集成消息传递中间件和信息流控制

2015 IEEE International Conference on Cloud Engineering Pub Date : 2015-03-09 DOI:10.1109/IC2E.2015.13

Jatinder Singh, Thomas Pasquier, J. Bacon, D. Eyers

{"title":"集成消息传递中间件和信息流控制","authors":"Jatinder Singh, Thomas Pasquier, J. Bacon, D. Eyers","doi":"10.1109/IC2E.2015.13","DOIUrl":null,"url":null,"abstract":"Security is an ongoing challenge in cloud computing. Currently, cloud consumers have few mechanisms for managing their data within the cloud provider's infrastructure. Information Flow Control (IFC) involves attaching labels to data, to govern its flow throughout a system. We have worked on kernel-level IFC enforcement to protect data flows within a virtual machine (VM). This paper makes the case for, and demonstrates the feasibility of an IFC-enabled messaging middleware, to enforce IFC within and across applications, containers, VMs, and hosts. We detail how such middleware can integrate with local (kernel) enforcement mechanisms, and highlight the benefits of separating data management policy from application/service-logic.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Integrating Messaging Middleware and Information Flow Control\",\"authors\":\"Jatinder Singh, Thomas Pasquier, J. Bacon, D. Eyers\",\"doi\":\"10.1109/IC2E.2015.13\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security is an ongoing challenge in cloud computing. Currently, cloud consumers have few mechanisms for managing their data within the cloud provider's infrastructure. Information Flow Control (IFC) involves attaching labels to data, to govern its flow throughout a system. We have worked on kernel-level IFC enforcement to protect data flows within a virtual machine (VM). This paper makes the case for, and demonstrates the feasibility of an IFC-enabled messaging middleware, to enforce IFC within and across applications, containers, VMs, and hosts. We detail how such middleware can integrate with local (kernel) enforcement mechanisms, and highlight the benefits of separating data management policy from application/service-logic.\",\"PeriodicalId\":395715,\"journal\":{\"name\":\"2015 IEEE International Conference on Cloud Engineering\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-03-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE International Conference on Cloud Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IC2E.2015.13\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE International Conference on Cloud Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IC2E.2015.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

摘要

安全性是云计算领域的一个持续挑战。目前，云用户在云提供商的基础设施中管理数据的机制很少。信息流控制(IFC)包括给数据贴上标签，以控制其在整个系统中的流动。我们致力于内核级IFC强制执行，以保护虚拟机(VM)内的数据流。本文阐述并演示了启用IFC的消息传递中间件在应用程序、容器、虚拟机和主机内部和跨应用程序中实施IFC的可行性。我们详细介绍了这些中间件如何与本地(内核)实施机制集成，并强调了将数据管理策略与应用程序/服务逻辑分离的好处。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Integrating Messaging Middleware and Information Flow Control

Security is an ongoing challenge in cloud computing. Currently, cloud consumers have few mechanisms for managing their data within the cloud provider's infrastructure. Information Flow Control (IFC) involves attaching labels to data, to govern its flow throughout a system. We have worked on kernel-level IFC enforcement to protect data flows within a virtual machine (VM). This paper makes the case for, and demonstrates the feasibility of an IFC-enabled messaging middleware, to enforce IFC within and across applications, containers, VMs, and hosts. We detail how such middleware can integrate with local (kernel) enforcement mechanisms, and highlight the benefits of separating data management policy from application/service-logic.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 IEEE International Conference on Cloud Engineering

自引率

0.00%

发文量

期刊最新文献

In-memory computing for scalable data analytics Automating Cloud Service Level Agreements Using Semantic Technologies A Case Study of IaaS and SaaS in a Public Cloud Architecture for High Confidence Cloud Security Monitoring Towards a Practical and Efficient Search over Encrypted Data in the Cloud