Title :
Information Flow Control for Secure Cloud Computing
Author :
Bacon, Jean ; Eyers, David ; Pasquier, Thomas F. J-M ; Singh, Jaskirat ; Papagiannis, Ioannis ; Pietzuch, Peter
Author_Institution :
Comput. Lab., Univ. of Cambridge, Cambridge, UK
Abstract :
Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well understood Mandatory Access Control methodology. The earliest IFC models targeted security in a centralised environment, but decentralised forms of IFC have been designed and implemented, often within academic research projects. As a result, there is potential for decentralised IFC to achieve better cloud security than is available today. In this paper we describe the properties of cloud computing-Platform-as-a-Service clouds in particular-and review a range of IFC models and implementations to identify opportunities for using IFC within a cloud computing context. Since IFC security is linked to the data that it protects, both tenants and providers of cloud services can agree on security policy, in a manner that does not require them to understand and rely on the particulars of the cloud software stack in order to effect enforcement.
Keywords :
access control; cloud computing; data protection; centralized IFC models; cloud services; cloud software stack; data protection; decentralised IFC model; information flow control; mandatory access control methodology; platform-as-a-service clouds; secure cloud computing; security policy; Access control; Cloud computing; Data models; Runtime; Software as a service; Cloud; data security; information flow; information flow control (IFC);
Journal_Title :
Network and Service Management, IEEE Transactions on
DOI :
10.1109/TNSM.2013.122313.130423
