Information Flow Control for Cloud Environments
Keywords:information security, information flow control, cloud environment, cloud application, cloud information flow control
Information flow control (IFC) on cloud environments is substantially affected by the features of multi-tenant and virtualization. For example, if multiple cloud applications executes on a cloud (this is the feature of multi-tenant), the information of one or more cloud applications may be intercepted by others. As another example, when the storage units assigned to a cloud application are re-assigned to others (this is caused by virtualization), the information of the original application stored in the storage units may be leaked to others. To solve the problems, we proposes a two-layered IFC model and a flushing function. The upper layer of the model isolates information of different cloud applications to prevent possible interception. The lower layer controls information flows in a cloud application to prevent information leakage. The flushing function flushes information in a storage unit when it is re-assigned to another cloud application. This prevents an application to obtain the information belonging to other ones.
M. Krohn, A. Yip, M. Brodsky, and N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris, â€œInformation Flow Control for Standard OS Abstractionsâ€, SOSPâ€™07, 2007.
I. Roy, D. E. Porter, M. D. Bond, K. S. McKinley, and E. Witchel, â€œLaminar: Practical Fine-Grained Decentralized Information Flow Controlâ€, PLDIâ€™09, 2009.
N. Zeldovich, S. Boyd-Wickizer, and D. MaziÃ¨res, â€œSecuring Distributed Systems with Information Flow Controlâ€, NSDI '08, pp. 293â€“308, 2008
S. â€“C. Chou and C. â€“H. Huang, â€œAn Extended XACML Model to Ensure Secure Information Access for Web Servicesâ€, Journal of Systems and Software, vol. 83, no. 1, pp. 77-84, 2010.
S. â€“C. Chou, â€œDynamically Preventing Information Leakage for Web Services using Latticeâ€, 5â€™th International Conference on Computer Sciences and Convergence Information Technology (ICCIT), 2010.
W. She, I. â€“L. Yen, B. Thuraisingham, and E. Bertino, â€œThe SCIFC Model for Information Flow Control in Web Service Compositionâ€, 2009 IEEE International Conference on Web Services, 2009.
W. She, I. â€“L. Yen, B. Thuraisingham, and E. Bertino, â€œEffective and Efficient Implementation of an Information Flow Control Protocol for Service Compositionâ€, IEEE International Conference on Service-Oriented Computing and Applications, 2009.
W. She, I. -L. Yen, B. ThuraiSingham, E. Bertino, â€œThe SCIFC Model for Information Flow Control in Web Service Compositionâ€, 2009 IEEE International Conferences on Web Services, pp. 1-8, 2009.
R. Wu, G. â€“J., Ahn, H. Hu, and M. Singhal, â€œInformation Flow Control in Cloud Computingâ€, Proceedings of the 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2010.
T. Liu and Y. Zhou, â€œA Decentralized Information Flow Model for SaaS Application Securityâ€, Third International Conference on Intelligent System Design and Engineering Applications, pp. 40-43, 2013.
S. â€“C. Chou, â€œControlling Information Flows in SaaS Cloud applicationsâ€, ICCIT, 2012.
D. E. Bell and L. J. LaPadula, â€œSecure Computer Systems: Unified Exposition and Multics Interpretationâ€, technique report, Mitre Corp., Mar. 1976. http://csrc.nist.gov/publications/history/bell76.pdf
D. E. Denning, â€œA Lattice Model of Secure Information Flowâ€, Comm. ACM, vol. 19, no. 5, pp. 236-243, 1976.
D. E. Denning and P. J. Denning, â€œCertification of Program for Secure Information Flowâ€, Comm. ACM, vol. 20, no. 7, pp. 504-513, 1977.
A. Myers and B. Liskov, â€œProtecting Privacy using the Decentralized Label Modelâ€, ACM Trans. Software Eng. Methodology, vol. 9, no. 4, pp. 410-442, 2000.
K. Izaki, K. Tanaka, and M. Takizawa, â€œInformation Flow Control in Role-Based Model for Distributed Objectsâ€, 8â€™th International Conf. Parallel and Distributed Systems, pp. 363-370, 2001.
S. -C. Chou, â€œEmbedding Role-Based Access Control Model in Object-Oriented Systems to Protect Privacyâ€, Journal of Systems and Software, 71(1-2), 143-161, Apr. 2004.
D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, â€œProposed NIST Standard for Role-Based Access Controlâ€, ACM Trans. Information and System Security, vol. 4, no. 3, pp. 224-274, 2001.
Brewer, D.F.C., Nash, M.J., 1989. The Chinese Wall Security Policy. In: Proceedings of the 5â€™th IEEE Symposium on Security and Privacy, 206-214.
J. Bacon, D. Eyers, T. F. J. â€“M. Pasquier, J. Singh, I. Papagiannis, and P. Pietzuch, â€œInformation Flow Control for Secure Cloud Computingâ€, IEEE Trans. Network and Service Management, 11(1), pp. 76-89, 2014.
L. Gu, A. Vaynberg, B. Ford, Z. Shao, and D. Costanzo, â€œCertiKOS: A Certified Kernel for Secure Cloud Computingâ€, APSysâ€™11, 2011.
How to Cite
- Papers must be submitted on the understanding that they have not been published elsewhere (except in the form of an abstract or as part of a published lecture, review, or thesis) and are not currently under consideration by another journal published by any other publisher.
- It is also the authors responsibility to ensure that the articles emanating from a particular source are submitted with the necessary approval.
- The authors warrant that the paper is original and that he/she is the author of the paper, except for material that is clearly identified as to its original source, with permission notices from the copyright owners where required.
- The authors ensure that all the references carefully and they are accurate in the text as well as in the list of references (and vice versa).
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Attribution-NonCommercial 4.0 International that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
- The journal/publisher is not responsible for subsequent uses of the work. It is the author's responsibility to bring an infringement action if so desired by the author.