Top

Distributed and Parallel Databases

Published in:

01-06-2018

Information flow control on encrypted data for service composition among multiple clouds

Authors: Ning Xi, Jianfeng Ma, Cong Sun, Di Lu, Yulong Shen

Published in: Distributed and Parallel Databases | Issue 3/2018

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Homomorphic encryption allows the direct operations on encrypted data, which provides a promising way to protect outsourcing data in clouds. However, it can not guarantee the end-to-end data security if different cloud services are composed together. Especially for the operations on encrypted data, it may violate the standard noninterference, which can not be solved by traditional information flow control approaches. In order to analyze the information flow with encrypted data, we define a new type of flow called the encryption flow to describe the dependence relationship among different encrypted data objects across multiple services. Based on the new definition on encrypted flow, we propose the secure information flow verification theorem and specify the improved security constraints on each service component. Then a distributed information flow control framework and algorithm are designed for verification on regular and encrypted flow across multiple clouds. Through the experiments, we can obtain that our approach is more appropriate for the verification across multiple clouds and provides a more effective way compared with centralized verification approaches.

previous article Online multi-view subspace learning via group structure analysis for visual object tracking

next article Energy-aware task scheduling in mobile cloud computing

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Wei, Y., Blake, M.B.: Service-oriented computing and cloud computing: challenges and opportunities. IEEE Internet Comput. 14(6), 72–75 (2010)CrossRef

Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, ser. CCS ’09, ACM, New York, NY, USA, pp. 199–212 (2009). https://doi.org/10.1145/1653662.1653687

Yang, T., Zhang, H., Wang, H., Shahzad, M., Liu, X., Xin, Q., Li, X.: Fid-sketch: an accurate sketch to store frequencies in data streams. World Wide Web J. (2018). https://doi.org/10.1007/s11280-018-0546-5

Gentry, C., et al.: Fully homomorphic encryption using ideal lattices. STOC 9(2009), 169–178 (2009)MathSciNetMATH

Brenner, M., Wiebelitz, J., von Voigt, G., Smith, M.: Secret program execution in the cloud applying homomorphic encryption. In: 5th IEEE International Conference on Digital Ecosystems and Technologies (IEEE DEST 2011), pp. 114–119 (2011)

Fiore, D., Gennaro, R., Pastro, V.: Efficiently verifiable computation on encrypted data. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Ser. CCS ’14, ACM, New York, NY, USA, pp. 844–855 (2014). https://doi.org/10.1145/2660267.2660366

Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for web-services. Distrib. Parallel Databases 18(1), 83–105 (2005). https://doi.org/10.1007/s10619-005-1075-7. [Online]CrossRef

Yang, T., Liu, A.X., Shahzad, M., Zhong, Y., Fu, Q., Li, Z., Xie, G., Li, X.: A shifting bloom filter framework for set queries. Proc. VLDB Endow. 9(5), 408–419 (2016)CrossRef

Yang, T., Liu, A.X., Shahzad, M., Yang, D., Fu, Q., Xie, G., Li, X.: A shifting framework for set queries. IEEE/ACM Trans. Netw. 25(5), 3116–3131 (2017)CrossRef

10.

Hutter, D., Volkamer, M.: Information flow control to secure dynamic web service composition. In: SPC, vol. 3934. Springer, Berlin, pp. 196–210 (2006)

11.

She, W., Yen, I.L., Thuraisingham, B., Huang, S.Y.: Rule-based run-time information flow control in service cloud. In: 2011 IEEE International Conference on Web Services, pp. 524–531 (2011)

12.

Xi, N., Ma, J., Sun, C., Shen, Y., Zhang, T.: Distributed information flow verification framework for the composition of service chain in wireless sensor network. Int. J. Distrib. Sens. Netw. 9(5), 693639 (2013)CrossRef

13.

Nakajima, S.: Model-checking of safety and security aspects in web service flows. In: ICWE, vol. 3140, pp. 488–501. Springer, Berlin (2004)

14.

Rossi, S.: Model checking adaptive multilevel service compositions. In: FACS, pp. 106–124. Springer, Berlin (2010)

15.

Xi, N., Sun, C., Ma, J., Shen, Y.: Secure service composition with information flow control in service clouds. Future Gener. Comput. Syst. 49, 142–148 (2015)CrossRef

16.

Sabelfeld, A., Sands, D.: Declassification: dimensions and principles. J. Comput. Secur. 17(5), 517–548 (2009)CrossRef

17.

Laud, P.: Handling encryption in an analysis for secure information flow. In: Degano, P. (ed.) Programming Languages and Systems, pp. 159–173. Springer, Berlin (2003)CrossRef

18.

Hicks, B., King, D., McDaniel, P.: Declassification with cryptographic functions in a security-typed language. Network and Security Center, Department of Computer Science, Pennsylvania State University, Tech. Rep. NAS-TR-0004-2005 (2005)

19.

Askarov, A., Hedin, D., Sabelfeld, A.: Cryptographically-masked flows. In: Yi, K. (ed.) Static Analysis, pp. 353–369. Springer, Berlin (2006)CrossRef

20.

Mitchell, J.C., Sharma, R., Stefan, D., Zimmerman, J.: Information-flow control for programming on encrypted data. In: 2012 IEEE 25th Computer Security Foundations Symposium, pp. 45–60 (2012)

21.

Xi, N., Lu, D., Sun, C., Ma, J., Shen, Y.: Distributed secure service composition with declassification in mobile clouds. Mobile Information Systems, vol. 2017 (2017)

22.

Xi, N., Sun, C., Ma, J., Chen, X., Shen, Y.: Distributed information flow verification for secure service composition in smart sensor network. China Commun. 13(4), 119–130 (2016)CrossRef

23.

Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefMATH

24.

Ferrante, J., Ottenstein, K.J., Warren, J.D.: The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst. (TOPLAS) 9(3), 319–349 (1987)CrossRefMATH

25.

Snelting, G., Robschink, T., Krinke, J.: Efficient path conditions in dependence graphs for software safety analysis. ACM Trans. Softw. Eng. Methodol. (TOSEM) 15(4), 410–457 (2006)CrossRef

26.

Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization. RFC Editor (2002)

27.

Henderson, T.R., Lacage, M., Riley, G.F., Dowell, C., Kopena, J.: Network simulations with the ns-3 simulator. SIGCOMM Demonstr. 14(14), 527 (2008)

28.

Yang, T., Xie, G., Li, Y., Fu, Q., Liu, A.X., Li, Q., Mathy, L.: Guarantee ip lookup performance with fib explosion. ACM SIGCOMM Comput. Commun. Rev. 44(4), 39–50 (2014)CrossRef

Title: Information flow control on encrypted data for service composition among multiple clouds
Authors: Ning Xi
Jianfeng Ma
Cong Sun
Di Lu
Yulong Shen
Publication date: 01-06-2018
Publisher: Springer US
Published in: Distributed and Parallel Databases / Issue 3/2018
Print ISSN: 0926-8782
Electronic ISSN: 1573-7578
DOI: https://doi.org/10.1007/s10619-018-7228-2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2018

Online multi-view subspace learning via group structure analysis for visual object tracking

Editorial note: special issue on big data and intelligent computing

Energy-aware task scheduling in mobile cloud computing

An accurate estimation algorithm for big data streams

Scalable datacenter multicast using in-packet bitmaps

Distributed computing connected components with linear communication cost

Premium Partner