An access and information flow control paradigm for secure information sharing in service-based systems

Nidhiben Solanki; Timothy Hoffman; I. Ling Yen; Farokh Bastani; Sik-Sang Yau

doi:10.1109/COMPSAC.2015.195

An access and information flow control paradigm for secure information sharing in service-based systems

Nidhiben Solanki, Timothy Hoffman, I. Ling Yen, Farokh Bastani, Sik-Sang Yau

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.

Original language	English (US)
Title of host publication	Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015
Editors	Gang Huang, William Chu, Pao-Ann Hsiung, Jingwei Yang, Carl K. Chang, Sheikh Iqbal Ahamed, Ivica Crnkovic
Publisher	IEEE Computer Society
Pages	60-67
Number of pages	8
ISBN (Electronic)	9781467365635
DOIs	https://doi.org/10.1109/COMPSAC.2015.195
State	Published - Sep 21 2015
Event	2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015 - Taichung, Taiwan, Province of China Duration: Jul 1 2015 → Jul 5 2015

Publication series

Name	Proceedings - International Computer Software and Applications Conference
Volume	1
ISSN (Print)	0730-3157

Other

Other	2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015
Country	Taiwan, Province of China
City	Taichung
Period	7/1/15 → 7/5/15

Keywords

Access control
Data dependency
Information flow control
Service-based systems

ASJC Scopus subject areas

Software
Computer Science Applications

Access to Document

10.1109/COMPSAC.2015.195

Fingerprint Dive into the research topics of 'An access and information flow control paradigm for secure information sharing in service-based systems'. Together they form a unique fingerprint.

Cite this

Solanki, N., Hoffman, T., Yen, I. L., Bastani, F., & Yau, S-S. (2015). An access and information flow control paradigm for secure information sharing in service-based systems. In G. Huang, W. Chu, P-A. Hsiung, J. Yang, C. K. Chang, S. I. Ahamed, & I. Crnkovic (Eds.), Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015 (pp. 60-67). [7273293] (Proceedings - International Computer Software and Applications Conference; Vol. 1). IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2015.195

An access and information flow control paradigm for secure information sharing in service-based systems. / Solanki, Nidhiben; Hoffman, Timothy; Yen, I. Ling; Bastani, Farokh; Yau, Sik-Sang.

Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015. ed. / Gang Huang; William Chu; Pao-Ann Hsiung; Jingwei Yang; Carl K. Chang; Sheikh Iqbal Ahamed; Ivica Crnkovic. IEEE Computer Society, 2015. p. 60-67 7273293 (Proceedings - International Computer Software and Applications Conference; Vol. 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Solanki, N, Hoffman, T, Yen, IL, Bastani, F & Yau, S-S 2015, An access and information flow control paradigm for secure information sharing in service-based systems. in G Huang, W Chu, P-A Hsiung, J Yang, CK Chang, SI Ahamed & I Crnkovic (eds), Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015., 7273293, Proceedings - International Computer Software and Applications Conference, vol. 1, IEEE Computer Society, pp. 60-67, 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015, Taichung, Taiwan, Province of China, 7/1/15. https://doi.org/10.1109/COMPSAC.2015.195

Solanki N, Hoffman T, Yen IL, Bastani F, Yau S-S. An access and information flow control paradigm for secure information sharing in service-based systems. In Huang G, Chu W, Hsiung P-A, Yang J, Chang CK, Ahamed SI, Crnkovic I, editors, Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015. IEEE Computer Society. 2015. p. 60-67. 7273293. (Proceedings - International Computer Software and Applications Conference). https://doi.org/10.1109/COMPSAC.2015.195

Solanki, Nidhiben ; Hoffman, Timothy ; Yen, I. Ling ; Bastani, Farokh ; Yau, Sik-Sang. / An access and information flow control paradigm for secure information sharing in service-based systems. Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015. editor / Gang Huang ; William Chu ; Pao-Ann Hsiung ; Jingwei Yang ; Carl K. Chang ; Sheikh Iqbal Ahamed ; Ivica Crnkovic. IEEE Computer Society, 2015. pp. 60-67 (Proceedings - International Computer Software and Applications Conference).

@inproceedings{ef34324ccd1f40189be1b6e75e807822,

title = "An access and information flow control paradigm for secure information sharing in service-based systems",

abstract = "Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.",

keywords = "Access control, Data dependency, Information flow control, Service-based systems",

author = "Nidhiben Solanki and Timothy Hoffman and Yen, {I. Ling} and Farokh Bastani and Sik-Sang Yau",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE. Copyright: Copyright 2017 Elsevier B.V., All rights reserved.; 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015 ; Conference date: 01-07-2015 Through 05-07-2015",

year = "2015",

month = sep,

day = "21",

doi = "10.1109/COMPSAC.2015.195",

language = "English (US)",

series = "Proceedings - International Computer Software and Applications Conference",

publisher = "IEEE Computer Society",

pages = "60--67",

editor = "Gang Huang and William Chu and Pao-Ann Hsiung and Jingwei Yang and Chang, {Carl K.} and Ahamed, {Sheikh Iqbal} and Ivica Crnkovic",

booktitle = "Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015",

}

TY - GEN

T1 - An access and information flow control paradigm for secure information sharing in service-based systems

AU - Solanki, Nidhiben

AU - Hoffman, Timothy

AU - Yen, I. Ling

AU - Bastani, Farokh

AU - Yau, Sik-Sang

PY - 2015/9/21

Y1 - 2015/9/21

N2 - Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.

AB - Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.

KW - Access control

KW - Data dependency

KW - Information flow control

KW - Service-based systems

UR - http://www.scopus.com/inward/record.url?scp=84962469633&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84962469633&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2015.195

DO - 10.1109/COMPSAC.2015.195

M3 - Conference contribution

AN - SCOPUS:84962469633

T3 - Proceedings - International Computer Software and Applications Conference

SP - 60

EP - 67

BT - Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015

A2 - Huang, Gang

A2 - Chu, William

A2 - Hsiung, Pao-Ann

A2 - Yang, Jingwei

A2 - Chang, Carl K.

A2 - Ahamed, Sheikh Iqbal

A2 - Crnkovic, Ivica

PB - IEEE Computer Society

T2 - 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015

Y2 - 1 July 2015 through 5 July 2015

ER -