However in order to provide these services, cloud computing is often
advertisement
` Comparative Study of IFC methods for Cloud Computing Shreyansh Zatakia Department of Computer Engineering Dwarkadas J. Sanghvi College of Engineering shreyzatakia@outlook.com Drumil Bakhai Department of Computer Engineering Dwarkadas J. Sanghvi College of Engineering drums.b123@gmail.com ABSTRACT Cloud computing is internet based computing where information, resources and devices are made available to consumers on demand. The large data servers residing at the back end address a wide range of needs. However, this emerging technique has its share of issues relating to data security and access controls as users outsource their information to clouds. Security concerns are widely seen as an obstacle that affects the adoption of cloud computing solutions. A major problem is the presence of unsafe information flows that that can be leaked to unauthorized users. Such leakage of critical information gave rise to the concept of Information Flow Control. Information Flow Control is a method that enforces information flow policies on data. This paper discusses some of the proposed methods of Information Flow Control in Cloud Computing. After a brief description of each of the methods, the methods are compared with each based on the various factors. General Terms Cloud Computing, Information Flow Control Keywords Cloud Computing, Information Flow Control, IFC, FlowK, FlowK2, CloudIFC, Chinese wall Policy 1. INTRODUCTION Cloud Computing can be often regarded as On Demand Computing and the reason for this analogy is, it provides computational services for the users and based on that it can charge nominal fees. Cloud computing can be like utility, just as electricity, where each individual is given services by some major powerhouse and in return they charge for the same. Cloud Computing is new promising field in the field of distributed computing and has proved to provide many business applications. Large Banks, Power Companies, Industrial Houses are shifting their enormous datasets over the cloud for processing and large infrastructures are created in order to support the client’s business requirements.The cloud computing applications can be broadly divided into 3 platforms. 1.1 SaaS The applications based on cloud just like services that are running on the remote computers. These remote based computers are owned by companies providing services and connect to the user computers via the Internet. The cloud computing companies provide the software as their services to the users. 1.2 PaaS In this type, PaaS provides entire cloud based environment suitable for building and delivering entire Lakshmi Kurup Department of Computer Engineering Dwarkadas J. Sanghvi College of Engineering lakshmi.kurup@djsce.ac.in web based applications. Here the advantage is, the clients are shunned away from hardware complexity, publishing hosting. 1.3 IaaS Infrastructure as a service is service that provides networks, storage, and all the other computing resources that a small business companies cannot afford to maintain. However in order to provide these services, cloud computing is often exposed to many threats and vulnerabilities. Different problems when cloud computing is concerned are data breaches, data loss, Traffic Hijacking, Insecure APIs. Every threat needs to be dealt with different approaches. 1.4 Information Flow Control Tremendous amount of information is passed from cloud computing servers to the client machines and vice versa. This information needs some mechanism or rules based on which it decides how the exchange takes place. Many objects and subjects clash with Conflict of Interest and much other access the information to which they do not hold legitimate permission. Thus it is very necessary to have Control for the information flow. Information Flow Control deals with this problem.The paper mentions about a detail comparative studies of the different techniques that can be implemented with usage of IFC. In the second section we describe about the techniques of IFC in brief. In the third section we describe a detail comparative study of all the techniques based on the parameters given. The forth section includes conclusion and the last section includes the references. 2. Information Flow Control Methods 2.1 FlowK Since most of the cloud service providers use Linux OS, FlowK is Linux kernel module implementing information flow control within a Linux operating system. There is a concept of trusted processes that manages labels and assigns privileges to other processes. The idea of FlowK is such that authentication and authorization is enforced by permitting only certain type of information flows. Certain rules that control the various flows are: • Implementing the information flow via the use of secrecy and integrity labels. • The child entity inherits the labels of the parent. • There are privileges for removing and adding the labels. Certain processes have the privileges to modify their labels. 