2016 11th International Conference on Availability, Reliability and Security (ARES) 2016
DOI: 10.1109/ares.2016.27
|View full text |Cite
|
Sign up to set email alerts
|

IFCaaS: Information Flow Control as a Service for Cloud Security

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
6
0

Year Published

2017
2017
2023
2023

Publication Types

Select...
4
3
2

Relationship

0
9

Authors

Journals

citations
Cited by 11 publications
(6 citation statements)
references
References 12 publications
0
6
0
Order By: Relevance
“…Some approaches use information-flow security to address problems that are complementary to our techniques, for example, checking the correct labelling of software or monitoring inputs and storage accesses by the applications. Elsayed and Zulkernine [38] propose a framework to deliver Information-Flow-Control-as-a-Service (IFCaaS) in order to protect the confidentiality and integrity of the information flow in a Software-as-a-Service application. The framework works as a trusted party that creates a call graph of an application from the source code and applies information-flow security based on dependence graphs to detect violations of the non-interference policy.…”
Section: Information-flow Securitymentioning
confidence: 99%
“…Some approaches use information-flow security to address problems that are complementary to our techniques, for example, checking the correct labelling of software or monitoring inputs and storage accesses by the applications. Elsayed and Zulkernine [38] propose a framework to deliver Information-Flow-Control-as-a-Service (IFCaaS) in order to protect the confidentiality and integrity of the information flow in a Software-as-a-Service application. The framework works as a trusted party that creates a call graph of an application from the source code and applies information-flow security based on dependence graphs to detect violations of the non-interference policy.…”
Section: Information-flow Securitymentioning
confidence: 99%
“…The authors of [12] proposed a twolayer information flow control model for the cloud environment, designed and implemented a prototype system, that can provide cloud tenants with information flow tracking and control as a service, and proposed a protection mechanism for common system attacks such as stack overflow and buffer overflow. To overcome the loss of control of sensitive data manipulated by applications in the SaaS cloud environment and the lack of security enforcement measures, the authors of [13] proposed an information flow as a service (IFCaaS) framework, which uses information flow control as a security verification method for SaaS layer applications. In [14], by analyzing the behavior of entities and linking them with trust levels and security classes, security attributes were dynamically formulated, thereby enhancing information flow control to ensure the security attributes of tenants and organizations.…”
Section: Related Work a Access Control And Information Flow Controlmentioning
confidence: 99%
“…The result publisher component refines and reports the analysis results to the cloud provider and tenant. Based on the results, it decides if a security certificate should be granted to the candidate application, which is sent to both the cloud provider and tenant [38] (Fig. 2).…”
Section: F Service Level -Cloud Implementationmentioning
confidence: 99%