Abstract
The usual approach to security for cloud-hosted applications is strong separation. However, it is often the case that the same data is used by different applications, particularly given the increase in data-driven (big data' and IoT) applications. We argue that access control for the cloud should no longer be application-specific but should be data-centric, associated with the data that can ow between applications. Indeed, the data may originate outside cloud services from diverse sources such as medical monitoring, environmental sensing etc. Information Flow Control (IFC) potentially offers data-centric, system-wide data access control. It has been shown that IFC can be provided at operating system level as part of a PaaS offering, with an acceptable overhead. In this paper we consider how IFC can be integrated with application-specific access control, transparently from application developers, while building from simple IFC primitives, access control policies that align with the data management obligations of cloud providers and tenants.
| Original language | English |
|---|---|
| Title of host publication | SACMAT 2016 - Proceedings of the 21st ACM Symposium on Access Control Models and Technologies |
| Publisher | Association for Computing Machinery |
| Pages | 81-88 |
| Number of pages | 8 |
| Volume | 06-08-June-2016 |
| ISBN (Electronic) | 9781450338028 |
| DOIs | |
| Publication status | Published - 6 Jun 2016 |
| Event | 21st ACM Symposium on Access Control Models and Technologies, SACMAT 2016 - Shanghai, China Duration: 6 Jun 2016 → 8 Jun 2016 |
Conference
| Conference | 21st ACM Symposium on Access Control Models and Technologies, SACMAT 2016 |
|---|---|
| Country/Territory | China |
| City | Shanghai |
| Period | 6/06/16 → 8/06/16 |
Keywords
- Cloud Computing
- Data Protection
- Information Flow Control