计算机科学 ›› 2019, Vol. 46 ›› Issue (4): 189-196.doi: 10.11896/j.issn.1002-137X.2019.04.030
刘明聪1,2, 王娜1,2, 周宁3
LIU Ming-cong1,2, WANG Na1,2, ZHOU Ning3
摘要: 云组合服务可以为用户提供更加丰富的功能,但在业务流程中敏感信息可能流经多个云服务,必须实施信息流控制来防止信息的泄露或非授权访问。针对云组合服务的信息流安全问题,提出了一种基于依赖分析的信息流控制机制,通过数据间的依赖关系分析云组合服务中的信息流动,并使用安全标签进行信息流控制。首先,构建了复杂组合结构的云组合服务加权有向图模型,基于安全属性定义了云服务的属性证书、数据的机密性标签以及完整性标签;接着,提出了服务内部输入依赖与服务间资源依赖的概念,并给出了基于历史信息的运行时输入依赖与资源依赖计算方法;其次,根据依赖分析给出了输出数据安全标签算法,定义了组合信息流策略并设计了分布式的信息流控制机制,实现了复杂组合结构下云组合服务中信息流的机密性和完整性保护;最后,分析评估了机制的有效性与性能。
中图分类号:
[1]MENG S M.Trusted Service Composition and Its Key Techno- logies in Cloud Environment[D].Nanjing:Nanjing University,2016.(in Chinese) 孟顺梅.云计算环境下可信服务组合及其关键技术研究[D].南京:南京大学,2016. [2]JULA A,SUNDARARAJAN E,OTHMAN Z.Cloud computing service composition:A systematic literature review[J].Expert Systems with Applications,2014,41(8):3809-3824. [3]XI N.A Study on Composable Information Flow Security Model and Approach[D].Xi’an:Xidian University,2014.(in Chinese) 习宁.可组合信息流安全验证模型及方法研究[D].西安:西安电子科技大学,2014. [4]YU B.Research on Key Security Techniques of Web Service Composition[D].Changsha:National University of Defense Technology,2013.(in Chinese) 喻波.Web服务组合的关键安全技术研究[D].长沙:国防科学技术大学,2013. [5]WANG Y D,YANG J H,XU C,et al.Survey on access control technologies for cloud computing[J].Journal of Software,2015,26(5):1129-1150.(in Chinese) 王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述[J].软件学报,2015,26(5):1129-1150. [6]BACON J,EYERS D,PASQUIER J M,et al.Information Flow Control for Secure Cloud Computing[J].IEEE Transactions on Network & Service Management,2014,11(1):76-89. [7]SHE W,YEN I L,THURAISINGHAM B,et al.Security- Aware Service Composition with Fine-Grained Information Flow Control[J].IEEE Transactions on Services Computing,2013,6(3):330-343. [8]HUTTER D,VOLKAMER M.Information Flow Control to Secure Dynamic Web Service Composition[J].Lecture Notes in Computer Science,2006,3934:196-210. [9]SHE W,YEN I L,THURAISINGHAM B,et al.The SCIFC Model for Information Flow Control in Web Service Composition[C]∥IEEE International Conference on Web Services.Los Angeles:IEEE,2009:1-8. [10]SHE W,YEN I L,THURAISINGHAM B,et al.Rule-based run-time information flow control in service cloud[C]∥2011 IEEE International Conference on Web Services (ICWS).Wa-shington,DC:IEEE,2011:524-531. [11]YU B,YANG L,CHEN S,et al.An information flow control approach in composite services[C]∥In IET International Conference on Information and Communications Technologies.Beijing:IET,2013:263-269. [12]XI N,SUN C,MA J,et al.Secure service composition with information flow control in service clouds[J].Future Generation Computer Systems,2015,49(C):142-148. [13]SOLANKI N,HOFFMAN T,YEN I L,et al.An Access and Information Flow Control Paradigm for Secure Information Sharing in Service-Based Systems[C]∥2015 IEEE 39th Annual Computer Software and Applications Conference (COMPSAC).Taichung:IEEE,2015:60-67. [14]PASQUIER T,BACON J,SINGH J,et al.Data-Centric Access Control for Cloud Computing[C]∥Symposium on Access Control Models and Technologies.Shanghai:ACM,2016:81-88. [15]WANG L,LI F,LI L,et al.Principle and Practice of Taint Analysis[J].Journal of Software,2017,28(4):860-882.(in Chinese) 王蕾,李丰,李炼,等.污点分析技术的原理和实践应用[J].软件学报,2017,28(4):860-882. |
