aboutsummaryrefslogtreecommitdiffstats
path: root/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.3_Cloud.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.3_Cloud.md')
-rw-r--r--docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.3_Cloud.md21
1 files changed, 8 insertions, 13 deletions
diff --git a/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.3_Cloud.md b/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.3_Cloud.md
index 36c4df8..d4112fc 100644
--- a/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.3_Cloud.md
+++ b/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.3_Cloud.md
@@ -1,12 +1,7 @@
---
-edit_link: ''
title: Cloud
-origin_url: >-
- https://raw.githubusercontent.com/automotive-grade-linux/docs-sources/master/docs/security-blueprint/part-7/3-Cloud.md
---
-<!-- WARNING: This file is generated by fetch_docs.js using /home/boron/Documents/AGL/docs-webtemplate/site/_data/tocs/architecture/master/security_blueprint-security-blueprint-book.yml -->
-
# Cloud
## Download
@@ -16,8 +11,8 @@ origin_url: >-
characteristics bound to that device, entity or person.
- **Authorization**: Parses the network to allow access to some or all network
-functionality by providing rules and allowing access or denying access based
-on a subscriber's profile and services purchased.
+ functionality by providing rules and allowing access or denying access based
+ on a subscriber's profile and services purchased.
<!-- section-config -->
@@ -75,10 +70,10 @@ Application-Cloud-Infrastructure-5 | App integrity | Applications must be signed
## Transport
-For data transport, it is necessary to **encrypt data end-to-end**. To prevent **MITM** attacks,
-no third party should be able to interpret transported data. Another aspect
-is the data anonymization in order to protect the leakage of private information
-on the user or any other third party.
+For data transport, it is necessary to **encrypt data end-to-end**. To prevent
+**MITM** attacks, no third party should be able to interpret transported data.
+Another aspect is the data anonymization in order to protect the leakage of
+private information on the user or any other third party.
The use of standards such as **IPSec** provides "_private and secure
communications over IP networks, through the use of cryptographic security
@@ -99,8 +94,8 @@ to configure each application to **IPSec** standards.
- Integrity: A service that consists in ensuring that data has not been tampered
with accidentally or fraudulently.
- Replay Protection: A service that prevents attacks by re-sending a valid
- intercepted packet to the network for the same authorization.
- This service is provided by the presence of a sequence number.
+ intercepted packet to the network for the same authorization. This service is
+ provided by the presence of a sequence number.
- Key management: Mechanism for negotiating the length of encryption keys
between two **IPSec** elements and exchange of these keys.