Abstract
Security engineering must be integrated with all stages of application specification and development to be effective. Doing this properly is increasingly critical as organisations rush to offload their software services to cloud providers. Service-level agreements (SLAs) with these providers currently focus on performance-oriented parameters, which runs the risk of exacerbating an impedance mismatch with the security middleware. Not only do we want cloud providers to isolate each of their clients from others, we also want to have means to isolate components and users within each client’s application.
We propose a principled approach to designing and deploying end-to-end secure, distributed software by means of thorough, relentless tagging of the security meaning of data, analogous to what is already done for data types. The aim is to guarantee that—above a small trusted code base—data cannot be leaked by buggy or malicious software components. This is crucial for cloud infrastructures, in which the stored data and hosted services all have different owners whose interests are not aligned (and may even be in competition). We have developed data tagging schemes and enforcement techniques that can help form the aforementioned trusted code base. Our big idea—cloud-hosted services that have end-to-end information flow control—preempts worries about security and privacy violations retarding the evolution of large-scale cloud computing.
Chapter PDF
Similar content being viewed by others
Keywords
References
Dierks, T., Allen, C.: The TLS protocol version 1.0. RFC 2246 (January 1999)
Smith, A.: Open source, open standards and re-use: Government action plan (2009), http://www.cabinetoffice.gov.uk/media/318020/open_source.pdf
Pietzuch, P., Eyers, D., Kounev, S., Shand, B.: Towards a Common API for Publish/Subscribe. In: Proceedings of the Inaugural Conference on Distributed Event-Based Systems (DEBS 2007), pp. 152–157. ACM Press, New York (June 2007) (short paper)
Bell, D.E., La Padula, L.J.: Secure computer systems: Mathematical foundations and model. Technical Report M74-244, The MITRE Corp., Bedford MA (May 1973)
Myers, A., Liskov, B.: Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)
Department of Defense: Trusted computer system evaluation criteria, orange book (1983)
Krohn, M., Yip, A., Brodsky, M., et al.: Information flow control for standard OS abstractions. In: SOSP 2007, pp. 321–334. ACM, New York (2007)
Migliavacca, M., Papagiannis, I., Eyers, D., Shand, B., Bacon, J., Pietzuch, P.: High-performance event processing with information security. In: USENIX Annual Technical Conference, Boston, MA, USA, pp. 1–15 (2010)
NHS Connecting For Health: RBAC Statement of Principles, NPfIT Access Control (Registration) Programme (July 2006)
American National Standard for Information Technology: Role-based access control. ANSI INCITS 359-2004 (2004)
Bacon, J., Moody, K., Yao, W.: A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security (TISSEC) 5(4), 492–540 (2002)
OASIS eXtensible Access Control Markup Language (XACML) Technical Committee: eXtensible Access Control Markup Language (XACML) v2.0 (2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Singh, J., Vargas, L., Bacon, J.: A model for controlling data flow in distributed healthcare environments. In: Proceedings of Pervasive Health 2008: 2nd International Conference on Pervasive Computing Technologies for Healthcare, Tampere, Finland, vol. 30, pp. 188–191 (2008)
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: RFC 4120: The Kerberos network authentication service (V5). Technical report, USC-ISI and MIT (2005)
Chadwick, D., Zhao, G., Otenko, S., Laborde, R., Su, L., Nguyen, T.A.: PERMIS: a modular authorization infrastructure. Concurrency and Computation: Practice and Experience 20(11), 1341–1357 (2008)
OASIS Security Services TC: Security assertion markup language (SAML) V2.0 technical overview. Committee Draft 02 (March 2008)
OpenID Foundation: OpenID authentication 2.0 (December 2007)
Hammer-Lahav, E.: RFC 5849: The OAuth 1.0 protocol. Technical report, Internet Engineering Task Force (April 2010)
Singh, J., Eyers, D.M., Bacon, J.: Controlling historical information dissemination in publish/subscribe. In: MidSec 2008: Proceedings of the 2008 Workshop on Middleware Security, pp. 34–39. ACM, New York (2008)
Amazon: Amazon Simple Storage Service developer guide (API version 2006-03-01), http://docs.amazonwebservices.com/AmazonS3/latest/dev/ (retrieved August 25, 2010)
Google: App Engine Java overview, http://code.google.com/appengine/docs/java/overview.html (retrieved August 25, 2010)
Migliavacca, M., Papagiannis, I., Eyers, D.M., Shand, B., Bacon, J., Pietzuch, P.: Distributed middleware enforcement of event flow security policy. In: Gupta, J., Mascolo, C. (eds.) Middleware 2010. LNCS, vol. 6452, pp. 334–354. Springer, Heidelberg (2010)
Bacon, J., Eyers, D.M., Singh, J., Shand, B., Migliavacca, M., Pietzuch, P.: Security in multi-domain event-based systems. it - Information Technology 51(5), 277–284 (2009), doi:10.1524/itit.2009.0552
Duhigg, C.: Stock traders find speed pays, in milliseconds. The New York Times (2009)
London Stock Exchange: Exchange hosting, http://www.londonstockexchange.com/traders-and-brokers/products-services/connectivity/hosting/hosting.htm (retrieved May 23, 2010)
Papagiannis, I., Migliavacca, M., Eyers, D.M., Shand, B., Bacon, J., Pietzuch, P.: Enforcing user privacy in web applications using Erlang. In: Web 2.0 Security and Privacy (W2SP), Oakland, CA, USA (May 2010)
Evans, D., Eyers, D.M.: Efficient policy checking across administrative domains. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks, Fairfax, VA, USA (July 2010)
Evans, D., Eyers, D.M., Bacon, J.: Linking policies to the spatial environment. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks, Fairfax, VA, USA (July 2010)
Meyer, J.J., Wieringa, R.J.: Deontic Logic in Computer Science. John Wiley & Sons Ltd., Chichester (1993)
Evans, D., Eyers, D.M.: Deontic logic for modelling data flow and use compliance. In: MPAC 2008: Proceedings of the 6th international workshop on middleware for pervasive and ad-hoc computing, pp. 19–24. ACM, New York (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bacon, J., Evans, D., Eyers, D.M., Migliavacca, M., Pietzuch, P., Shand, B. (2010). Enforcing End-to-End Application Security in the Cloud. In: Gupta, I., Mascolo, C. (eds) Middleware 2010. Middleware 2010. Lecture Notes in Computer Science, vol 6452. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16955-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-16955-7_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16954-0
Online ISBN: 978-3-642-16955-7
eBook Packages: Computer ScienceComputer Science (R0)