Abstract
When users upload their private data to the cloud, they lose control of the data stored in the cloud server. If the cloud system cannot provide an effective security mechanism to protect the data, the consequent data leakage issue will hinder the development of cloud computing. Conventional access control and encryption technologies cannot effectively control the propagation of tenant private data in the system. The mandatory one-way information flow control model is limited by the complexity of the cloud environment, and it is difficult to effectively protect private data stored in the cloud. To solve the above problems, this article proposes a tenant-led ciphertext information flow control method for cloud virtual machines. Through the design of a decentralized information flow control security policy, a secret-domain key management scheme, and a multi-ID-based threshold encryption scheme, the information flow control strategies of taint infection, secret-level reduction, and ability propagation are realized in a ciphertext form, which can effectively prevent malicious users inside and outside the system from illegally reading private data. The feasibility of this method is verified by a security proof and an experiment.
Highlights
With the widespread adoption of cloud computing, cloud security has emerged as a critical issue
To provide a comprehensive protection for the private data stored in a cloud environment, we developed a decentralized ciphertext information flow control scheme for cloud virtual machines
A decentralized information flow control mechanism with tenant-led data access control policies was implemented between the cloud virtual machines, and the private data stored in the cloud storage server were encrypted on the basis of the information flow control policy to prevent the system from controlling the reading of private data by illegal entities inside and outside the system
Summary
With the widespread adoption of cloud computing, cloud security has emerged as a critical issue. To the best of our knowledge, there is no existing scheme that uses encryption technology to implement a dynamic strategy for information flow control to provide a comprehensive protection for cloud private data. SYSTEM DESIGN The core design idea of the ciphertext information flow control system is to implement a decentralized information flow control security strategy through a secret-domain key management mechanism and multi-ID-based threshold encryption scheme to ensure information flow between tenants in a cloud environment, and the private data stored in the cloud storage server are protected in accordance with the tenants. The file uploaded to a cloud server is not in control of a user’s virtual machine, so the file must be encrypted on the basis of the information flow strategy designed in this scheme The tenant with this file’s security label can decrypt independently using the secret-domain key corresponding to this file’s security label. Combined with the explicit change in the subject security label, the security information flow conditions are more flexible, and a flexible tenant-led information flow control can be realized
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.