Computer Science

Computer Science ›› 2019, Vol. 46 ›› Issue (4): 189-196.doi: 10.11896/j.issn.1002-137X.2019.04.030

• Information Security • Previous Articles     Next Articles

Dependency Analysis Based Cloud Composition Service Information Flow Control Mechanism

LIU Ming-cong1,2, WANG Na1,2, ZHOU Ning3   

  1. Information Engineering University,Zhengzhou 450001,China1
    Henan Province Key Laboratory of Information Security,Zhengzhou 450001,China2
    Jiangnan Institute of Computing Technology,Wuxi,Jiangsu 214083,China3
  • Received:2018-03-02 Online:2019-04-15 Published:2019-04-23

PDF (PC)

662

Abstract: Cloud composition service can provide users with richer capabilities,but sensitive information may flow through multiple cloud services in business process,so information flow control must be implemented to prevent information leakage or unauthorized access.Aiming at the security problem of information flow in cloud composite service,this paper proposed a data flow control mechanism based on dependency analysis.The information flow in cloud composite service was analyzed by the dependency between data and the information flow was controlled by using security label.Firstly,a cloud composition service weighted directed graph model with complex combination structure is constructed.Based on the security attributes,the attribute certificate of cloud service,the confidentiality label and integrity label of data are defined,then the input dependencies between services and resource dependencies between services are proposed,and the input dependence and resource dependency computing method based on historical information are given.After that,the output data security label algorithm is given according to the dependency analysis, the compositional information flow policy is defined and the distributed information flow control mechanism is designed,realizing the confidentiality and integrity protection of information flow in cloud composition service under complex compositional structure.At last,an example is giventoanaylze the effectiveness and performance of the mechanism.

Key words: Cloud service, Data dependency, Information flow, Security label, Service composition

CLC Number: 

