Abstract

A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government provides many related services for its citizens on a common platform. Similar considerations apply to the end-users of applications. But in particular, the incorporation of cloud services within `Internet of Things' architectures is driving the requirements for both protection and cross-application data sharing. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. [...]

Highlights

  • AND MOTIVATIONA MODEL of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications infrastructure—datacenters with worldwide replication to achieve high data integrity and availability at low latency

  • We argue that incorporating Information Flow Control (IFC) into the underlying PaaS-provided operating system (OS), as a small, trusted computing base would greatly enhance the trustworthiness of cloud services, whether public or private, and all their hosted services/applications

  • Our evaluation shows that IFC would incur acceptable overhead and our IFC model is designed to ensure that application developers need not be aware of IFC, some application providers may wish to take explicit advantage of IFC

Read more

Summary

INTRODUCTION

A MODEL of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications infrastructure—datacenters with worldwide replication to achieve high data integrity and availability at low latency. Decryption is only allowed by parties accepting the management constraints and able to enforce them This forms the basis for establishing contractual relationships between data owners and service providers or other applications. Log records can be made efficiently of all attempted flows, whether permitted or rejected, and this log provides a possible basis for audit, data provenance and compliance checking By this means it can be checked whether application level policy has been enforced and whether cloud service provision has complied with contractual obligations. Our approach enables: (1) protection of applications from each other (non-interference); (2) flexible, managed data sharing across isolation boundaries; (3) prevention of data leakage due to bugs/misconfigurations; (4) extension of access control beyond application boundaries; (5) increased transparency, through detailed logs of information flow decisions. Evaluation is included within the section. §8 summarises, concludes and suggests future work

BACKGROUND
IFC Models
Protection via VMs and Containers
Sticky Policies
CAMFLOW-MODEL
Tags and Labels
Decentralised Privileges and Security Contexts
Creating a New Entity
Security
Information Exchange
Label Change
Conflict of Interest
OS ENFORCEMENT
CamFlow-LSM
Checkpointing and Restoration
OS Evaluation
Trusted Processes
Leveraging Hardware Roots of Trust
CROSS-MACHINE ENFORCEMENT
Remote Interactions
Message-Level Enforcement
Evaluation
AUDIT: DATA-CENTRIC LOGS
Demonstrating Compliance
Audit as ‘Big Data’
Audit Access
EXAMPLE
CONCLUSION & FUTURE WORK

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.