1 ` • The conflict of interest between the principles should be clearly defined. • Trusted entities are used to assign labels and privileges to processes. Whenever an action is to take place, system calls are generated. FlowK intercepts the system calls that are generated and converts them to information flows. The rules of information are then applied to system calls. Assuming that shared memory is disabled, there are four types of entities. These entities are process, pipes, sockets and files. The labels of pipes, sockets and files are immutable whereas the labels of process have changeable labels. FlowK maintains a map between entity identifiers and their labels and privileges. When a process changes its security context, then it will not be allowed to read or write file it created or could access previously. Since pipes are created by processes they inherit the labels of the processes. Information flow policy is applied according to the direction of flow when a process interacts with sockets. FlowK is simple and straightforward way to implement information flow control. • Information can only flow within same group. • After execution of IFS assignment statement and input statement, join operation adjusts the security level of destination. • After invocation statement, the security level is same as that of returned statement. • For output statement, highly sensitive data should be hidden from non-authorized users. The security level of output is associated with the information to protect it. CloudIFC is a SaaS level of information flow control. Since it is embedded at service level, it may induce runtime overhead. 2.4 Chinese Wall Policy Chinese wall policy was proposed by Brewer and Nash and often called as BN Chinese policy. The objects and subjects are used to prevent information flows that results in Conflict Of Interest problem. The simple diagram which elaborates Chinese Wall Policy is given below. 2.2 FlowK2 FlowK2 is an extension of FlowK. FlowK supports ‘Big Data’ along with the implementation of Information flow control. The major challenge in IFC is to represent data in labels which should be concise and should implement policy efficiently. This method proposes the use of two component tags that represent the concern of data and a specifier for an item of that kind. One of the advantages is that current single tag system can be easily expressed in this way. The tag is decomposed in two components concern and specifier (t=<c,s>). The information flow rules are changed as follows: • A flow from A to B is allowed there is a super type of secrecy tag of A in B and there is super type of integrity of B in A. • Addition of special privilege to allow removal of labels. • The policy of conflict of interest is expanded to include constraints applied on whole tags, concerns and specifiers. • For compatibility with single tag, the single tag will become a specifier with a null concern. • The highest level is conflict of interest class where the general categorization of the objects is being done. • The level below it consists of the datasets of individual companies and all objects of the same company are present together. • The last level is individual level where each object of information is being associated with a simple company terminal Chinese Wall Policy works on following two rules Thus implementation of two-dimensional tags in IFC will be helpful in data analysis in distributed system. 2.3 CloudIFC Here, the information flow between the variables is controlled. The IFC lies with the variables because different variables contain data with different sensitivity. Since the control granularity lies with the variables, the variable is given a security level number and is associated with a group. According to the group, the sensitive variables are placed in the lattice and then are ordered according to security level. CloudIFC includes security levels and various components like set of variables, input device, output device and files. IFS are statements that will cause information flow. CloudIFC consists of set of rules which are defined as: • Two objects belonging to specific security group belong to the same conflict of interest class. • If two objects belong to different conflict of interest classes they belong to different security group. • If the conflict of interest is new or if the previous object O` is accessed then the current object O can be read. • The data from the company dataset of O can be read by the writer only if the above mentioned condition is satisfied. 2.5 Rule Based IFC Cloud based infrastructure is valuable to customers since it allows the dynamicity from multiple terminals. The existing web services models are focused onto the protection of the individual services. It is necessary to 2 ` a. Enumeration. ensure proper information flow control when dealing with multiple services from different domains. The service chain systems determine whether sensitive information should be directly or indirectly passed to subsequent services. The basic criteria for the service chain can be defined below. All the possible combination are enumerated from Si+1 to Sj-1 by Si and determine the next service where the sensitive information is passed. Large Overhead of enumerating all the services is one of the drawbacks of this approach Output of the service Si can be computed using the input as well as Si backend databases. i.eSiOutF = SiInF + SiInL • • • 2.5.2 Service Access Control Models a. Action Based Access where SiOutF is the output of the service SiInF is the input of the service SiInL is backend databases of Si In this method when a client is granted priviledges, priviledges to the data and other resources is also granted and can be accessed from the action. Action based Control Model provides resource protection too. The input data that Si received from Si-1 may result into some changes into the backend databases of Si and the itsupto Si if it wishes to retain those changes or discard them. These decisions are based on certain control policies and are discussed below. 