[1] | 梁剑, 何军辉. 基于宏块编码信息自适应置换的H.264/AVC视频加密方法 H.264/AVC Video Encryption Based on Adaptive Permutation of Macroblock Coding Information 计算机科学, 2022, 49(1): 314-320. https://doi.org/10.11896/jsjkx.201100089 |
[2] | 姚娟, 邢镔, 曾骏, 文俊浩. 云制造服务组合研究综述 Survey on Cloud Manufacturing Service Composition 计算机科学, 2021, 48(7): 245-255. https://doi.org/10.11896/jsjkx.200800173 |
[3] | 蒋慧敏, 蒋哲远. 企业云服务体系结构的参考模型与开发方法 Reference Model and Development Methodology for Enterprise Cloud Service Architecture 计算机科学, 2021, 48(2): 13-22. https://doi.org/10.11896/jsjkx.200300044 |
[4] | 陆懿帆, 曹芮浩, 王俊丽, 闫春钢. 一种基于微服务的检察业务服务封装方法 Method of Encapsulating Procuratorate Affair Services Based on Microservices 计算机科学, 2021, 48(2): 33-40. https://doi.org/10.11896/jsjkx.191100152 |
[5] | 王勤, 魏立斐, 刘纪海, 张蕾. 基于云服务器辅助的多方隐私交集计算协议 Private Set Intersection Protocols Among Multi-party with Cloud Server Aided 计算机科学, 2021, 48(10): 301-307. https://doi.org/10.11896/jsjkx.210300308 |
[6] | 高子妍, 王勇. 面向云服务的分布式消息系统负载均衡策略 Load Balancing Strategy of Distributed Messaging System for Cloud Services 计算机科学, 2020, 47(6A): 318-324. https://doi.org/10.11896/JsJkx.191100012 |
[7] | 范国栋,祝铭,李静,崔晓柳. 基于FAHP与规划图融合的Web服务组合方法 Web Service Composition by Combining FAHP and Graphplan 计算机科学, 2020, 47(1): 270-275. https://doi.org/10.11896/jsjkx.181102228 |
[8] | 贾志淳, 李想, 于湛麟, 卢元, 邢星. 基于二阶隐马尔科夫模型的云服务QoS满意度预测 QoS Satisfaction Prediction of Cloud Service Based on Second Order Hidden Markov Model 计算机科学, 2019, 46(9): 321-324. https://doi.org/10.11896/j.issn.1002-137X.2019.09.049 |
[9] | 王雪健, 赵国磊, 常朝稳, 王瑞云. 信息流格模型的非法流分析 Illegal Flow Analysis for Lattice Model of Information Flow 计算机科学, 2019, 46(2): 139-144. https://doi.org/10.11896/j.issn.1002-137X.2019.02.022 |
[10] | 鲁城华, 寇纪淞. 求解Web服务组合QoS优化的多属性决策及自适应遗传算法 Multi-attribute Decision Making and Adaptive Genetic Algorithm for Solving QoS Optimization of Web Service Composition 计算机科学, 2019, 46(2): 187-195. https://doi.org/10.11896/j.issn.1002-137X.2019.02.029 |
[11] | 项英倬, 魏强, 游凌. 一种基于通联数据的信息扩散路径推测算法 Information Diffusion Path Inferring Algorithm Based on Communication Data 计算机科学, 2019, 46(10): 116-121. https://doi.org/10.11896/jsjkx.180901759 |
[12] | 周女琪, 周宇. 基于概率模型检测的Web服务组合多目标验证 Multi-objective Verification of Web Service Composition Based on Probabilistic Model Checking 计算机科学, 2018, 45(8): 288-294. https://doi.org/10.11896/j.issn.1002-137X.2018.08.052 |
[13] | 朱浩,陈建平. 软件系统的可信降密述评 Review of Trust Declassification for Software System 计算机科学, 2018, 45(6A): 36-40. |
[14] | 范艳芳. 协作环境下的时空约束强制访问控制模型 Temporal-Spatial-based Mandatory Access Control Model in Collaborative Environment 计算机科学, 2017, 44(8): 107-114. https://doi.org/10.11896/j.issn.1002-137X.2017.08.020 |
[15] | 丁丽丽,李雁冰,张素平,王鹏翔,张庆花. 分支嵌套循环的自动并行化研究 Auto-parallelization Research Based on Branch Nested Loops 计算机科学, 2017, 44(5): 14-19. https://doi.org/10.11896/j.issn.1002-137X.2017.05.003 |
|