Information Flow Control for Cloud Environments

Shih-Chien Chou


Information flow control (IFC) on cloud environments is substantially affected by the features of multi-tenant and virtualization. For example, if multiple cloud applications executes on a cloud (this is the feature of multi-tenant), the information of one or more cloud applications may be intercepted by others. As another example, when the storage units assigned to a cloud application are re-assigned to others (this is caused by virtualization), the information of the original application stored in the storage units may be leaked to others. To solve the problems, we proposes a two-layered IFC model and a flushing function. The upper layer of the model isolates information of different cloud applications to prevent possible interception. The lower layer controls information flows in a cloud application to prevent information leakage. The flushing function flushes information in a storage unit when it is re-assigned to another cloud application. This prevents an application to obtain the information belonging to other ones.


information security, information flow control, cloud environment, cloud application, cloud information flow control

Full Text:



M. Krohn, A. Yip, M. Brodsky, and N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris, “Information Flow Control for Standard OS Abstractions”, SOSP’07, 2007.

I. Roy, D. E. Porter, M. D. Bond, K. S. McKinley, and E. Witchel, “Laminar: Practical Fine-Grained Decentralized Information Flow Control”, PLDI’09, 2009.

N. Zeldovich, S. Boyd-Wickizer, and D. Mazières, “Securing Distributed Systems with Information Flow Control”, NSDI '08, pp. 293–308, 2008

S. –C. Chou and C. –H. Huang, “An Extended XACML Model to Ensure Secure Information Access for Web Services”, Journal of Systems and Software, vol. 83, no. 1, pp. 77-84, 2010.

S. –C. Chou, “Dynamically Preventing Information Leakage for Web Services using Lattice”, 5’th International Conference on Computer Sciences and Convergence Information Technology (ICCIT), 2010.

W. She, I. –L. Yen, B. Thuraisingham, and E. Bertino, “The SCIFC Model for Information Flow Control in Web Service Composition”, 2009 IEEE International Conference on Web Services, 2009.

W. She, I. –L. Yen, B. Thuraisingham, and E. Bertino, “Effective and Efficient Implementation of an Information Flow Control Protocol for Service Composition”, IEEE International Conference on Service-Oriented Computing and Applications, 2009.

W. She, I. -L. Yen, B. ThuraiSingham, E. Bertino, “The SCIFC Model for Information Flow Control in Web Service Composition”, 2009 IEEE International Conferences on Web Services, pp. 1-8, 2009.

R. Wu, G. –J., Ahn, H. Hu, and M. Singhal, “Information Flow Control in Cloud Computing”, Proceedings of the 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2010.

T. Liu and Y. Zhou, “A Decentralized Information Flow Model for SaaS Application Security”, Third International Conference on Intelligent System Design and Engineering Applications, pp. 40-43, 2013.

S. –C. Chou, “Controlling Information Flows in SaaS Cloud applications”, ICCIT, 2012.

D. E. Bell and L. J. LaPadula, “Secure Computer Systems: Unified Exposition and Multics Interpretation”, technique report, Mitre Corp., Mar. 1976.

D. E. Denning, “A Lattice Model of Secure Information Flow”, Comm. ACM, vol. 19, no. 5, pp. 236-243, 1976.

D. E. Denning and P. J. Denning, “Certification of Program for Secure Information Flow”, Comm. ACM, vol. 20, no. 7, pp. 504-513, 1977.

A. Myers and B. Liskov, “Protecting Privacy using the Decentralized Label Model”, ACM Trans. Software Eng. Methodology, vol. 9, no. 4, pp. 410-442, 2000.

K. Izaki, K. Tanaka, and M. Takizawa, “Information Flow Control in Role-Based Model for Distributed Objects”, 8’th International Conf. Parallel and Distributed Systems, pp. 363-370, 2001.

S. -C. Chou, “Embedding Role-Based Access Control Model in Object-Oriented Systems to Protect Privacy”, Journal of Systems and Software, 71(1-2), 143-161, Apr. 2004.

D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, “Proposed NIST Standard for Role-Based Access Control”, ACM Trans. Information and System Security, vol. 4, no. 3, pp. 224-274, 2001.

Brewer, D.F.C., Nash, M.J., 1989. The Chinese Wall Security Policy. In: Proceedings of the 5’th IEEE Symposium on Security and Privacy, 206-214.

J. Bacon, D. Eyers, T. F. J. –M. Pasquier, J. Singh, I. Papagiannis, and P. Pietzuch, “Information Flow Control for Secure Cloud Computing”, IEEE Trans. Network and Service Management, 11(1), pp. 76-89, 2014.

L. Gu, A. Vaynberg, B. Ford, Z. Shao, and D. Costanzo, “CertiKOS: A Certified Kernel for Secure Cloud Computing”, APSys’11, 2011.


  • There are currently no refbacks.

Comments on this article

View all comments

Creative Commons License
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.