TY - JOUR
T1 - Information flow control for secure cloud computing
AU - Bacon, Jean
AU - Eyers, David
AU - Pasquier, Thomas F.J.M.
AU - Singh, Jatinder
AU - Papagiannis, Ioannis
AU - Pietzuch, Peter
PY - 2014/1/1
Y1 - 2014/1/1
N2 - Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well understood Mandatory Access Control methodology. The earliest IFC models targeted security in a centralised environment, but decentralised forms of IFC have been designed and implemented, often within academic research projects. As a result, there is potential for decentralised IFC to achieve better cloud security than is available today. In this paper we describe the properties of cloud computing - Platform-as-a-Service clouds in particular - and review a range of IFC models and implementations to identify opportunities for using IFC within a cloud computing context. Since IFC security is linked to the data that it protects, both tenants and providers of cloud services can agree on security policy, in a manner that does not require them to understand and rely on the particulars of the cloud software stack in order to effect enforcement.
AB - Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well understood Mandatory Access Control methodology. The earliest IFC models targeted security in a centralised environment, but decentralised forms of IFC have been designed and implemented, often within academic research projects. As a result, there is potential for decentralised IFC to achieve better cloud security than is available today. In this paper we describe the properties of cloud computing - Platform-as-a-Service clouds in particular - and review a range of IFC models and implementations to identify opportunities for using IFC within a cloud computing context. Since IFC security is linked to the data that it protects, both tenants and providers of cloud services can agree on security policy, in a manner that does not require them to understand and rely on the particulars of the cloud software stack in order to effect enforcement.
KW - Cloud
KW - data security
KW - information flow
KW - information flow control (IFC)
UR - http://www.scopus.com/inward/record.url?scp=84900000827&partnerID=8YFLogxK
U2 - 10.1109/TNSM.2013.122313.130423
DO - 10.1109/TNSM.2013.122313.130423
M3 - Article (Academic Journal)
AN - SCOPUS:84900000827
SN - 1932-4537
VL - 11
SP - 76
EP - 89
JO - IEEE Transactions on Network and Service Management
JF - IEEE Transactions on Network and Service Management
IS - 1
M1 - 6701293
ER -