Computer Science ›› 2017, Vol. 44 ›› Issue (10): 150-158.doi: 10.11896/j.issn.1002-137X.2017.10.029

Previous Articles     Next Articles

Mixed Flow Policy Based On-demand Distributed Cloud Information Flow Control Model

DU Yuan-zhi, DU Xue-hui and YANG Zhi   

  • Online:2018-12-01 Published:2018-12-01

Abstract: In order to protect the security of user information in virtual machine on the cloud platform,this paper proposed a mixed flow control based on-demand distributed information flow control model (MDIFC).This model deve-lopes from DIFC,and the taint propagation is introduced to track the sensitive data so that the system can enforce the strategy and the user data can be protected better.In order to improve the flexibility of the model,considering the initiative of virtual domains,the concept of on-demand controlled and output classification were proposed.The model can reduce the workload result from taint propagation at the same time.This paper introduced its specification using π calculus and proved the security property of noninterference of MDIFC system with PicNic tool.Finally,this paper used an example to demonstrate of MDIFC.

Key words: Cloud computing,Information flow control,On-demand taint propagation,Chinese wall policy,π calculus

[1] FENG D G,ZHANG M,ZHANG Y,et al.Study on Cloud Computing Security[J].Journal of Software,2011,22(1):71-83.(in Chinese) 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83.
[2] MYERS A C,LISKOV B.A decentralized model for information flow control[J].Acm Sigops Operating Systems Review,1997,31(5):129-142.
[3] TUPAKULA U,VARADHARAJAN V.Trust Enhanced Security for Tenant Transactions in the Cloud Environment[J].Computer Journal,2014,58(10):2388-2403.
[4] ZHANG H F,ZUO X D,LIU G.An Information Flow Security Control Method Based on Virtualization Technology[C]∥Information Security & Technology.China Center of Information Industry Development.Beijing,2013:46-49.(in Chinese) 张怀方,左晓栋,刘刚.基于虚拟化技术的信息流控制方法[C]∥2013中国信息安全技术大会(CISTC 2013).暨工业控制系统安全发展高峰论坛论文集.北京:中国电子信息产业发展研究院,2013:46-49.
[5] PASQUIER J M,BACON J,EYERS D.FlowK:InformationFlow Control for the Cloud[C]∥International Conference on Cloud Computing Technology and Science,2014.2014:70-77.
[6] PASQUIER J M,BACON J,SHAND B.FlowR:Aspect orien-ted programming for information flow control in ruby[C]∥ ACM International Conference on Modularity.2014:37-48.
[7] BACON J,EYERS D,PASQUIER J M,et al.InformationFlow Control for Secure Cloud Computing[J].IEEE Transactions on Network & Service Management,2014,11(1):76-89.
[8] BREWER D F C,NASH M J.The Chinese Wall S ecurity Policy [C]∥IEEE Symposium on Security and Privacy,1989.IEEE,1989:206-214.
[9] LIN T Y.Chinese wall security policy-an aggressive model[C]∥Computer Security Applications Conference.1990:282-289.
[10] GUPTA V.Chinese Wall Security Policy[D].San Jose:San Jose State University.2009.
[11] KATSUNO Y,WATANABE Y,FURUICHI S,et al.Chinese-wall process confinement for practical distributed coalitions[C]∥ACM Symposium on Access Control MODELS and Technologies,Sophia Antipolis(SACMAT 2007).France,2007:225-234.
[12] JAEGER T,SAILER R,SREENIVASAN Y.Managing the risk of covert information flows in virtual machine systems[C]∥ACM Symposium on Access Control MODELS and Technologies,Sophia Antipolis(SACMAT 2007).France,2007:81-90.
[13] CHENG G,JIN H,ZOU D Q,et al.Chinese wall model based on dynamic alliance[J].Journal on Communications,2009,30(11):93-100.(in Chinese) 程戈,金海,邹德清,等.基于动态联盟关系的中国墙模型研究[J].通信学报,2009,30(11):93-100.
[14] JIANG L,HE R Y,WEI Y F.Chinese Wall Model Based on Dynamic Divided-set[J].Computer Science,2015,42(1):159-163.(in Chinese) 姜路,鹤荣育,魏彦芬.基于动态分集的中国墙模型研究[J].计算机科学,2015,42(1):159-163.
[15] YANG Z,YIN L H,DUAN M Y,et al.Generalized Taint Propa-gation Model for Access Control in Operation Systems[J].Journal of Software,2012,3(6):1602-1619.(in Chinese) 杨智,殷丽华,段洣毅,等.基于广义污点传播模型的操作系统访问控制[J].软件学报,2012,23(6):1602-1619.
[16] MILNER R,PARROW J,WALKER D.A calculus of mobile processes,II[J].Information and Computation,1992,100(1):41-77.
[17] MILNER R,PARROW J,WALKER D.Modal logics for mobile processes[J].Theoretical Computer Science,1993,114(1):149-171.
[18] MILNER R.Communicating and mobile systems:the π-calculus[M].Cambridge University Press,1999.
[19] MILNER R.Lectures on a calculus for communicating systems:Seminar on Concurrency[M].Springer Berlin Heidelberg.1985:197-220.
[20] CRAFA S,MIO M,MICULAN M,et al.PicNIc-Pi-calculus non-interference checker[C]∥ International Conference on Application of Concurrency to System Design.2008:33-38.
[21] CRAFA S,ROSSI S.P-congruences as non-interference for the pi-calculus[C]∥ACM Workshop on Formal Methods in Security Engineering(Fmse 2006).Alexandria,Va,USA,2006:13-22.
[22] PASQUIER T F J M,BACON J,EYERS D.FlowK:Information Flow Control for the Cloud[C]∥ International Conference on Cloud Computing Technology and Science.2014:70-77.
[23] Biba K J.Integrity Considerations for Secure Computer System.http://www.cerias.purdue.edu/apps/reports-and-papers/view/2834.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75, 88 .
[2] XIA Qing-xun and ZHUANG Yi. Remote Attestation Mechanism Based on Locality Principle[J]. Computer Science, 2018, 45(4): 148 -151, 162 .
[3] LI Bai-shen, LI Ling-zhi, SUN Yong and ZHU Yan-qin. Intranet Defense Algorithm Based on Pseudo Boosting Decision Tree[J]. Computer Science, 2018, 45(4): 157 -162 .
[4] WANG Huan, ZHANG Yun-feng and ZHANG Yan. Rapid Decision Method for Repairing Sequence Based on CFDs[J]. Computer Science, 2018, 45(3): 311 -316 .
[5] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[6] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[7] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[8] LIU Qin. Study on Data Quality Based on Constraint in Computer Forensics[J]. Computer Science, 2018, 45(4): 169 -172 .
[9] ZHONG Fei and YANG Bin. License Plate Detection Based on Principal Component Analysis Network[J]. Computer Science, 2018, 45(3): 268 -273 .
[10] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99, 116 .