A Cloud Computing Security Model Based on Noninterference

In cloud computing, the risk of data leakage exists between users and virtual machines. Whether it is direct or indirect data leakage, it can be regarded as illegal information flow. Methods such as access control models can control the information flow rather than the covert information flow. Therefore, it needs to use the noninterference models to detect the existence of illegal information flow in cloud computing. Typical noninterference models are not suitable to verificate information flow in cloud computing. When concurrent access actions execute in the cloud architecture, security domains do not affect each other, because there is no information flow between security domains. Based on this, we propose noninterference for cloud architecture in which concurrent access and sequential access coexist. When the sequential actions execute, the information flow between security domains can flow in accordance with established rules. When concurrent access actions execute, there should not be the information flow between security domains.

[1]  Yoshihiro Oyama,et al.  Load-based covert channels between Xen virtual machines , 2010, SAC '10.

[2]  Adrian Perrig,et al.  SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes , 2007, SOSP.

[3]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[4]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[5]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[6]  Qiang Wei,et al.  RBAC-Based Access Control for SaaS Systems , 2010, 2010 2nd International Conference on Information Engineering and Computer Science.

[7]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[8]  Ron van der Meyden,et al.  A comparison of semantic models for noninterference , 2006, Theor. Comput. Sci..

[9]  Zhong Shao,et al.  Toward Compositional Verification of Interruptible OS Kernels and Device Drivers , 2017, Journal of Automated Reasoning.

[10]  J. Reuben,et al.  A Survey on Virtual Machine Security , 2007 .

[11]  Dong Zhou,et al.  Translation techniques in cross-language information retrieval , 2012, CSUR.

[12]  Cor-Paul Bezemer,et al.  Multi-tenant SaaS applications: maintenance dream or nightmare? , 2010, IWPSE-EVOL '10.

[13]  Ye Li,et al.  A virtualized separation kernel for mixed criticality systems , 2014, VEE '14.

[14]  John M. Rushby,et al.  Proof of separability: A verification technique for a class of a security kernels , 1982, Symposium on Programming.

[15]  Xue Jing,et al.  A Brief Survey on the Security Model of Cloud Computing , 2010, 2010 Ninth International Symposium on Distributed Computing and Applications to Business, Engineering and Science.

[16]  Sherali Zeadally,et al.  Virtualization: Issues, security threats, and solutions , 2013, CSUR.

[17]  Sushil Jajodia,et al.  Disk storage isolation and verification in cloud , 2012, 2012 IEEE Global Communications Conference (GLOBECOM).

[18]  Yong Qi,et al.  Design and verification of a lightweight reliable virtual machine monitor for a many-core architecture , 2012, Frontiers of Computer Science.

[19]  Frédéric Tronel,et al.  Verifying the reliability of operating system-level information flow control systems in linux , 2017 .

[20]  Frédéric Tronel,et al.  Verifying the Reliability of Operating System-Level Information Flow Control Systems in Linux , 2017, 2017 IEEE/ACM 5th International FME Workshop on Formal Methods in Software Engineering (FormaliSE).

[21]  Jie Zhu,et al.  Cloud Data Security and Integrity Protection Model Based on Distributed Virtual Machine Agents , 2016, 2016 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC).

[22]  John Mitchell,et al.  A Semi-distributed Access Control Management Scheme for Securing Cloud Environment , 2015, 2015 IEEE 8th International Conference on Cloud Computing.

[23]  Maciej Koutny,et al.  Formal verification of secure information flow in cloud computing , 2016, J. Inf. Secur. Appl..

[24]  Harshit Srivastava,et al.  Control Framework for Secure Cloud Computing , 2015 .