A Cloud Computing Security Model Based on Noninterference
LÜ Congdong1,2, QIAN Gang1, CHEN Tao11. School of Information Engineering, Nanjing Audit Univer-sity, Nanjing 211815, Jiangsu, China; 2. People’s Court Judicial Big Data Research Base, Southeast University, Nanjing 211189, Jiangsu, China
In cloud computing, the risk of data leakage exists between users and virtual machines. Whether it is direct or indirect data leakage, it can be regarded as illegal information flow. Methods such as access control models can control the information flow rather than the covert information flow. Therefore, it needs to use the noninterference models to detect the existence of illegal information flow in cloud computing. Typical noninterference models are not suitable to verificate information flow in cloud computing. When concurrent access actions execute in the cloud architecture, security domains do not affect each other, because there is no information flow between security domains. Based on this, we propose noninterference for cloud architecture in which concurrent access and sequential access coexist. When the sequential actions execute, the information flow between security domains can flow in accordance with established rules. When concurrent access actions execute, there should not be the information flow between security domains.
Key words:cloud computing security; information flow security; noninterference; noninterference models
 Chen H, Wu N M, Shao Z, et al. Toward compositional veri-fication of interruptible OS kernels and device drivers [J]. Programming Language Design and Implementation, 2016, 51(6): 431-447.
 Seshadri A, Luk M, Qu N, et al. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes [J]. ACM SIGOPS Operating Systems Review, 2007, 41(6): 335-350.
 Dai Y H, Shi Y, Qi Y, et al. Design and verification of a lightweight reliable virtual machine monitor for a many-core architecture [J]. Frontiers of Computer Science, 2013, 7(1): 34- 43.
 Li D C, Liu C, Wei Q, et al. RBAC-based access control for SaaS systems [C] //2010 2nd International Conference on Information Engineering and Computer Science (ICIECS). Washington D C: IEEE, 2010: 1-4.
 Rizvi S, Mitchell J. A semi-distributed access control man-agement scheme for securing cloud environment [C]// In-ternational Conference on Cloud Computing. Piscataway: IEEE, 2015: 501-507.
 Xue J, Zhang J J. A brief survey on the security model of cloud computing [C]//2010 Ninth International Symposium on Distributed Computing and Applications to Business, En-gineering and Science. Piscataway: IEEE, 2010: 475-478.
 Zhang F, Zhang C, Chen W, et al. Noninterference analysis of trust of behavior in cloud computing system [J]. Journal of Computer, 2017, 40(9): 1-15(Ch).
 West R, Li Y, Missimer E S, et al. A virtualized separation kernel for mixed-criticality systems [J]. ACM Transactions on Computer Systems, 2016, 34(3): 15-30.
 Zeng W, Koutny M, Watson P, et al. Formal verification of secure information flow in cloud computing [C] // Workshop on Information Security Applications. Piscataway: IEEE, 2016: 103-116.
 Srivastava H, Kumar S A. Control framework for secure cloud computing [J]. Journal of Information Security, 2015, 6(1): 12-23.
 Bezemer C P, Zaidman A. Multi-tenant SaaS applications: Maintenance dream or nightmare? [C]// Proceedings of the Joint ERCIM Workshop on Software Evolution (EVOL) and International Workshop on Principles of Software Evolution (IWPSE). Piscataway: IEEE, 2010: 88-92.
 Xu Y, Bailey M, Jahanian, et al. An exploration of L2 cache covert channels in virtualized environments[C] // Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop. Piscataway: IEEE, 2011: 29-40.
 Wang Z, Sun K, Jajodia S, et al. Disk storage isolation and verification in cloud[C]// Global Communications Conference (GLOBECOM). Piscataway: IEEE, 2012: 771-776.
 Li Y, West R, Missimer E. A virtualized separation kernel for mixed criticality systems [C] // Proceedings of the 10th ACM SIGPLAN/SIGOPS International Conference on Virtual Ex-ecution Environments. New York: ACM, 2014: 201-212.
 Ristenpart T, Tromer E, Shacham H, et al. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security. New York: ACM, 2009: 199-212.
 Okamura K, Oyama Y. Load-based covert channels between Xen virtual machines[C]//Proceedings of the 2010 ACM Symposium on Applied Computing. New York: ACM, 2010: 173-180.
 Rushby J M. Proof of separability: A verification technique for a class of security kernels [C]// International Symposium on Programming. Heidelberg: Springer-Verlag, 1982: 352-367.
 Xu X L, Liu G P, Zhu J. Cloud data security and integrity protection model based on distributed virtual machine agents [C]// International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery. Piscataway: IEEE, 2017:6-13.
 Reuben J S. A survey on virtual machine security [J]. Helsinki University of Technology, 2007, 10(2): 20-36.
 Pearce M, Zeadally S, Hunt R. Virtualization: Issues, security threats, and solutions [J]. ACM Computing Surveys (CSUR), 2013, 45(2): 1-17.
 McCullough D. Specifications for multi-level security and a hook-up property [C]// IEEE Symposium on Security and Privacy. Washington D C: IEEE, 1987: 161-166.
 Goguen J A, Meseguer J. Unwinding and inference control [C] //1984 IEEE Symposium on Security and Privacy. Pisca-taway: IEEE, 1984: 75-81.
 Georget L, Jaume M, Piolle G. Verifying the reliability of operating system-level information flow control systems in linux [C]// International FME Workshop on Formal Methods in Software Engineering. Piscataway: IEEE, 2017:10-16.
 Meyden R V D, Zhang C Y. A comparison of semantic mod-els for noninterference [J]. Theoretical Computer Science, 2010, 411(47): 4123-4147.