Information flow audit for PaaS clouds

Thomas F.J.M. Pasquier*, Jatinder Singh, Jean Bacon, David Eyers

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

23 Citations (Scopus)

Abstract

With the rapid increase in uptake of cloud services, issues of data management are becoming increasingly prominent. There is a clear, outstanding need for the ability for specified policy to control and track data as it flows throughout cloud infrastructure, to ensure that those responsible for data are meeting their obligations. This paper introduces Information Flow Audit, an approach for tracking information flows within cloud infrastructure. This builds upon CamFlow (Cambridge Flow Control Architecture), a prototype implementation of our model for data-centric security in PaaS clouds. CamFlow enforces Information Flow Control policy both intra-machine at the kernel-level, and inter-machine, on message exchange. Here we demonstrate how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools. This allows detailed understanding of the overall system. Combining a continuously enforced data-centric security mechanism with meaningful audit empowers tenants and providers to both meet and demonstrate compliance with their data management obligations.

Original languageEnglish
Title of host publicationProceedings - 2016 IEEE International Conference on Cloud Engineering, IC2E 2016
Subtitle of host publicationCo-located with the 1st IEEE International Conference on Internet-of-Things Design and Implementation, IoTDI 2016
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages42-51
Number of pages10
ISBN (Electronic)9781509019618
DOIs
Publication statusPublished - 1 Jun 2016
Event4th IEEE Annual International Conference on Cloud Engineering, IC2E 2016 - Berlin, Germany
Duration: 4 Apr 20168 Apr 2016

Conference

Conference4th IEEE Annual International Conference on Cloud Engineering, IC2E 2016
Country/TerritoryGermany
CityBerlin
Period4/04/168/04/16

Keywords

  • Cloud
  • Information Flow Audit
  • Information Flow Control
  • Privacy
  • Provenance
  • Security

Fingerprint

Dive into the research topics of 'Information flow audit for PaaS clouds'. Together they form a unique fingerprint.

Cite this