIST-SP-800-125]: The virtualization component that manages the guest OSs on a host
and controls the flow of instructions between the guest OSs and the physical hardware.
3.1.14 Infrastructure as a Service (IaaS) [b-ITU-T Y.3500]: Cloud service category in which the cloud
capabilities type provided to the cloud service customer (3.1.5) is an infrastructure capabilities type.
NOTE – The cloud service customer (3.1.5) does not manage or control the underlying physical and virtual resources,
but does have control over operating systems, storage, and deployed applications that use the physical and virtual
resources. The cloud service customer (3.1.5) may also have limited ability to control certain networking components
(e.g., host firewalls).
3.1.15 multi-tenancy [b-ITU-T Y.3500]: Allocation of physical or virtual resources such that multiple tenants
(3.1.26) and their computations and data are isolated from and inaccessible to one another.
3.1.16 Network as a Service (NaaS) [b-ITU-T Y.3500]: Cloud service category in which the capability
provided to the cloud service customer (3.1.5) is transport connectivity and related network capabilities.
NOTE – NaaS can provide any of the three cloud capabilities types.
3.1.17 party [b- ISO/IEC 27729]: Natural person or legal person, whether or not incorporated, or a group
of either.
3.1.18 personally identifiable information [b-ISO/IEC 29100]: Any information that (a) can be used to
identify the PII principal to whom such information relates, or (b) is or might be directly or indirectly linked
to a PII principal.
3.1.19 Platform as a Service (PaaS) [b-ITU-T Y.3500]: Cloud service category in which the cloud capabilities
type provided to the cloud service customer (3.1.5) is a platform capabilities type.
3.1.20 private cloud [b-ITU-T Y.3500]: Cloud deployment model where cloud services (3.1.4) are used
exclusively by a single cloud service customer (3.1.5) and resources are controlled by that cloud service
customer (3.1.5).
3.1.21 public cloud [b-ITU-T Y.3500]: Cloud deployment model where cloud services (3.1.4) are potentially
available to any cloud service customer (3.1.5) and resources are controlled by the cloud service
provider (3.1.7).
3.1.22 security domain [b-ITU-T X.810]: A set of elements, a security policy, a security authority and a set
of security-relevant activities in which the set of elements are subject to the security policy for the specified
activities, and the security policy is administered by the security authority for the security domain.
3.1.23 security incident [b-ITU-T E.409]: A security incident is any adverse event whereby some aspect of
security could be threatened.
3.1.24 service level agreement (SLA) [b-ISO/IEC 20000-1]: A documented agreement between the service
provider and customer that identifies services and service targets.
NOTE 1 – A service level agreement can also be established between the service provider and a supplier, an internal
group or a customer acting as a supplier.
NOTE 2 – A service level agreement can be included in a contract or another type of documented agreement.
3.1.25 Software as a Service (SaaS) [b-ITU-T Y.3500]: Cloud service category in which the cloud capabilities
type provided to the cloud service customer (3.1.5) is an application capabilities type.
3.1.26 tenant [b-ITU-T Y.3500]: One or more cloud service users (3.1.8) sharing access to a set of physical
and virtual resources.
3.1.27 threat [b-ISO/IEC 27000]: A potential cause of an unwanted incident, which may result in harm to a
system or organization.
3.1.28 virtual machine (VM) [b-NIST-SP-800-145]: An efficient, isolated, logical duplicate of a real machine.
3.1.29 vulnerability [b-NIST-SP-800-30]: A weakness in an information system, system security procedures,
internal controls, or implementation that could be exploited by a threat source.
969
