Advertisement

A Cloud Computing Security Model Based on Noninterference

  • Congdong LüEmail author
  • Gang Qian
  • Tao Chen
Computer Science
  • 19 Downloads

Abstract

In cloud computing, the risk of data leakage exists between users and virtual machines. Whether it is direct or indirect data leakage, it can be regarded as illegal information flow. Methods such as access control models can control the information flow rather than the covert information flow. Therefore, it needs to use the noninterference models to detect the existence of illegal information flow in cloud computing. Typical noninterference models are not suitable to verificate information flow in cloud computing. When concurrent access actions execute in the cloud architecture, security domains do not affect each other, because there is no information flow between security domains. Based on this, we propose noninterference for cloud architecture in which concurrent access and sequential access coexist. When the sequential actions execute, the information flow between security domains can flow in accordance with established rules. When concurrent access actions execute, there should not be the information flow between security domains.

Key words

cloud computing security information flow security noninterference noninterference models 

CLC number

TP 305 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    Chen H, Wu N M, Shao Z, et al. Toward compositional verification of interruptible OS kernels and device drivers [J]. Programming Language Design and Implementation, 2016, 51(6): 431–447.Google Scholar
  2. [2]
    Seshadri A, Luk M, Qu N, et al. Sec Visor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes [J]. ACM SIGOPS Operating Systems Review, 2007, 41(6): 335–350.CrossRefGoogle Scholar
  3. [3]
    Dai Y H, Shi Y, Qi Y, et al. Design and verification of a lightweight reliable virtual machine monitor for a many-core architecture [J]. Frontiers of Computer Science, 2013, 7(1): 34–43.CrossRefGoogle Scholar
  4. [4]
    Li D C, Liu C, Wei Q, et al. RBAC-based access control for SaaS systems [C]//2010 2nd International Conference on Information Engineering and Computer Science (ICIECS). Washington D C: IEEE, 2010: 1–4.Google Scholar
  5. [5]
    Rizvi S, Mitchell J. A semi-distributed access control management scheme for securing cloud environment [C]// International Conference on Cloud Computing. Piscataway: IEEE, 2015: 501–507.Google Scholar
  6. [6]
    Xue J, Zhang J J. A brief survey on the security model of cloud computing [C]//2010 Ninth International Symposium on Distributed Computing and Applications to Business, Engineering and Science. Piscataway: IEEE, 2010: 475–478.Google Scholar
  7. [7]
    Zhang F, Zhang C, Chen W, et al. Noninterference analysis of trust of behavior in cloud computing system [J]. Journal of Computer, 2017, 40(9): 1–15(Ch).Google Scholar
  8. [8]
    West R, Li Y, Missimer E S, et al. A virtualized separation kernel for mixed-criticality systems [J]. ACM Transactions on Computer Systems, 2016, 34(3): 15–30.CrossRefGoogle Scholar
  9. [9]
    Zeng W, Koutny M, Watson P, et al. Formal verification of secure information flow in cloud computing [C] // Workshop on Information Security Applications. Piscataway: IEEE, 2016: 103–116.Google Scholar
  10. [10]
    Srivastava H, Kumar S A. Control framework for secure cloud computing [J]. Journal of Information Security, 2015, 6(1): 12–23.CrossRefGoogle Scholar
  11. [11]
    Bezemer C P, Zaidman A. Multi-tenant SaaS applications: Maintenance dream or nightmare? [C]// Proceedings of the Joint ERCIM Workshop on Software Evolution (EVOL) and International Workshop on Principles of Software Evolution (IWPSE). Piscataway: IEEE, 2010: 88–92.CrossRefGoogle Scholar
  12. [12]
    Xu Y, Bailey M, Jahanian, et al. An exploration of L2 cache covert channels in virtualized environments[C] // Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop. Piscataway: IEEE, 2011: 29–40.Google Scholar
  13. [13]
    Wang Z, Sun K, Jajodia S, et al. Disk storage isolation and verification in cloud[C]// Global Communications Conference (GLOBECOM). Piscataway: IEEE, 2012: 771–776.Google Scholar
  14. [14]
    Li Y, West R, Missimer E. A virtualized separation kernel for mixed criticality systems [C] //Proceedings of the 10th ACM SIGPIAN/SIGOPS International Conference on Virtual Execution Environments. New York: ACM, 2014: 201–212.Google Scholar
  15. [15]
    Ristenpart T, Tromer E, Shacham H, et al. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security. New York: ACM, 2009: 199–212.Google Scholar
  16. [16]
    Okamura K, Oyama Y. Load-based covert channels between Xen virtual machines[C]//Proceedings of the 2010 ACM Symposium on Applied Computing. New York: ACM, 2010: 173–180.Google Scholar
  17. [17]
    Rushby J M. Proof of separability: A verification technique for a class of security kernels [C]// International Symposium on Programming. Heidelberg: Springer-Verlag, 1982: 352–367.Google Scholar
  18. [18]
    Xu X L, Liu G P, Zhu J. Cloud data security and integrity protection model based on distributed virtual machine agents [C]// International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery. Piscataway: IEEE, 2017:6–13.Google Scholar
  19. [19]
    Reuben J S. A survey on virtual machine security [J]. Helsinki University of Technology, 2007, 10(2): 20–36.Google Scholar
  20. [20]
    Pearce M, Zeadally S, Hunt R. Virtualization: Issues, security threats, and solutions [J]. ACM Computing Surveys (CSUR), 2013, 45(2): 1–17.CrossRefGoogle Scholar
  21. [21]
    McCullough D. Specifications for multi-level security and a hook-up property [C]// IEEE Symposium on Security and Privacy. Washington D C: IEEE, 1987: 161–166.Google Scholar
  22. [22]
    Goguen J A, Meseguer J. Unwinding and inference control [C] //1984 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 1984: 75–81.CrossRefGoogle Scholar
  23. [23]
    Georget L, Jaume M, Piolle G. Verifying the reliability of operating system-level information flow control systems in linux [C]// International FME Workshop on Formal Methods in Software Engineering. Piscataway: IEEE, 2017:10–16.Google Scholar
  24. [24]
    Meyden R V D, Zhang C Y. A comparison of semantic models for noninterference [J]. Theoretical Computer Science, 2010, 411(47): 4123–4147.CrossRefGoogle Scholar

Copyright information

© Wuhan University and Springer-Verlag GmbH Germany 2019

Authors and Affiliations

  1. 1.School of Information EngineeringNanjing Audit UniversityNanjing, JiangsuChina
  2. 2.People’s Court Judicial Big Data Research BaseSoutheast UniversityNanjing, JiangsuChina

Personalised recommendations