An access and information flow control paradigm for secure information sharing in service-based systems

Nidhiben Solanki, Timothy Hoffman, I. Ling Yen, Farokh Bastani, Sik-Sang Yau

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.

Original languageEnglish (US)
Title of host publicationProceedings - International Computer Software and Applications Conference
PublisherIEEE Computer Society
Pages60-67
Number of pages8
Volume1
ISBN (Print)9781467365635
DOIs
StatePublished - Sep 21 2015
Event2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015 - Taichung, Taiwan, Province of China
Duration: Jul 1 2015Jul 5 2015

Other

Other2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015
CountryTaiwan, Province of China
CityTaichung
Period7/1/157/5/15

Fingerprint

Flow control
Access control
Web services
Composite materials
Information services

Keywords

  • Access control
  • Data dependency
  • Information flow control
  • Service-based systems

ASJC Scopus subject areas

  • Computer Science Applications
  • Software

Cite this

Solanki, N., Hoffman, T., Yen, I. L., Bastani, F., & Yau, S-S. (2015). An access and information flow control paradigm for secure information sharing in service-based systems. In Proceedings - International Computer Software and Applications Conference (Vol. 1, pp. 60-67). [7273293] IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2015.195

An access and information flow control paradigm for secure information sharing in service-based systems. / Solanki, Nidhiben; Hoffman, Timothy; Yen, I. Ling; Bastani, Farokh; Yau, Sik-Sang.

Proceedings - International Computer Software and Applications Conference. Vol. 1 IEEE Computer Society, 2015. p. 60-67 7273293.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Solanki, N, Hoffman, T, Yen, IL, Bastani, F & Yau, S-S 2015, An access and information flow control paradigm for secure information sharing in service-based systems. in Proceedings - International Computer Software and Applications Conference. vol. 1, 7273293, IEEE Computer Society, pp. 60-67, 2015 IEEE 39th Annual Computer Software and Applications Conference - Stephen S. Yau Academic Symposium, COMPSAC 2015, Taichung, Taiwan, Province of China, 7/1/15. https://doi.org/10.1109/COMPSAC.2015.195
Solanki N, Hoffman T, Yen IL, Bastani F, Yau S-S. An access and information flow control paradigm for secure information sharing in service-based systems. In Proceedings - International Computer Software and Applications Conference. Vol. 1. IEEE Computer Society. 2015. p. 60-67. 7273293 https://doi.org/10.1109/COMPSAC.2015.195
Solanki, Nidhiben ; Hoffman, Timothy ; Yen, I. Ling ; Bastani, Farokh ; Yau, Sik-Sang. / An access and information flow control paradigm for secure information sharing in service-based systems. Proceedings - International Computer Software and Applications Conference. Vol. 1 IEEE Computer Society, 2015. pp. 60-67
@inproceedings{ef34324ccd1f40189be1b6e75e807822,
title = "An access and information flow control paradigm for secure information sharing in service-based systems",
abstract = "Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.",
keywords = "Access control, Data dependency, Information flow control, Service-based systems",
author = "Nidhiben Solanki and Timothy Hoffman and Yen, {I. Ling} and Farokh Bastani and Sik-Sang Yau",
year = "2015",
month = "9",
day = "21",
doi = "10.1109/COMPSAC.2015.195",
language = "English (US)",
isbn = "9781467365635",
volume = "1",
pages = "60--67",
booktitle = "Proceedings - International Computer Software and Applications Conference",
publisher = "IEEE Computer Society",

}

TY - GEN

T1 - An access and information flow control paradigm for secure information sharing in service-based systems

AU - Solanki, Nidhiben

AU - Hoffman, Timothy

AU - Yen, I. Ling

AU - Bastani, Farokh

AU - Yau, Sik-Sang

PY - 2015/9/21

Y1 - 2015/9/21

N2 - Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.

AB - Cloud now provides a wide range of services hosted by different providers from different domains. These services can be composed together dynamically to realize important tasks. In a composite service, information may flow from one service to subsequent services from different domains. Such information flow, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques is not flexible and cannot work with domain-specific information flow control policies. Existing works on access control for web service do not consider the information flow problem in composite services. Existing information flow control (IFC) techniques are not flexible and cannot work with domain-specific information flow control policies. In this paper, we define the WS-AIFC infrastructure for enforcing access and information flow control. The major goal of WS-AIFC is to provide a new IFC mechanism that can allow each domain to define their own IFC policies while WS-AIFC is capable of preventing undesired information leakage (IFC policy violation) among benign, semi-honest service domains. The main idea in WS-AIFC is to derive and record the dependency list for each data object. The system, upon receiving an access request to a critical data object, not only validates the conventional access control policy for the access, but also extracts the data and the corresponding domains in the dependency list and consults these domains to validate their IFC policies for the indirect access. In summary, WS-AIFC empowers individual domains to control how their information flows and achieves enhanced security for service based systems.

KW - Access control

KW - Data dependency

KW - Information flow control

KW - Service-based systems

UR - http://www.scopus.com/inward/record.url?scp=84962469633&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84962469633&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2015.195

DO - 10.1109/COMPSAC.2015.195

M3 - Conference contribution

AN - SCOPUS:84962469633

SN - 9781467365635

VL - 1

SP - 60

EP - 67

BT - Proceedings - International Computer Software and Applications Conference

PB - IEEE Computer Society

ER -