Information Flow Control for Cloud Environments


  • Shih-Chien Chou Department of Computer Science and Information Engineering, National Dong Hwa University, Taiwan


information security, information flow control, cloud environment, cloud application, cloud information flow control


Information flow control (IFC) on cloud environments is substantially affected by the features of multi-tenant and virtualization. For example, if multiple cloud applications executes on a cloud (this is the feature of multi-tenant), the information of one or more cloud applications may be intercepted by others. As another example, when the storage units assigned to a cloud application are re-assigned to others (this is caused by virtualization), the information of the original application stored in the storage units may be leaked to others. To solve the problems, we proposes a two-layered IFC model and a flushing function. The upper layer of the model isolates information of different cloud applications to prevent possible interception. The lower layer controls information flows in a cloud application to prevent information leakage. The flushing function flushes information in a storage unit when it is re-assigned to another cloud application. This prevents an application to obtain the information belonging to other ones.


M. Krohn, A. Yip, M. Brodsky, and N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris, “Information Flow Control for Standard OS Abstractionsâ€, SOSP’07, 2007.

I. Roy, D. E. Porter, M. D. Bond, K. S. McKinley, and E. Witchel, “Laminar: Practical Fine-Grained Decentralized Information Flow Controlâ€, PLDI’09, 2009.

N. Zeldovich, S. Boyd-Wickizer, and D. Mazières, “Securing Distributed Systems with Information Flow Controlâ€, NSDI '08, pp. 293–308, 2008

S. –C. Chou and C. –H. Huang, “An Extended XACML Model to Ensure Secure Information Access for Web Servicesâ€, Journal of Systems and Software, vol. 83, no. 1, pp. 77-84, 2010.

S. –C. Chou, “Dynamically Preventing Information Leakage for Web Services using Latticeâ€, 5’th International Conference on Computer Sciences and Convergence Information Technology (ICCIT), 2010.

W. She, I. –L. Yen, B. Thuraisingham, and E. Bertino, “The SCIFC Model for Information Flow Control in Web Service Compositionâ€, 2009 IEEE International Conference on Web Services, 2009.

W. She, I. –L. Yen, B. Thuraisingham, and E. Bertino, “Effective and Efficient Implementation of an Information Flow Control Protocol for Service Compositionâ€, IEEE International Conference on Service-Oriented Computing and Applications, 2009.

W. She, I. -L. Yen, B. ThuraiSingham, E. Bertino, “The SCIFC Model for Information Flow Control in Web Service Compositionâ€, 2009 IEEE International Conferences on Web Services, pp. 1-8, 2009.

R. Wu, G. –J., Ahn, H. Hu, and M. Singhal, “Information Flow Control in Cloud Computingâ€, Proceedings of the 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2010.

T. Liu and Y. Zhou, “A Decentralized Information Flow Model for SaaS Application Securityâ€, Third International Conference on Intelligent System Design and Engineering Applications, pp. 40-43, 2013.

S. –C. Chou, “Controlling Information Flows in SaaS Cloud applicationsâ€, ICCIT, 2012.

D. E. Bell and L. J. LaPadula, “Secure Computer Systems: Unified Exposition and Multics Interpretationâ€, technique report, Mitre Corp., Mar. 1976.

D. E. Denning, “A Lattice Model of Secure Information Flowâ€, Comm. ACM, vol. 19, no. 5, pp. 236-243, 1976.

D. E. Denning and P. J. Denning, “Certification of Program for Secure Information Flowâ€, Comm. ACM, vol. 20, no. 7, pp. 504-513, 1977.

A. Myers and B. Liskov, “Protecting Privacy using the Decentralized Label Modelâ€, ACM Trans. Software Eng. Methodology, vol. 9, no. 4, pp. 410-442, 2000.

K. Izaki, K. Tanaka, and M. Takizawa, “Information Flow Control in Role-Based Model for Distributed Objectsâ€, 8’th International Conf. Parallel and Distributed Systems, pp. 363-370, 2001.

S. -C. Chou, “Embedding Role-Based Access Control Model in Object-Oriented Systems to Protect Privacyâ€, Journal of Systems and Software, 71(1-2), 143-161, Apr. 2004.

D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, “Proposed NIST Standard for Role-Based Access Controlâ€, ACM Trans. Information and System Security, vol. 4, no. 3, pp. 224-274, 2001.

Brewer, D.F.C., Nash, M.J., 1989. The Chinese Wall Security Policy. In: Proceedings of the 5’th IEEE Symposium on Security and Privacy, 206-214.

J. Bacon, D. Eyers, T. F. J. –M. Pasquier, J. Singh, I. Papagiannis, and P. Pietzuch, “Information Flow Control for Secure Cloud Computingâ€, IEEE Trans. Network and Service Management, 11(1), pp. 76-89, 2014.

L. Gu, A. Vaynberg, B. Ford, Z. Shao, and D. Costanzo, “CertiKOS: A Certified Kernel for Secure Cloud Computingâ€, APSys’11, 2011.




How to Cite

Chou, S.-C. (2017). Information Flow Control for Cloud Environments. Asian Journal of Computer and Information Systems, 4(6). Retrieved from