Information Flow Audit for PaaS Clouds

2016 IEEE International Conference on Cloud Engineering (IC2E) Pub Date : 2016-04-04 DOI:10.1109/IC2E.2016.19

Thomas Pasquier, Jatinder Singh, J. Bacon, D. Eyers

{"title":"Information Flow Audit for PaaS Clouds","authors":"Thomas Pasquier, Jatinder Singh, J. Bacon, D. Eyers","doi":"10.1109/IC2E.2016.19","DOIUrl":null,"url":null,"abstract":"With the rapid increase in uptake of cloud services, issues of data management are becoming increasingly prominent. There is a clear, outstanding need for the ability for specified policy to control and track data as it flows throughout cloud infrastructure, to ensure that those responsible for data are meeting their obligations. This paper introduces Information Flow Audit, an approach for tracking information flows within cloud infrastructure. This builds upon CamFlow (Cambridge Flow Control Architecture), a prototype implementation of our model for data-centric security in PaaS clouds. CamFlow enforces Information Flow Control policy both intra-machine at the kernel-level, and inter-machine, on message exchange. Here we demonstrate how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools. This allows detailed understanding of the overall system. Combining a continuously enforced data-centric security mechanism with meaningful audit empowers tenants and providers to both meet and demonstrate compliance with their data management obligations.","PeriodicalId":430893,"journal":{"name":"2016 IEEE International Conference on Cloud Engineering (IC2E)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Conference on Cloud Engineering (IC2E)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IC2E.2016.19","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 30

Abstract

With the rapid increase in uptake of cloud services, issues of data management are becoming increasingly prominent. There is a clear, outstanding need for the ability for specified policy to control and track data as it flows throughout cloud infrastructure, to ensure that those responsible for data are meeting their obligations. This paper introduces Information Flow Audit, an approach for tracking information flows within cloud infrastructure. This builds upon CamFlow (Cambridge Flow Control Architecture), a prototype implementation of our model for data-centric security in PaaS clouds. CamFlow enforces Information Flow Control policy both intra-machine at the kernel-level, and inter-machine, on message exchange. Here we demonstrate how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools. This allows detailed understanding of the overall system. Combining a continuously enforced data-centric security mechanism with meaningful audit empowers tenants and providers to both meet and demonstrate compliance with their data management obligations.

查看原文本刊更多论文

PaaS云的信息流审计

随着云服务应用的迅速增加，数据管理的问题变得越来越突出。明确的、突出的需求是指定策略能够控制和跟踪在云基础设施中流动的数据，以确保负责数据的人员履行其义务。本文介绍了一种跟踪云基础架构内信息流的方法——信息流审计。这是建立在CamFlow(剑桥流量控制架构)之上的，CamFlow是我们在PaaS云中以数据为中心的安全模型的原型实现。CamFlow在内核级和机器间的消息交换上执行信息流控制策略。在这里，我们将演示如何扩展CamFlow，以提供类似于来源元数据的以数据为中心的审计日志，其格式可以通过使用标准图形处理工具轻松地自动化分析。这允许详细了解整个系统。将持续执行的以数据为中心的安全机制与有意义的审计相结合，使租户和提供商能够满足并证明遵守其数据管理义务。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE International Conference on Cloud Engineering (IC2E)

自引率

0.00%

发文量