Controlling Information Flows in Net Services with Low Runtime Overhead

Full Text (PDF, 387KB), PP.1-9

Views: 0 Downloads: 0

Author(s)

Shih-Chien Chou 1,*

1. Department of Computer Science and Information Engineering National Dong Hwa University, Taiwan

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2015.03.01

Received: 10 Aug. 2014 / Revised: 15 Oct. 2014 / Accepted: 11 Dec. 2014 / Published: 8 Feb. 2015

Index Terms

Information flow, information flow control, information security, information leakage prevention, runtime overhead

Abstract

This paper presents the information flow control model NetIFC to prevent information leakage when a net service is being executed. NetIFC offers the following features: (1) it blocks at least statements as possible and (2) it reduces runtime overhead. To achieve the first feature, NetIFC strictly controls output statements because only output may leak information. To achieve the second feature, NetIFC is executed in parallel with a service in different sites to monitor the service. This monitoring style substantially reduce runtime overhead when comparing with embedding a model in a net service.

Cite This Paper

Shih-Chien Chou, "Controlling Information Flows in Net Services with Low Runtime Overhead", International Journal of Computer Network and Information Security(IJCNIS), vol.7, no.3, pp.1-9, 2015. DOI:10.5815/ijcnis.2015.03.01

Reference

[1]L. M., Vaquero, L. Rodero-Merino, J., Caceres, M., Lindner, “A Break in the Clouds: Towards a Cloud Definition”, ACM SIGCOMM Computer Communication Review, vol. 39, no. 1, pp. 50-55, 2009.
[2]D. E., Denning, 1976. “A Lattice Model of Secure Information Flow”, Comm. ACM, vol. 19, no. 5, 236-243, 1976.
[3]D. E., Denning, P. J., and Denning, Certification of Program for Secure Information Flow”, Comm. ACM, vol. 20, no. 7, 504-513, 1977.
[4]Myers A., and Liskov, B., 1998. Complete, Safe Information Flow with Decentralized Labels. Proc. 14’th IEEE Symp. Security and Privacy, 186-197.
[5]Myers A., and Liskov, B., 2000. Protecting Privacy using the Decentralized Label Model. ACM Trans. Software Eng. Methodology, vol. 9, no. 4, 410-442.
[6]M. Krohn, A. Yip, M. Brodsky, and N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris, “Information Flow Control for Standard OS Abstractions”, SOSP’07, 2007.
[7]I. Roy, D. E. Porter, M. D. Bond, K. S. McKinley, and E. Witchel, “Laminar: Practical Fine-Grained Decentralized Information Flow Control”, PLDI’09, 2009.
[8]Bhatti, R., Bertino, E., Ghafoor, A., 2004. A Trust-based Context-aware Access Control Model for Web Services. IEEE ICW’04, 184 – 191.
[9]Seamons, K. E., Winslett, M., Yu, T., 2001. Limiting the Disclosure Access Control Policies during Automated Trust Negotiation. Network and Distributed System Security Symposium.
[10]Wonohoesodo R., Tari, Z., 2004. A Role Based Access Control for Web Services. Proceedings of the 2004 IEEE International Conference on Service Computing, 49-56.
[11]Shen, H. -B., Hong, F., 2006. An Attribute-Based Access Control Model for Web Services. IEEE International Conference on Parallel and Distributed Computing Applications and Technologies (PDCAT'06), 74-79.
[12]W. She, I. -L. Yen, B. ThuraiSingham, E. Bertino, “The SCIFC Model for Information Flow Control in Web Service Composition”, 2009 IEEE International Conferences on Web Services, pp. 1-8, 2009.
[13]W. She, I. -L. Yen, B. ThuraiSingham, and S. –Y. Huang, “Rule-Based Run-Time Information Flow Control in Service Cloud”, 2011 IEEE International Conferences on Web Services, pp. 524-531, 2011.
[14]L. Sfaxi, T. Abdellatif, R. Robbana, and Y. Lakhnech, “Information Flow Control of Component-Based Distributed Systems”, Concurrency and Computation: Practice and Experience, available on http://www.bbhedia.org/robbana/Wiley.pdf.
