IFCaaS:信息流控制即云安全服务

2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI:10.1109/ARES.2016.27

Marwa A. Elsayed, Mohammad Zulkernine

{"title":"IFCaaS:信息流控制即云安全服务","authors":"Marwa A. Elsayed, Mohammad Zulkernine","doi":"10.1109/ARES.2016.27","DOIUrl":null,"url":null,"abstract":"With the maturity of service-oriented architecture (SOA) and Web technologies, web services have become critical components of Software as a Service (SaaS) applications in cloud ecosystem environments. Most SaaS applications leverage multi-tenant data stores as a back end to keep and process data with high agility. Although these technologies promise impressive benefits, they put SaaS applications at risk against novel as well as prevalent attack vectors. This security risk is further magnified by the loss of control and lack of security enforcement over sensitive data manipulated by SaaS applications. An effective solution is needed to fulfill several requirements originating in the dynamic and complex nature of such applications. Inspired by the rise of Security as a Service (SecaaS) model, this paper introduces \"Information Flow Control as a Service (IFCaaS)\". IFCaaS lays the foundation of cloud-delivered IFC-based security analysis and monitoring services. As an example of the adoption of the IFCaaS, this paper presents a novel framework that addresses the detection of information flow vulnerabilities in SaaS applications. Our initial experiments show that the framework is a viable solution to protect against data integrity and confidentiality violations leading to information leakage.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"IFCaaS: Information Flow Control as a Service for Cloud Security\",\"authors\":\"Marwa A. Elsayed, Mohammad Zulkernine\",\"doi\":\"10.1109/ARES.2016.27\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the maturity of service-oriented architecture (SOA) and Web technologies, web services have become critical components of Software as a Service (SaaS) applications in cloud ecosystem environments. Most SaaS applications leverage multi-tenant data stores as a back end to keep and process data with high agility. Although these technologies promise impressive benefits, they put SaaS applications at risk against novel as well as prevalent attack vectors. This security risk is further magnified by the loss of control and lack of security enforcement over sensitive data manipulated by SaaS applications. An effective solution is needed to fulfill several requirements originating in the dynamic and complex nature of such applications. Inspired by the rise of Security as a Service (SecaaS) model, this paper introduces \\\"Information Flow Control as a Service (IFCaaS)\\\". IFCaaS lays the foundation of cloud-delivered IFC-based security analysis and monitoring services. As an example of the adoption of the IFCaaS, this paper presents a novel framework that addresses the detection of information flow vulnerabilities in SaaS applications. Our initial experiments show that the framework is a viable solution to protect against data integrity and confidentiality violations leading to information leakage.\",\"PeriodicalId\":216417,\"journal\":{\"name\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2016.27\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference on Availability, Reliability and Security (ARES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2016.27","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

随着面向服务的体系结构(SOA)和Web技术的成熟，Web服务已经成为云生态环境中软件即服务(SaaS)应用程序的关键组件。大多数SaaS应用程序利用多租户数据存储作为后端，以高敏捷性保存和处理数据。尽管这些技术带来了令人印象深刻的好处，但它们使SaaS应用程序面临新的和普遍的攻击向量的风险。对SaaS应用程序操纵的敏感数据失去控制和缺乏安全强制，进一步放大了这种安全风险。需要一个有效的解决方案来满足源自此类应用程序的动态和复杂特性的几个需求。受安全即服务(SecaaS)模式兴起的启发，本文介绍了“信息流控制即服务(IFCaaS)”。IFCaaS为云交付的基于ifc的安全分析和监控服务奠定了基础。作为采用IFCaaS的一个例子，本文提出了一个解决SaaS应用程序中信息流漏洞检测的新框架。我们的初步实验表明，该框架是防止数据完整性和机密性违规导致信息泄露的可行解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

IFCaaS: Information Flow Control as a Service for Cloud Security

With the maturity of service-oriented architecture (SOA) and Web technologies, web services have become critical components of Software as a Service (SaaS) applications in cloud ecosystem environments. Most SaaS applications leverage multi-tenant data stores as a back end to keep and process data with high agility. Although these technologies promise impressive benefits, they put SaaS applications at risk against novel as well as prevalent attack vectors. This security risk is further magnified by the loss of control and lack of security enforcement over sensitive data manipulated by SaaS applications. An effective solution is needed to fulfill several requirements originating in the dynamic and complex nature of such applications. Inspired by the rise of Security as a Service (SecaaS) model, this paper introduces "Information Flow Control as a Service (IFCaaS)". IFCaaS lays the foundation of cloud-delivered IFC-based security analysis and monitoring services. As an example of the adoption of the IFCaaS, this paper presents a novel framework that addresses the detection of information flow vulnerabilities in SaaS applications. Our initial experiments show that the framework is a viable solution to protect against data integrity and confidentiality violations leading to information leakage.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 11th International Conference on Availability, Reliability and Security (ARES)

自引率

0.00%

发文量