Abstract
In the cloud environment, owing to the large-scale sharing of the upper application instance and the underlying virtual machine resources, the tenants' information flow boundary in the shared virtual machine is fuzzy and difficult to identify. In addition, protection of tenant information flow between processes is inadequate, resulting in the leakage of sensitive information of tenants. Therefore, a dynamic control method for tenants' sensitive information flow based on virtual boundary recognition is proposed. By analyzing the behavior and operation log of tenants, the behavior feature vectors of tenants are constructed, and an automatic recognition algorithm of tenant virtual boundary based on the dynamic spiking neural network is designed. This algorithm can realize dynamic identification of the tenant virtual security boundary when the application service demand changes dynamically. Further, combined with the concept of centralized and decentralized information flow control, a dynamic control method of sensitive information flow is established. The security label is formally defined by using the lattice structure, and the control rules of tenants' information flow and the rules of tenant label encryption-declassification are designed. Thus, the independent, dynamic and secure control of tenants' information flow inside and outside the tenant virtual boundary. Finally, the detailed design of a dynamic security control application system for cloud tenants' sensitive information flow is provided. Experiments confirm that the proposed algorithm can identify the security boundary of tenants more accurately and efficiently than the traditional spiking neural network classification methods. Further, the security and effectiveness of the method is verified by the intransitive noninterference theory and the experiment of information flow control.
Highlights
Cloud computing is a major innovation of the information technology service mode, realizing multi-tenant sharing and distribution on demand [1]
Given the cloud platform characteristics and the existing security problems, this paper summarizes the following security requirements of cloud tenants: 1. The dynamic upperlevel tenants’ application behavior, the sharing of physical instance resources, and the decentralized distribution of virtual machines require that the virtual security boundary of the tenants under the software definition can be identified accurately; 2
Based on the effective identification of the tenant virtual boundary and the dynamic control method of tenant information flow, we provide a detailed design of the dynamic security control application system of cloud tenants’ sensitive information flow
Summary
Cloud computing is a major innovation of the information technology service mode, realizing multi-tenant sharing and distribution on demand [1]. Based on an improved dynamic spiking neural network learning algorithm to train and learn sample data, we perform automatic identification of the tenant operation process in a shared virtual machine instance, which establishes the virtual security boundary between tenants. 3) ALGORITHM FLOW DESIGN The process of the tenant virtual security boundary recognition algorithm, as shown, includes network initialization, eigenvector processing and input, information coding (Gaussian group coding), dynamic spiking neural network learning, and tenant boundary review and confirmation. Due to the large scale of sharing of virtual machine resources among different tenant applications in the upper layer and the weakening of tenants’ control over their own data, there is a possibility of illegal flow of information between processes inside and outside the tenant virtual boundary. The control strategy of information flow among cloud tenants is jointly formulated by participating tenants, and cloud tenants can only formulate their own information flow or data sharing security strategy with other cloud tenants for achieving distributed dynamic control of information flow among tenants
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
