Abstract
With the rapid increase in uptake of cloud services, issues of data management are becoming increasingly prominent. There is a clear, outstanding need for the ability for specified policy to control and track data as it flows throughout cloud infrastructure, to ensure that those responsible for data are meeting their obligations. This paper introduces Information Flow Audit, an approach for tracking information flows within cloud infrastructure. This builds upon CamFlow (Cambridge Flow Control Architecture), a prototype implementation of our model for data-centric security in PaaS clouds. CamFlow enforces Information Flow Control policy both intra-machine at the kernel-level, and inter-machine, on message exchange. Here we demonstrate how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools. This allows detailed understanding of the overall system. Combining a continuously enforced data-centric security mechanism with meaningful audit empowers tenants and providers to both meet and demonstrate compliance with their data management obligations.
Original language | English |
---|---|
Title of host publication | Proceedings - 2016 IEEE International Conference on Cloud Engineering, IC2E 2016 |
Subtitle of host publication | Co-located with the 1st IEEE International Conference on Internet-of-Things Design and Implementation, IoTDI 2016 |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 42-51 |
Number of pages | 10 |
ISBN (Electronic) | 9781509019618 |
DOIs | |
Publication status | Published - 1 Jun 2016 |
Event | 4th IEEE Annual International Conference on Cloud Engineering, IC2E 2016 - Berlin, Germany Duration: 4 Apr 2016 → 8 Apr 2016 |
Conference
Conference | 4th IEEE Annual International Conference on Cloud Engineering, IC2E 2016 |
---|---|
Country/Territory | Germany |
City | Berlin |
Period | 4/04/16 → 8/04/16 |
Keywords
- Cloud
- Information Flow Audit
- Information Flow Control
- Privacy
- Provenance
- Security