• DocumentCode
    3270855
  • Title

    A Decentralized Information Flow Model for SaaS Applications Security

  • Author

    Liu Tingting ; Zhao Yong

  • Author_Institution
    Zhengzhou Inf. Sci. & Technol. Inst., Zhengzhou, China
  • fYear
    2013
  • fDate
    16-18 Jan. 2013
  • Firstpage
    40
  • Lastpage
    43
  • Abstract
    Software as a Service(SaaS) is a popular cloud service, but the SaaS providers have no security garantee for users. The SaaS providers may insert some malicious code in their applications with the primary goal of lifting user data. In order to address this problem, we introduce the security approach of Decentralized Information Flow Control (DIFC) and present a DIFC model that applies at the granularity of operating system processes for SaaS application security. The model allows untrusted software to compute with private data while trusted code controls the dissemination of that data. The trusted code is small which can be monitored easily. In addition, the model can be used in existing applications and allows safe interaction between conventional and DIFC-aware processes. Finally, we prove that the new model can enforce the security requirements of SaaS users.
  • Keywords
    cloud computing; data privacy; security of data; trusted computing; DIFC model; DIFC-aware process; SaaS application security; SaaS applications security; Software as a Service; cloud service; data dissemination; decentralized information flow model; malicious code insertion; operating system process granularity; private data; security approach; security garantee; security requirement; trusted code; untrusted software; user data lifting; Cloud computing; Computational modeling; Data models; Process control; Security; Software as a service; Cloud computing security; Software as a Service; decentralized privileges; information flow control;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligent System Design and Engineering Applications (ISDEA), 2013 Third International Conference on
  • Conference_Location
    Hong Kong
  • Print_ISBN
    978-1-4673-4893-5
  • Type

    conf

  • DOI
    10.1109/ISDEA.2012.17
  • Filename
    6454804
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3270855