[15]R. Wu, G. –J., Ahn, H. Hu, and M. Singhal, “Information Flow Control in Cloud Computing”, Proceedings of the 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2010.
[16]Chou, S. –C., 2004. Embedding Role-Based Access Control Model in Object-Oriented Systems to Protect Privacy. Journal of Systems and Software, 71(1-2), 143-161.
[17]J. Dean and S. Ghemawat, “MapReduce: Simplified Data Processing on Large Clusters”, OSDI 2004, available on http://static.usenix.org/event/osdi04/tech/full_papers/dean/dean.pdf.
[18]T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds”, Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199-212, 2009.
[19]Bell D. E., and LaPadula, L. J., 1976. Secure Computer Systems: Unified Exposition and Multics Interpretation. Technique report, Mitre Corp., Mar. 1976. http://csrc.nist.gov/publications/history/bell76.pdf.
[20]Samarati, P., Bertino, E., Ciampichetti, A., and Jajodia, S., 1997. Information Flow Control in Object-Oriented Systems. IEEE Trans. Knowledge Data Eng., vol. 9, no. 4, 524-538.
[21]Samarati, P., Bertino, E., Ciampichetti, A., and Jajodia, S., 1997. Information Flow Control in Object-Oriented Systems. IEEE Trans. Knowledge Data Eng., vol. 9, no. 4, 524-538.
[22]Yu, T., Winslett, M., Seamons, K., 2003. Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation. ACM Transactions on Information and System Security, vol. 6, no. 1, 1-42.
[23]Koshutanski, H., Massacci, F., 2005. Interactive Credential Negotiation for Stateful Business Processes, Lecture notes in computer science, 256-272.
[24]Mecella, M., Ouzzani, M., Paci, F., Bertino, E., 2006. An Access Control Enforcement for Conversation-based Web Services. International World Wide Web Conference, 257-266.
[25]Bertino, E., Squicciarini, A. C., Martino, L., Pacim, F., 2006. An Adaptive Access Control Model for Web Service. International Journal of Web Service Research, vol. 3, no. 3, 27-60.
[26]Paurobally, S., Jennings, N. R., 2005. Protocol Engineering for Web Service Conversations. Engineering Applications of Artificial Intelligence, vol. 18, no. 2, 237-254.
[27]Srivatsa, M., Iyengar, A., Mikalsen, T., Rouvellou, I., Yin, J., 2007. An Access Control System for Web Service Compositions. 2007 IEEE International Conference on Web Services, 1-8.
[28]Ardagna, C. A., Damiani, E., 2006. A Web Service Architecture for Enforcing Access control Policies. Electronic Notes in Theoretical Computer Science, vol. 142, 47-62.
[29]Koshutanski H., Massacci, F., 2003. An Access Control Framework for Business Processes for Web Service. ACM Workshop on XML Security, 15-24.
[30]Sirer E. G., Wang, K., 2002. An Access Control Language for Web Services. Proceedings of the seventh ACM symposium on Access control models and technologies (SACMAT’02), 23-30.
[31]Bhatti, R., Ghafoor, A., Bertino, E., Joshi, J. B. D., 2005. X-GTRBAC: An XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control. ACM Transactions on Information and System Security (TISSEC), Vol. 8, No. 2, 187 – 227.
[32]Bertino, E., Bonatti P. A., Ferrari, E., 2001. TRBAC: A Temporal Role-Based Access Control Model. ACM Transactions on Information and System Security, Vol. 4, No. 3, 191 – 233.
[33]Sandhu, R. S., Coyne, E. J., Feinstein, H. L., Youman, C. E., 1996. Role-Based Access Control Models. IEEE Computer, vol. 29, no. 2, 38-47.
[34]R. Sandhu, D. F., Ferraiolo, and D. R., Kuhn, D. "The NIST Model for Role Based Access Control: Toward a Unified Standard", 5th ACM Workshop Role-Based Access Control. pp. 47–63, 2000
[35]JIF website, “Jif: Java + information flow”, available on http://www.cs.cornell.edu/jif/
[36]Brewer, D.F.C., Nash, M.J., 1989. The Chinese Wall Security Policy. In: Proceedings of the 5’th IEEE Symposium on Security and Privacy, 206-214.
[37]J. Bacon, D. Eyers, T. F. J. –M. Pasquier, J. Singh, and P. Piezuch, “Information Flow Control for Secure Cloud Computing”, IEEE Trans. Network and Service Management, 11(1), pp. 76-89, 2014.