2.5.1 b. Resource Based Access This method does not allow indirect access imposed in service chain. The resource based access can be extended to web servies. It is mandatory to determine the ownership of Resource r if it needs to accessed and can only be granted if the request satisfy all the necessary condition of the ownership set. Approaches to Flow of service chaining In this part we discuss about the approaches taken by the service chaining in determining the next services to process. The information will always flow based on the decision made during this phase. 3. Comparative Study The above mentioned approaches have been compared in Table I. The parameters for comparison are approach, level at which the method works. In approach the different ways of controlling information flow are looked at. In Level of operation, the level of cloud computing at which the IFC method works is described. a. Direct Access. In this method the service Si ignores the computation effect of the chain which might have services in the order <Si, Si+1, . . . . Sj> and treats if Sj is directly accessing the sensitive information of Si. This method imposes many restrictive flow control constraints. Comparative study of IFC methods Name Approach Level of Operation Advantages Disadvantages FlowK Concept of Trusted Processes and labels Kernel level at Operating System of Server Simple and easy to implement Single component tag is not flexible FlowK2 2D Component Tags Kernel level at Operating System of Server Helps in data analysis More tags increases complexity CloudIFC Control information flow between variables Saas Security level numbers depict sensitivity of information Overhead increases Rule Based IFC Information Flow takes place SaaS Allows secure transfer of the Huge amount of overhead 3 ` according to specified rules Chinese Wall Policy Only access given to objects of different groups 4. CONCLUSION Various methods of Information Flow Control have been developed in the recent decade. This paper looks at some of the techniques and their attributes. Here, one can notice that CloudIFC works on service level and assigns security level numbers to each variable and thus can provide greater security. On the other hand, FlowK executes IFC in a much simpler way whereas FlowK2 couples IFC with data analysis that can provide security along with large scale data processing. In this manner all the methods have been compared and depending on the requirements of the cloud provider and the customer . sensitive information Iaas Works on Iaas that’s why very secure and robust Complexity is high since it deals with individual objects “Information Technology Interfaces”, 2008. ITI 2008, pages 31-40, 2008. [6] T. Mather, S. Kumaraswamy, and S. Latif. Cloud Security and Privacy: “An Enterprise Perspective on Risks and Compliance.” Oreilly & Associates Inc, 2009 [7] Jean Bacon, David Eyers,Ahnl, Jatinder Singh, “Information Flow Control for Secure Cloud Computing” 76 IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 11, NO. 1, MARCH 2014. 5. REFERENCES [1] “FlowK: Information Flow Control for the Cloud, by F. J.-M. Pasquier, Jean Bacon,David Eyers.” Published in Cloud Computing Technology and Science, 2014 IEEE 6th International conference [2] Thomas F. J.-M. Pasquier, Jatinder Singh and Jean Bacon, Olivier Hermant “An Information Flow Control Model for the Cloud”, http://www.cri.ensmp.fr/classement/doc/A-602.pdf [3] Shih-Chien Chou “Controlling information flows in SaaS cloud services”, Published in Computing and Convergence Technology (ICCCT), 2012 7th International Conference [8] T. Mather, S. Kumaraswamy, and S. Latif. Cloud Security and Privacy: “An Enterprise Perspective on Risks and Compliance.” Oreilly & Associates Inc, 2009 [9] “A Network Flow Approach in Cloud Computing.” Soheil Feizi, Amy Zhang, Muriel Medard. RLE at MIT. [10] Deyan Chen1, Hong Zhao. Cloud Security and Privacy: “Data Security and Privacy Protection Issues in Cloud Computing.” College of Information Science and Engineering. [11] Randike Gajanayake, Renato Iannella, and Tony Sahama, "Sharing with Care An Information Accountability Perspective," Internet Computing, IEEE, vol. 15, pp. 31-38, July-Aug. 2011. [4] Ruoyu Wu, Gail-Joon Ahnl, Hongxin Hul, Mukesh Singhal2, Information Flow Control In Cloud Computing”, aboratory of Security Engineering for Future Computing (SEFCOM) [5] M. Vouk. Cloud computing Issues, research and implementations. In 30th International Conference on 4
