A Decentralized Information Flow Model for SaaS Application Security

被引:2
|
作者
Liu Tingting [1 ]
Zhao Yong [1 ]
机构
[1] Zhengzhou Informat Sci & Technol Inst, Zhengzhou 450012, Henan, Peoples R China
来源
2013 THIRD INTERNATIONAL CONFERENCE ON INTELLIGENT SYSTEM DESIGN AND ENGINEERING APPLICATIONS (ISDEA) | 2013年
关键词
Software as a Service; Cloud computing security; information flow control; decentralized privileges;
D O I
10.1109/ISDEA.2012.17
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Software as a Service(SaaS) is a popular cloud service, but the SaaS providers have no security garantee for users. The SaaS providers may insert some malicious code in their applications with the primary goal of lifting user data. In order to address this problem, we introduce the security approach of Decentralized Information Flow Control (DIFC) and present a DIFC model that applies at the granularity of operating system processes for SaaS application security. The model allows untrusted software to compute with private data while trusted code controls the dissemination of that data. The trusted code is small which can be monitored easily. In addition, the model can be used in existing applications and allows safe interaction between conventional and DIFC-aware processes. Finally, we prove that the new model can enforce the security requirements of SaaS users.
引用
收藏
页码:40 / 43
页数:4
相关论文
共 50 条
  • [21] An Application Security Model Based on Business Process in Information System
    Xu, Peng
    Chen, Meirong
    Feng, Lifang
    Wu, Guanfeng
    Ma, Fangli
    Wang, Danchen
    2017 12TH INTERNATIONAL CONFERENCE ON INTELLIGENT SYSTEMS AND KNOWLEDGE ENGINEERING (IEEE ISKE), 2017,
  • [22] Multi-Tenant Access and Information Flow Control for SaaS
    Solanki, Nidhiben
    Zhu, Wei
    Yen, I-Ling
    Bastani, Farokh
    Rezvani, Elham
    2016 IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES (ICWS), 2016, : 99 - 106
  • [23] Application of information leakage defendable model in enterprise intranet security
    School of Computer Information and Technology, Beijing Jiaotong University, Beijing 100044, China
    不详
    Jisuanji Yanjiu yu Fazhan, 2007, 5 (761-767):
  • [24] The Fitness Evaluation Model of SAAS for Enterprise Information System
    Lu, Yonghe
    Sun, Bing
    ICEBE 2009: IEEE INTERNATIONAL CONFERENCE ON E-BUSINESS ENGINEERING, PROCEEDINGS, 2009, : 507 - 511
  • [25] Application of Taguchi model to valuation of information security technology considering security quality failure
    Jeong, Yujin
    Yoon, Byungun
    TOTAL QUALITY MANAGEMENT & BUSINESS EXCELLENCE, 2020, 31 (9-10) : 1112 - 1134
  • [26] Modeling Decentralized Information Flow in Ambient Environments
    Van Diggelen, Jurriaan
    Beun, Robbert-Jan
    Van Eijk, Rogier M.
    Werkhoven, Peter J.
    DEVELOPING AMBIENT INTELLIGENCE, PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON AMBIENT INTELLIGENCE DEVELOPMENTS (AMI.D'07), 2008, : 23 - +
  • [27] Complete, safe information flow with decentralized labels
    Myers, AC
    Liskov, B
    1998 IEEE SYMPOSIUM ON SECURITY AND PRIVACY - PROCEEDINGS, 1998, : 186 - 197
  • [28] Information flow control with decentralized service compositions
    Yildiz, Ustun
    Godart, Claude
    2007 IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES, PROCEEDINGS, 2007, : 9 - +
  • [29] Decentralized Control with Structural and Information Flow Constraints
    Sabau, Serban
    2014 IEEE 53RD ANNUAL CONFERENCE ON DECISION AND CONTROL (CDC), 2014, : 2240 - 2247
  • [30] INFORMATION FLOW AND DECENTRALIZED DECISION MAKING IN MARKETING
    ALBAUM, G
    CALIFORNIA MANAGEMENT REVIEW, 1967, 9 (04) : 59 - 70
12345