An access and information flow control paradigm for secure information sharing in service-based systems

Nidhiben Solanki, Timothy Hoffman, I. Ling Yen, Farokh Bastani, Sik-Sang Yau

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.

Original languageEnglish (US)
Title of host publicationProceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015
EditorsGang Huang, William Chu, Pao-Ann Hsiung, Jingwei Yang, Carl K. Chang, Sheikh Iqbal Ahamed, Ivica Crnkovic
PublisherIEEE Computer Society
Pages60-67
Number of pages8
ISBN (Electronic)9781467365635
DOIs
StatePublished - Sep 21 2015
Event2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015 - Taichung, Taiwan, Province of China
Duration: Jul 1 2015Jul 5 2015

Publication series

NameProceedings - International Computer Software and Applications Conference
Volume1
ISSN (Print)0730-3157

Other

Other2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015
Country/TerritoryTaiwan, Province of China
CityTaichung
Period7/1/157/5/15

Keywords

  • Access control
  • Data dependency
  • Information flow control
  • Service-based systems

ASJC Scopus subject areas

  • Software
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'An access and information flow control paradigm for secure information sharing in service-based systems'. Together they form a unique fingerprint.

Cite this