Skip to main content
SpringerLink
Log in

Information flow control on encrypted data for service composition among multiple clouds

  • Published:
Distributed and Parallel Databases Aims and scope Submit manuscript

Abstract

Homomorphic encryption allows the direct operations on encrypted data, which provides a promising way to protect outsourcing data in clouds. However, it can not guarantee the end-to-end data security if different cloud services are composed together. Especially for the operations on encrypted data, it may violate the standard noninterference, which can not be solved by traditional information flow control approaches. In order to analyze the information flow with encrypted data, we define a new type of flow called the encryption flow to describe the dependence relationship among different encrypted data objects across multiple services. Based on the new definition on encrypted flow, we propose the secure information flow verification theorem and specify the improved security constraints on each service component. Then a distributed information flow control framework and algorithm are designed for verification on regular and encrypted flow across multiple clouds. Through the experiments, we can obtain that our approach is more appropriate for the verification across multiple clouds and provides a more effective way compared with centralized verification approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Wei, Y., Blake, M.B.: Service-oriented computing and cloud computing: challenges and opportunities. IEEE Internet Comput. 14(6), 72–75 (2010)

    Article  Google Scholar 

  2. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, ser. CCS ’09, ACM, New York, NY, USA, pp. 199–212 (2009). https://doi.org/10.1145/1653662.1653687

  3. Yang, T., Zhang, H., Wang, H., Shahzad, M., Liu, X., Xin, Q., Li, X.: Fid-sketch: an accurate sketch to store frequencies in data streams. World Wide Web J. (2018). https://doi.org/10.1007/s11280-018-0546-5

  4. Gentry, C., et al.: Fully homomorphic encryption using ideal lattices. STOC 9(2009), 169–178 (2009)

    MathSciNet  MATH  Google Scholar 

  5. Brenner, M., Wiebelitz, J., von Voigt, G., Smith, M.: Secret program execution in the cloud applying homomorphic encryption. In: 5th IEEE International Conference on Digital Ecosystems and Technologies (IEEE DEST 2011), pp. 114–119 (2011)

  6. Fiore, D., Gennaro, R., Pastro, V.: Efficiently verifiable computation on encrypted data. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Ser. CCS ’14, ACM, New York, NY, USA, pp. 844–855 (2014). https://doi.org/10.1145/2660267.2660366

  7. Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for web-services. Distrib. Parallel Databases 18(1), 83–105 (2005). https://doi.org/10.1007/s10619-005-1075-7. [Online]

    Article  Google Scholar 

  8. Yang, T., Liu, A.X., Shahzad, M., Zhong, Y., Fu, Q., Li, Z., Xie, G., Li, X.: A shifting bloom filter framework for set queries. Proc. VLDB Endow. 9(5), 408–419 (2016)

    Article  Google Scholar 

  9. Yang, T., Liu, A.X., Shahzad, M., Yang, D., Fu, Q., Xie, G., Li, X.: A shifting framework for set queries. IEEE/ACM Trans. Netw. 25(5), 3116–3131 (2017)

    Article  Google Scholar 

  10. Hutter, D., Volkamer, M.: Information flow control to secure dynamic web service composition. In: SPC, vol. 3934. Springer, Berlin, pp. 196–210 (2006)

  11. She, W., Yen, I.L., Thuraisingham, B., Huang, S.Y.: Rule-based run-time information flow control in service cloud. In: 2011 IEEE International Conference on Web Services, pp. 524–531 (2011)

  12. Xi, N., Ma, J., Sun, C., Shen, Y., Zhang, T.: Distributed information flow verification framework for the composition of service chain in wireless sensor network. Int. J. Distrib. Sens. Netw. 9(5), 693639 (2013)

    Article  Google Scholar 

  13. Nakajima, S.: Model-checking of safety and security aspects in web service flows. In: ICWE, vol. 3140, pp. 488–501. Springer, Berlin (2004)

