The Fifth International Workshop on Trusted Collaboration

Research Article

Information flow control in cloud computing

Download545 downloads
  • @INPROCEEDINGS{10.4108/icst.trustcol.2010.1,
        author={Ruoyu Wu and Gail-Joon Ahn and Hongxin Hu and Mukesh Singhal},
        title={Information flow control in cloud computing},
        proceedings={The Fifth International Workshop on Trusted Collaboration},
        publisher={IEEE},
        proceedings_a={TRUSTCOL},
        year={2011},
        month={5},
        keywords={Authentication Cloud computing Companies Computational modeling Contracts Databases},
        doi={10.4108/icst.trustcol.2010.1}
    }
    
  • Ruoyu Wu
    Gail-Joon Ahn
    Hongxin Hu
    Mukesh Singhal
    Year: 2011
    Information flow control in cloud computing
    TRUSTCOL
    ICST
    DOI: 10.4108/icst.trustcol.2010.1
Ruoyu Wu1,*, Gail-Joon Ahn1,*, Hongxin Hu1,*, Mukesh Singhal2,*
  • 1: Laboratory of Security Engineering for Future Computing (SEFCOM), Arizona State University, Tempe, AZ 85287, USA
  • 2: Department of Computer Science, University of Kentucky, Lexington, KY 40506, USA
*Contact email: ruoyuwu@asu.edu, gahn@asu.edu, hxhu@asu.edu, singhal@cs.uky.edu

Abstract

Cloud computing is an emerging computing paradigm where computing resources are provided as services over Internet while residing in a large data center. Even though it enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm brings forth many new challenges for the data security and access control as users outsource their sensitive data to clouds, which are beyond the same trusted domain as data owners. A fundamental problem is the existence of insecure information flows due to the fact that a service provider can access multiple virtual machines in clouds. Sensitive information may be leaked to unauthorized customers and such critical information flows could raise conflict-of-interest issues in cloud computing. In this paper, we propose an approach to enforce the information flow policies at Infrastructure-as-a-Service (IaaS) layer in a cloud computing environment. Especially, we adopt Chinese Wall policies to address the problems of insecure information flow. We implement a proof-of-concept prototype system based on Eucalyptus open source packages to show the feasibility of our approach. This system facilitates the cloud management modules to resolve the conflict-of-interest issues for service providers in clouds.