FlowK: Information flow control for the cloud

Thomas F.J.M. Pasquier, Jean Bacon, David Eyers

Research output: Contribution to journalConference articlepeer-review

Abstract

Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions and although a wealth of law and regulation has emerged, the technical basis for enforcing and demonstrating compliance lags behind. Our Cloud Safety Net project aims to show that Information Flow Control (IFC) can augment existing security mechanisms and provide continuous enforcement of extended. Finer-grained application-level security policy in the cloud. We present FlowK, a loadable kernel module for Linux, as part of a proof of concept that IFC can be provided for cloud computing. Following the principle of policy-mechanism separation, IFC policy is assumed to be expressed at application level and FlowK provides mechanisms to enforce IFC policy at runtime. FlowK's design minimises the changes required to existing software when IFC is provided. To show how FlowK can be integrated with cloud software we have designed and evaluated a framework for deploying IFC-aware web applications, suitable for use in a PaaS cloud.

Original languageEnglish
Article number7037650
Pages (from-to)70-77
Number of pages8
JournalProceedings of the International Conference on Cloud Computing Technology and Science, CloudCom
Volume2015-February
Issue numberFebruary
DOIs
Publication statusPublished - 1 Jan 2015
Event2014 6th IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2014 - Singapore, Singapore
Duration: 15 Dec 201418 Dec 2014

Keywords

  • IFC
  • Integrity
  • Kernel module
  • Security

Fingerprint Dive into the research topics of 'FlowK: Information flow control for the cloud'. Together they form a unique fingerprint.

Cite this