Information Flow Control for Secure Cloud Computing

Author

Bacon, Jean ; Eyers, David ; Pasquier, Thomas F. J-M ; Singh, Jaskirat ; Papagiannis, Ioannis ; Pietzuch, Peter

Author_Institution

Comput. Lab., Univ. of Cambridge, Cambridge, UK

Volume

11

Issue

1

fYear

2014

fDate

Mar-14

Firstpage

76

Lastpage

89

Abstract

Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well understood Mandatory Access Control methodology. The earliest IFC models targeted security in a centralised environment, but decentralised forms of IFC have been designed and implemented, often within academic research projects. As a result, there is potential for decentralised IFC to achieve better cloud security than is available today. In this paper we describe the properties of cloud computing-Platform-as-a-Service clouds in particular-and review a range of IFC models and implementations to identify opportunities for using IFC within a cloud computing context. Since IFC security is linked to the data that it protects, both tenants and providers of cloud services can agree on security policy, in a manner that does not require them to understand and rely on the particulars of the cloud software stack in order to effect enforcement.

Keywords

access control; cloud computing; data protection; centralized IFC models; cloud services; cloud software stack; data protection; decentralised IFC model; information flow control; mandatory access control methodology; platform-as-a-service clouds; secure cloud computing; security policy; Access control; Cloud computing; Data models; Runtime; Software as a service; Cloud; data security; information flow; information flow control (IFC);

fLanguage

English

Journal_Title

Network and Service Management, IEEE Transactions on

Publisher

ieee

ISSN

1932-4537

Type

jour

DOI

10.1109/TNSM.2013.122313.130423

Filename

6701293