Abstract
Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions and although a wealth of law and regulation has emerged, the technical basis for enforcing and demonstrating compliance lags behind. Our Cloud Safety Net project aims to show that Information Flow Control (IFC) can augment existing security mechanisms and provide continuous enforcement of extended. Finer-grained application-level security policy in the cloud. We present FlowK, a loadable kernel module for Linux, as part of a proof of concept that IFC can be provided for cloud computing. Following the principle of policy-mechanism separation, IFC policy is assumed to be expressed at application level and FlowK provides mechanisms to enforce IFC policy at runtime. FlowK's design minimises the changes required to existing software when IFC is provided. To show how FlowK can be integrated with cloud software we have designed and evaluated a framework for deploying IFC-aware web applications, suitable for use in a PaaS cloud.
| Original language | English |
|---|---|
| Article number | 7037650 |
| Pages (from-to) | 70-77 |
| Number of pages | 8 |
| Journal | Proceedings of the International Conference on Cloud Computing Technology and Science, CloudCom |
| Volume | 2015-February |
| Issue number | February |
| DOIs | |
| Publication status | Published - 1 Jan 2015 |
| Event | 2014 6th IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2014 - Singapore, Singapore Duration: 15 Dec 2014 → 18 Dec 2014 |
Keywords
- IFC
- Integrity
- Kernel module
- Security