Cloud computing provides services to users through Internet.This open mode not only facilitates the access by users,but also brings potential security risks.In cloud computing,the risk of data leakage exists between u...Cloud computing provides services to users through Internet.This open mode not only facilitates the access by users,but also brings potential security risks.In cloud computing,the risk of data leakage exists between users and virtual machines.Whether direct or indirect data leakage,it can be regarded as illegal information flow.Methods,such as access control models can control the information flow,but not the covert information flow.Therefore,it needs to use the noninterference models to detect the existence of illegal information flow in cloud computing architecture.Typical noninterference models are not suitable to certificate information flow in cloud computing architecture.In this paper,we propose several information flow models for cloud architecture.One model is for transitive cloud computing architecture.The others are for intransitive cloud computing architecture.When concurrent access actions execute in the cloud architecture,we want that security domain and security domain do not affect each other,that there is no information flow between security domains.But in fact,there will be more or less indirect information flow between security domains.Our models are concerned with how much information is allowed to flow.For example,in the CIP model,the other domain can learn the sequence of actions.But in the CTA model,the other domain can’t learn the information.Which security model will be used in an architecture depends on the security requirements for that architecture.展开更多
To ensure the integrity and security of cloud tenants' workload, and to prevent unexpected interference among tenants, cloud platform must make sure that system behaviors are trusted. By analyzing threats that exist ...To ensure the integrity and security of cloud tenants' workload, and to prevent unexpected interference among tenants, cloud platform must make sure that system behaviors are trusted. By analyzing threats that exist in the cloud platform, a novel trusted domain hierarchical model(TDHM) based on noninterference theory was proposed in this paper to solve these problems. First of all, the abstraction modeling of tenants' computing environment and trusted domain(TD) were introduced for designing TDHM with formal methods. Secondly, corresponding constraints for trusted running were given to satisfy security requirements of tenants' TD, and security properties of TDHM ware analyzed. After that, trusted behavior of TD was defined based on these properties, and the decision theorem of that was proved. It illustrated that the design and implementation of TD in cloud followed the model with characteristics of trusted behavior. Finally, the implementation of prototype system was introduced based on our previous work, and evaluation results showed that the performance loss was in the acceptable range.展开更多
基金Natural Science Research Project of Jiangsu Province Universities and Colleges(No.17KJD520005,Congdong Lv).
文摘Cloud computing provides services to users through Internet.This open mode not only facilitates the access by users,but also brings potential security risks.In cloud computing,the risk of data leakage exists between users and virtual machines.Whether direct or indirect data leakage,it can be regarded as illegal information flow.Methods,such as access control models can control the information flow,but not the covert information flow.Therefore,it needs to use the noninterference models to detect the existence of illegal information flow in cloud computing architecture.Typical noninterference models are not suitable to certificate information flow in cloud computing architecture.In this paper,we propose several information flow models for cloud architecture.One model is for transitive cloud computing architecture.The others are for intransitive cloud computing architecture.When concurrent access actions execute in the cloud architecture,we want that security domain and security domain do not affect each other,that there is no information flow between security domains.But in fact,there will be more or less indirect information flow between security domains.Our models are concerned with how much information is allowed to flow.For example,in the CIP model,the other domain can learn the sequence of actions.But in the CTA model,the other domain can’t learn the information.Which security model will be used in an architecture depends on the security requirements for that architecture.
基金supported by the National Natural Science Foundation of China (61272447)the National Key Technology R&D Program of China (2012BAH18B05)the National New Generation Broadband Wireless Mobile Communication Network Major Project (03 Project) of China (12H1510)
文摘To ensure the integrity and security of cloud tenants' workload, and to prevent unexpected interference among tenants, cloud platform must make sure that system behaviors are trusted. By analyzing threats that exist in the cloud platform, a novel trusted domain hierarchical model(TDHM) based on noninterference theory was proposed in this paper to solve these problems. First of all, the abstraction modeling of tenants' computing environment and trusted domain(TD) were introduced for designing TDHM with formal methods. Secondly, corresponding constraints for trusted running were given to satisfy security requirements of tenants' TD, and security properties of TDHM ware analyzed. After that, trusted behavior of TD was defined based on these properties, and the decision theorem of that was proved. It illustrated that the design and implementation of TD in cloud followed the model with characteristics of trusted behavior. Finally, the implementation of prototype system was introduced based on our previous work, and evaluation results showed that the performance loss was in the acceptable range.
