Computer Science ›› 2015, Vol. 42 ›› Issue (12): 257-262.

Previous Articles     Next Articles

Design and Implementation of Information Flow Control Framework for PaaS

SHAO Jing, CHEN Zuo-ning, YIN Hong-wu and XU Guo-chun   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Decentralized information flow control is an effective method for end-to-end data protection.The existing DIFC methods have some shortages,for example,information flow tracking granularity is too simplex and language runtime environment has to be modified,which cannot satisfy the data security requirements of PaaS platform.An information flow control framework for GAE was proposed.The framework GIFC combines three granularities of objects,message and SQL.In the component,the information interactions of the entities are controlled with the Python library.The entities are those involved in the method calling for objects.Between the components,message proxies filter the messages with the security labels,in order to restrict the messages received by the component.Between the components and datastore,the data models of GAE are extended,supporting the persistent storage of labels in the datastore.The evaluation shows that the combination of multi IFC granularities effectively balances the precision and performance.

Key words: Google app engine,Information flow control,Component,Python,Middleware

[1] 温克勒.云计算安全:架构、战略、标准与运营[M].刘戈舟,等译.北京:机械工业出版社,2013 Winkler V J R.Securing the Cloud:Cloud Computing Security Technologies and Tactics[M].Liu Ge-zhou,et al.Beijing:China Machine Press,2013
[2] Fernandes D A B,Soares L F B,Gomes J V,et al.Security issues in cloud environments:a survey[J].International Journal of Information Security,2014,13(2):113-170
[3] Bacon J,Eyers D,Pasquier T,et al.Information Flow Control for secure cloud computing[J].IEEE Transactions on Network and Service Management,2014,11(1):76-89
[4] Krohn M,Yip A,Brodsky M,et al.Information flow control for standard OS abstractions[C]∥21th ACM SIGOPS Symposium on Operating Systems Principles.New York,ACM,2007:321-334
[5] Pasquier T F J M,Bacon J,Shand B.FlowR:aspect oriented programming for information flow control in ruby[C]∥13th International Conference on Modularity.New York,ACM,2014:37-48
[6] Hosek P,Migliavacca M,Papagiannis I,et al.SafeWeb:A middleware for securing Ruby-based Web applications[C]∥Proceedings of the 12th International Middleware Conference.International Federation for Information Processing.2011:480-499
[7] Migliavacca M,Papagiannis I,Eyers D M,et al.DEFCON:High- Performance Event Processing with Information Security[C]∥USENIX Annual Technical Conference.Boston,MA,2010:88-102
[8] Enck W,Gilbert P,Chun B G,et al.TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones[C]∥OSDI.Berkeley,CA,USA:USENIX Association,2010:255-270
[9] Rodero-Merino L,Vaquero L M,Caron E,et al.Building safe PaaS clouds:A survey on security in multitenant software platforms[J].Computers & Security,2012,31(1):96-108
[10] Pappas V,Kemerlis V P,Zavou A,et al.CloudFence:Data Flow Tracking as a Cloud Service[M]∥Research in Attacks,Intrusions,and Defenses.Springer Berlin Heidelberg,2013:411-431
[11] 刘鹏.云计算[M].北京:电子工业出版社,2011 Liu Peng.Cloud Computing[M].Beijing:Publishing house ofelectronic industry,2011
[12] Bello L,Russo A.Towards a taint mode for cloud computingWeb applications[C]∥7th Workshop on Programming Languages and Analysis for Security.New York,ACM,2012,7:1-7,12
[13] McDonald S.[EB/OL].(2012-11-18)[2014-01-20].http://bitbucket.org/ stephenmcd/cartridge/
[14] Johnson N.[EB/OL].(2010-03-12)[2014-03-25].http://goog-leappengine.blogspot.com/2010/03/app-engine-community-update.html

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!