Information Flow Audit for PaaS Clouds

With the rapid increase in uptake of cloud services, issues of data management are becoming increasingly prominent. There is a clear, outstanding need for the ability for specified policy to control and track data as it flows throughout cloud infrastructure, to ensure that those responsible for data are meeting their obligations. This paper introduces Information Flow Audit, an approach for tracking information flows within cloud infrastructure. This builds upon CamFlow (Cambridge Flow Control Architecture), a prototype implementation of our model for data-centric security in PaaS clouds. CamFlow enforces Information Flow Control policy both intra-machine at the kernel-level, and inter-machine, on message exchange. Here we demonstrate how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools. This allows detailed understanding of the overall system. Combining a continuously enforced data-centric security mechanism with meaningful audit empowers tenants and providers to both meet and demonstrate compliance with their data management obligations.

[1]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[2]  Andy Hopper,et al.  MrLazy: Lazy Runtime Label Propagation for MapReduce , 2014, HotCloud.

[3]  Beth Plale,et al.  Big Data Provenance Analysis and Visualization , 2015, 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[4]  Yannis Cotronis,et al.  Data Provenance and Reproducibility in Grid Based Scientific Workflows , 2009, 2009 Workshops at the Grid and Pervasive Computing Conference.

[5]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[6]  Thomas Moyer,et al.  Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs , 2015, TaPP.

[7]  Wayne Salamon,et al.  Implementing SELinux as a Linux Security Module , 2003 .

[8]  Paul Watson,et al.  Achieving reproducibility by combining provenance with service and workflow versioning , 2011, WORKS '11.

[9]  Jatinder Singh,et al.  Information Flow Control for Strong Protection with Flexible Sharing in PaaS , 2015, 2015 IEEE International Conference on Cloud Engineering.

[10]  Jatinder Singh,et al.  Managing Big Data with Information Flow Control , 2015, 2015 IEEE 8th International Conference on Cloud Computing.

[11]  Jean Bacon,et al.  FlowR: aspect oriented programming for information flow control in ruby , 2014, MODULARITY.

[12]  Martin Bellamy,et al.  Adoption of Cloud Computing Services by Public Sector Organisations , 2013, 2013 IEEE Ninth World Congress on Services.

[13]  Trent Jaeger,et al.  Runtime verification of authorization hook placement for the linux security modules framework , 2002, CCS '02.

[14]  Yogesh L. Simmhan,et al.  The Open Provenance Model core specification (v1.1) , 2011, Future Gener. Comput. Syst..

[15]  Zizi Papacharissi,et al.  Fifteen Minutes of Privacy: Privacy, Sociality, and Publicity on Social Network Sites , 2011, Privacy Online.

[16]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[17]  Wenke Lee,et al.  xBook: Redesigning Privacy Control in Social Networking Platforms , 2009, USENIX Security Symposium.

[18]  Devarshi Ghoshal,et al.  Visualization of network data provenance , 2012, 2012 19th International Conference on High Performance Computing.

[19]  Yuguang Fang,et al.  Privacy and security for online social networks: challenges and opportunities , 2010, IEEE Network.

[20]  Peng Ning,et al.  Remote attestation to dynamic system properties: Towards providing complete system integrity evidence , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[21]  Margo I. Seltzer,et al.  Layering in Provenance Systems , 2009, USENIX Annual Technical Conference.

[22]  David M. Eyers,et al.  Twenty Security Considerations for Cloud-Supported Internet of Things , 2016, IEEE Internet of Things Journal.

[23]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[24]  R. K. Shyamasundar,et al.  Realizing Purpose-Based Privacy Policies Succinctly via Information-Flow Labels , 2014, 2014 IEEE Fourth International Conference on Big Data and Cloud Computing.

[25]  Donald E. Porter,et al.  Practical Fine-Grained Information Flow Control Using Laminar , 2014, ACM Trans. Program. Lang. Syst..

[26]  Trent Jaeger,et al.  Consistency analysis of authorization hook placement in the Linux security modules framework , 2004, TSEC.

[27]  Somesh Jha,et al.  Automatic placement of authorization hooks in the linux security modules framework , 2005, CCS '05.