  • TP309
[1]MENG S M.Trusted Service Composition and Its Key Techno- logies in Cloud Environment[D].Nanjing:Nanjing University,2016.(in Chinese) 孟顺梅.云计算环境下可信服务组合及其关键技术研究[D].南京:南京大学,2016.
[2]JULA A,SUNDARARAJAN E,OTHMAN Z.Cloud computing service composition:A systematic literature review[J].Expert Systems with Applications,2014,41(8):3809-3824.
[3]XI N.A Study on Composable Information Flow Security Model and Approach[D].Xi’an:Xidian University,2014.(in Chinese) 习宁.可组合信息流安全验证模型及方法研究[D].西安:西安电子科技大学,2014.
[4]YU B.Research on Key Security Techniques of Web Service Composition[D].Changsha:National University of Defense Technology,2013.(in Chinese) 喻波.Web服务组合的关键安全技术研究[D].长沙:国防科学技术大学,2013.
[5]WANG Y D,YANG J H,XU C,et al.Survey on access control technologies for cloud computing[J].Journal of Software,2015,26(5):1129-1150.(in Chinese) 王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述[J].软件学报,2015,26(5):1129-1150.
[6]BACON J,EYERS D,PASQUIER J M,et al.Information Flow Control for Secure Cloud Computing[J].IEEE Transactions on Network & Service Management,2014,11(1):76-89.
[7]SHE W,YEN I L,THURAISINGHAM B,et al.Security- Aware Service Composition with Fine-Grained Information Flow Control[J].IEEE Transactions on Services Computing,2013,6(3):330-343.
[8]HUTTER D,VOLKAMER M.Information Flow Control to Secure Dynamic Web Service Composition[J].Lecture Notes in Computer Science,2006,3934:196-210.
[9]SHE W,YEN I L,THURAISINGHAM B,et al.The SCIFC Model for Information Flow Control in Web Service Composition[C]∥IEEE International Conference on Web Services.Los Angeles:IEEE,2009:1-8.
[10]SHE W,YEN I L,THURAISINGHAM B,et al.Rule-based run-time information flow control in service cloud[C]∥2011 IEEE International Conference on Web Services (ICWS).Wa-shington,DC:IEEE,2011:524-531.
[11]YU B,YANG L,CHEN S,et al.An information flow control approach in composite services[C]∥In IET International Conference on Information and Communications Technologies.Beijing:IET,2013:263-269.
[12]XI N,SUN C,MA J,et al.Secure service composition with information flow control in service clouds[J].Future Generation Computer Systems,2015,49(C):142-148.
[13]SOLANKI N,HOFFMAN T,YEN I L,et al.An Access and Information Flow Control Paradigm for Secure Information Sharing in Service-Based Systems[C]∥2015 IEEE 39th Annual Computer Software and Applications Conference (COMPSAC).Taichung:IEEE,2015:60-67.
[14]PASQUIER T,BACON J,SINGH J,et al.Data-Centric Access Control for Cloud Computing[C]∥Symposium on Access Control Models and Technologies.Shanghai:ACM,2016:81-88.
[15]WANG L,LI F,LI L,et al.Principle and Practice of Taint Analysis[J].Journal of Software,2017,28(4):860-882.(in Chinese) 王蕾,李丰,李炼,等.污点分析技术的原理和实践应用[J].软件学报,2017,28(4):860-882.
[1] LIANG Jian, HE Jun-hui. H.264/AVC Video Encryption Based on Adaptive Permutation of Macroblock Coding Information [J]. Computer Science, 2022, 49(1): 314-320.
[2] YAO Juan, XING Bin, ZENG Jun, WEN Jun-hao. Survey on Cloud Manufacturing Service Composition [J]. Computer Science, 2021, 48(7): 245-255.
[3] JIANG Hui-min, JIANG Zhe-yuan. Reference Model and Development Methodology for Enterprise Cloud Service Architecture [J]. Computer Science, 2021, 48(2): 13-22.
[4] LU Yi-fan, CAO Rui-hao, WANG Jun-li, YAN Chun-gang. Method of Encapsulating Procuratorate Affair Services Based on Microservices [J]. Computer Science, 2021, 48(2): 33-40.
[5] GAO Zi-yan and WANG Yong. Load Balancing Strategy of Distributed Messaging System for Cloud Services [J]. Computer Science, 2020, 47(6A): 318-324.
[6] FAN Guo-dong,ZHU Ming,LI Jing,CUI Xiao-liu. Web Service Composition by Combining FAHP and Graphplan [J]. Computer Science, 2020, 47(1): 270-275.
[7] JIA Zhi-chun, LI Xiang, YU Zhan-lin, LU Yuan, XING Xing. QoS Satisfaction Prediction of Cloud Service Based on Second Order Hidden Markov Model [J]. Computer Science, 2019, 46(9): 321-324.
[8] WANG Xue-jian, ZHAO Guo-lei, CHANG Chao-wen, WANG Rui-yun. Illegal Flow Analysis for Lattice Model of Information Flow [J]. Computer Science, 2019, 46(2): 139-144.
[9] LU Cheng-hua, KOU Ji-song. Multi-attribute Decision Making and Adaptive Genetic Algorithm for Solving QoS Optimization of Web Service Composition [J]. Computer Science, 2019, 46(2): 187-195.
[10] XIANG Ying-zhuo, WEI Qiang, YOU Ling. Information Diffusion Path Inferring Algorithm Based on Communication Data [J]. Computer Science, 2019, 46(10): 116-121.
[11] ZHOU Nv-qi, ZHOU Yu. Multi-objective Verification of Web Service Composition Based on Probabilistic Model Checking [J]. Computer Science, 2018, 45(8): 288-294.
[12] ZHU Hao,CHEN Jian-ping. Review of Trust Declassification for Software System [J]. Computer Science, 2018, 45(6A): 36-40.
[13] FAN Yan-fang. Temporal-Spatial-based Mandatory Access Control Model in Collaborative Environment [J]. Computer Science, 2017, 44(8): 107-114.
[14] YANG Lu and YE Xiao-jun. Key Management Issues and Challenges in Cloud [J]. Computer Science, 2017, 44(3): 3-9.
[15] DU Yuan-zhi, DU Xue-hui and YANG Zhi. Mixed Flow Policy Based On-demand Distributed Cloud Information Flow Control Model [J]. Computer Science, 2017, 44(10): 150-158.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.