A Decentralized Information Flow Model for SaaS Application Security

被引：2

作者：

Liu Tingting ^{[1
]}

Zhao Yong ^{[1
]}

机构：

[1] Zhengzhou Informat Sci & Technol Inst, Zhengzhou 450012, Henan, Peoples R China

来源：

2013 THIRD INTERNATIONAL CONFERENCE ON INTELLIGENT SYSTEM DESIGN AND ENGINEERING APPLICATIONS (ISDEA) | 2013年

关键词：

Software as a Service; Cloud computing security; information flow control; decentralized privileges;

D O I：

10.1109/ISDEA.2012.17

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Software as a Service(SaaS) is a popular cloud service, but the SaaS providers have no security garantee for users. The SaaS providers may insert some malicious code in their applications with the primary goal of lifting user data. In order to address this problem, we introduce the security approach of Decentralized Information Flow Control (DIFC) and present a DIFC model that applies at the granularity of operating system processes for SaaS application security. The model allows untrusted software to compute with private data while trusted code controls the dissemination of that data. The trusted code is small which can be monitored easily. In addition, the model can be used in existing applications and allows safe interaction between conventional and DIFC-aware processes. Finally, we prove that the new model can enforce the security requirements of SaaS users.

引用

页码：40 / 43

页数：4

共 50 条

[41] An information flow security policy verification methodology and its application in operating systems
Yi, XD
Yang, XJ
Proceedings of the 11th Joint International Computer Conference, 2005, : 700 - 703
[42] Decentralized Personal Cloud Data Model and its Application in Campus Health Information System
Weng, Xiaoqi
Wu, Hanlin
Pan, Yuqiu
Chen, Hong
2021 IEEE INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, INTL CONF ON CLOUD AND BIG DATA COMPUTING, INTL CONF ON CYBER SCIENCE AND TECHNOLOGY CONGRESS DASC/PICOM/CBDCOM/CYBERSCITECH 2021, 2021, : 879 - 883
[43] Multi-level Index Model for SaaS Application
Kong Lanju
Li Qingzhong
Wang Xue
2013 10TH WEB INFORMATION SYSTEM AND APPLICATION CONFERENCE (WISA 2013), 2013, : 23 - +
[44] Static Gate-Level Information Flow for Hardware Information Security with Bounded Model Checking
Zhao, Yiqiang
Qu, Gonsen
Zhang, Qizhi
Li, Yao
Li, Zhengyang
He, Jiaji
2024 IEEE 42ND VLSI TEST SYMPOSIUM, VTS 2024, 2024,
[45] Parts inventory information integrated security technology of automobile industry chain SaaS platform
Yang J.
Sun L.
Wu Q.
Jisuanji Jicheng Zhizao Xitong/Computer Integrated Manufacturing Systems, CIMS, 2020, 26 (05): : 1277 - 1285
[46] Integrated Query of Multi-resources Information in the way of SaaS Application
Zhou, Bo
Lu, Wenliang
INDUSTRIAL INSTRUMENTATION AND CONTROL SYSTEMS, PTS 1-4, 2013, 241-244 : 2665 - 2668
[47] Hybrid Flow Model of Cyber Physical Distribution Network and an Instantiated Decentralized Control Application
Chen, Guanhong
Liu, Dong
CSEE JOURNAL OF POWER AND ENERGY SYSTEMS, 2024, 10 (06): : 2587 - 2596
[48] The security model to combine the corporate and information security
Virtanen, T
TRUSTED INFORMATION: THE NEW DECADE CHALLENGE, 2001, 65 : 305 - 316
[49] Application of Java']Java Security Architecture in Information Security
Shen Guicheng
Zheng Xuefeng
PROCEEDINGS OF FIRST INTERNATIONAL CONFERENCE OF MODELLING AND SIMULATION, VOL III: MODELLING AND SIMULATION IN ELECTRONICS, COMPUTING, AND BIO-MEDICINE, 2008, : 66 - 69
[50] Information flow security in dynamic contexts
Focardi, Riccardo
Rossi, Sabina
JOURNAL OF COMPUTER SECURITY, 2006, 14 (01) : 65 - 110

← 1 2 3 4 5 →