[28]  Thomas F. J.-M. Pasquier,et al.  Expressing and Enforcing Location Requirements in the Cloud Using Information Flow Control , 2015, 2015 IEEE International Conference on Cloud Engineering.

[29]  Margo I. Seltzer,et al.  Securing Provenance , 2008, HotSec.

[30]  Marc Chiarini,et al.  Collecting Provenance via the Xen Hypervisor , 2011, TaPP.

[31]  Shouhuai Xu,et al.  An Access Control Language for a General Provenance Model , 2009, Secure Data Management.

[32]  Bhavani M. Thuraisingham,et al.  A language for provenance access control , 2011, CODASPY '11.

[33]  David M. Eyers,et al.  Integrating Messaging Middleware and Information Flow Control , 2015, 2015 IEEE International Conference on Cloud Engineering.

[34]  Christopher Millard,et al.  Cloud Computing Law , 2013 .

[35]  Patrick D. McDaniel,et al.  Hi-Fi: collecting high-fidelity whole-system provenance , 2012, ACSAC '12.

[36]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[37]  Barbara Liskov,et al.  IFDB: decentralized information flow control for databases , 2013, EuroSys '13.

[38]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[39]  Jatinder Singh,et al.  Camflow: Managed Data-Sharing for Cloud Services , 2015, IEEE Transactions on Cloud Computing.

[40]  Trey Ideker,et al.  Cytoscape 2.8: new features for data integration and network visualization , 2010, Bioinform..

[41]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[42]  Margo I. Seltzer,et al.  Issues in Automatic Provenance Collection , 2006, IPAW.

[43]  Stefan Berger,et al.  Scalable Attestation: A Step Toward Secure and Trusted Clouds , 2015, 2015 IEEE International Conference on Cloud Engineering.

[44]  Thomas Moyer,et al.  Trustworthy Whole-System Provenance for the Linux Kernel , 2015, USENIX Security Symposium.

[45]  Jatinder Singh,et al.  Integrating Middleware with Information Flow Control , 2015 .

[46]  Bu Sung Lee,et al.  From system-centric to data-centric logging - Accountability, trust & security in cloud computing , 2011, 2011 Defense Science Research Conference and Expo (DSR).

[47]  Robert Wisniewski relayfs : An Efficient Unified Approach for Transmitting Data from Kernel to User Space , 2003 .

[48]  Ashish Gehani,et al.  SPADE: Support for Provenance Auditing in Distributed Environments , 2012, Middleware.

[49]  David M. Eyers,et al.  CloudSafetyNet: Detecting Data Leakage between Cloud Tenants , 2014, CCSW.

[50]  Adriane Chapman,et al.  It's About the Data: Provenance as a Tool for Assessing Data Fitness , 2012, TaPP.

[51]  David Bernstein,et al.  Containers and Cloud: From LXC to Docker to Kubernetes , 2014, IEEE Cloud Computing.

[52]  Yogesh L. Simmhan,et al.  A survey of data provenance in e-science , 2005, SGMD.

[53]  Margo I. Seltzer,et al.  Provenance-Aware Storage Systems , 2006, USENIX ATC, General Track.

[54]  Rodrigo Fonseca,et al.  Pivot tracing , 2018, USENIX Annual Technical Conference.

[55]  Jatinder Singh,et al.  Data Flow Management and Compliance in Cloud Computing , 2015, IEEE Cloud Computing.

[56]  Mick Bauer Paranoid penguin: Running network services under user-mode Linux, Part I , 2006 .

[57]  Mick Bauer,et al.  Paranoid penguin: an introduction to Novell AppArmor , 2006 .

[58]  Margo I. Seltzer,et al.  A primer on provenance , 2014, CACM.

[59]  Silas Boyd-Wickizer,et al.  Securing Distributed Systems with Information Flow Control , 2008, NSDI.

[60]  Rania Fahim El-Gazzar,et al.  A Literature Review on Cloud Computing Adoption Issues in Enterprises , 2014, TDIT.

[61]  Jatinder Singh,et al.  Clouds of Things Need Information Flow Control with Hardware Roots of Trust , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).