  14. Rossi, S.: Model checking adaptive multilevel service compositions. In: FACS, pp. 106–124. Springer, Berlin (2010)

  15. Xi, N., Sun, C., Ma, J., Shen, Y.: Secure service composition with information flow control in service clouds. Future Gener. Comput. Syst. 49, 142–148 (2015)

    Article  Google Scholar 

  16. Sabelfeld, A., Sands, D.: Declassification: dimensions and principles. J. Comput. Secur. 17(5), 517–548 (2009)

    Article  Google Scholar 

  17. Laud, P.: Handling encryption in an analysis for secure information flow. In: Degano, P. (ed.) Programming Languages and Systems, pp. 159–173. Springer, Berlin (2003)

    Chapter  Google Scholar 

  18. Hicks, B., King, D., McDaniel, P.: Declassification with cryptographic functions in a security-typed language. Network and Security Center, Department of Computer Science, Pennsylvania State University, Tech. Rep. NAS-TR-0004-2005 (2005)

  19. Askarov, A., Hedin, D., Sabelfeld, A.: Cryptographically-masked flows. In: Yi, K. (ed.) Static Analysis, pp. 353–369. Springer, Berlin (2006)

    Chapter  Google Scholar 

  20. Mitchell, J.C., Sharma, R., Stefan, D., Zimmerman, J.: Information-flow control for programming on encrypted data. In: 2012 IEEE 25th Computer Security Foundations Symposium, pp. 45–60 (2012)

  21. Xi, N., Lu, D., Sun, C., Ma, J., Shen, Y.: Distributed secure service composition with declassification in mobile clouds. Mobile Information Systems, vol. 2017 (2017)

  22. Xi, N., Sun, C., Ma, J., Chen, X., Shen, Y.: Distributed information flow verification for secure service composition in smart sensor network. China Commun. 13(4), 119–130 (2016)

    Article  Google Scholar 

  23. Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  24. Ferrante, J., Ottenstein, K.J., Warren, J.D.: The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst. (TOPLAS) 9(3), 319–349 (1987)

    Article  MATH  Google Scholar 

  25. Snelting, G., Robschink, T., Krinke, J.: Efficient path conditions in dependence graphs for software safety analysis. ACM Trans. Softw. Eng. Methodol. (TOSEM) 15(4), 410–457 (2006)

    Article  Google Scholar 

  26. Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization. RFC Editor (2002)

  27. Henderson, T.R., Lacage, M., Riley, G.F., Dowell, C., Kopena, J.: Network simulations with the ns-3 simulator. SIGCOMM Demonstr. 14(14), 527 (2008)

    Google Scholar 

  28. Yang, T., Xie, G., Li, Y., Fu, Q., Liu, A.X., Li, Q., Mathy, L.: Guarantee ip lookup performance with fib explosion. ACM SIGCOMM Comput. Commun. Rev. 44(4), 39–50 (2014)

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported in part by National Natural Science Foundation of China (61502368, 61602357 and U1405255), the National High Technology Research and Development Program (863 Program) of China (Nos. 2015AA017203, 2015AA016007), Natural Science Basis Research Plan in Shaanxi Province of China (Grant Nos. 2017JM6047 and 2016JM6034), the Fundamental Research Funds for the Central Universities (XJS17077, JBX171507, JB170303), China Postdoctoral Science Foundation Funded Project (2016M592762).

Author information

Authors and Affiliations

  1. School of Cyber Engineering, XIDIAN University, Xi’an, China

    Ning Xi, Jianfeng Ma & Cong Sun

  2. School of Computer Science and Technology, XIDIAN University, Xi’an, China

    Di Lu & Yulong Shen

Authors
  1. Ning Xi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cong Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Di Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yulong Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ning Xi.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xi, N., Ma, J., Sun, C. et al. Information flow control on encrypted data for service composition among multiple clouds. Distrib Parallel Databases 36, 511–527 (2018). https://doi.org/10.1007/s10619-018-7228-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10619-018-7228-2

Keywords

Search

Navigation