支持中国墙策略的云组合服务信息流控制模型

doi:10.11772/j.issn.1001-9081.2017081981

计算机应用 ›› 2018, Vol. 38 ›› Issue (2): 310-315.DOI: 10.11772/j.issn.1001-9081.2017081981

支持中国墙策略的云组合服务信息流控制模型

刘明聪^1,2, 王娜^1,2

1. 信息工程大学, 郑州 450001;
2. 数学工程与先进计算国家重点实验室, 郑州 450001

收稿日期:2017-08-14 修回日期:2017-09-08 出版日期:2018-02-10 发布日期:2018-02-10
通讯作者: 王娜
作者简介:刘明聪(1993-),男,安徽淮南人,硕士研究生,主要研究方向:云计算、信息流安全;王娜(1980-),女,河南济源人,副教授,博士,主要研究方向:复杂系统环境下的信任管理。
基金资助:
国家自然科学基金资助项目（61502531）；国家863计划项目（2015AA016006）；河南省自然科学基金资助项目（162300410334）。

Information flow control model for cloud composite service supporting Chinese Wall policy

LIU Mingcong^1,2, WANG Na^1,2

1. Information Engineering University, Zhengzhou Henan 450001, China;
2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou Henan 450001, China

Received:2017-08-14 Revised:2017-09-08 Online:2018-02-10 Published:2018-02-10
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61502531), the National High Technology Research and Development Program (863 Program) of China (2015AA016006), and the Natural Science Foundation of Henan Province (162300410334).

摘要/Abstract

摘要： 由于所属服务提供商在商业上的竞争关系，云组合服务的组件服务之间可能存在利益冲突，必须对云组合服务的信息流进行控制以避免敏感信息在冲突组件服务间流动。针对云组合服务中的利益冲突问题，在构建云组合服务加权有向图模型的基础上，形式地描述了复杂组合结构下的信息流，定义了云服务的联盟关系与数据的依赖关系的概念，并将中国墙策略中的冲突关系扩展为组合冲突关系。在此基础上，提出了一种支持中国墙策略的云组合服务信息流控制模型（CW-CCSIFC），给出了模型的形式化描述及相关定理的证明。分析表明，CW-CCSIFC模型可以防止有利益冲突的云服务间的非法信息流动，保护云组合服务的信息流安全。

关键词: 云服务, 服务组合, 信息流, 利益冲突, 中国墙策略

Abstract: Due to the conflict of interest between the component services of the cloud composite service from different service providers, it is necessary to control the information flow of the cloud services to avoid the flow of sensitive information between the conflicting component services. For the conflict of interest in cloud composite service, it was formally described that the information flow of complex composite structure with the weighted directed graph model of cloud composite service, and defined that the concept of the dependency relation of data and the alliance relation of cloud services. Moreover, the conflict of interest relation was extended to the composite service-conflict of interest relation in Chinese Wall policy. Based on this, the Chinese Wall-based Cloud Composite Service Information Flow Control (CW-CCSIFC) model was proposed and the formal description as well as the proof of the relevant theorems was given. The analysis shows that the CW-CCSIFC model can block the illegal information flow between cloud services with conflicting interests and protect the information flow security of cloud composite service.

Key words: cloud service, service composition, information flow, conflict of interest, Chinese Wall policy

中图分类号:

TP309.2

刘明聪, 王娜. 支持中国墙策略的云组合服务信息流控制模型[J]. 计算机应用, 2018, 38(2): 310-315.

LIU Mingcong, WANG Na. Information flow control model for cloud composite service supporting Chinese Wall policy[J]. Journal of Computer Applications, 2018, 38(2): 310-315.

参考文献

[1] BREWER D F C, NASH M J. The Chinese Wall security policy[C]//Proceedings of the 1989 IEEE Symposium on Security and Privacy. Washington, DC:IEEE Computer Society, 1989:206-214.
[2] LIN T Y. Chinese Wall security policy-an aggressive model[C]//Proceedings of the 1989 Fifth Annual Computer Security Applications Conference. Piscataway, NJ:IEEE, 1990:286-293.
[3] WU R, AHN G-J, HU H, et al. Information flow control in cloud computing[C]//Proceedings of the 20106th International Conference on Collaborative Computing:Networking, Applications and Worksharing. Piscataway, NJ:IEEE, 2010:1-7.
[4] ALQAHTANI S M, GAMBLE R, RAY I. Auditing requirements for implementing the Chinese Wall model in the service cloud[C]//SERVICES'13:Proceedings of the 2013 IEEE Ninth World Congress on Services. Washington, DC:IEEE Computer Society, 2013:298-305.
[5] FEHIS S, NOUALI O, KECHADI T. A new Chinese Wall security policy model based on the subject's wall and object's wall[C]//ICACC 2015:Proceedings of the 2015 International Conference on Anti-Cybercrime. Piscataway, NJ:IEEE, 2015:1-6.
[6] FEHIS S, NOUALI O, KECHADI M-T. A new distributed Chinese Wall security policy model[J]. Journal of Digital Forensics, Security and Law, 2016, 11(4):Article 11.
[7] HUTTER D, VOLKAMER M. Information flow control to secure dynamic Web service composition[C]//SPC 2006:Proceedings of the 2006 International Conference on Security in Pervasive Computing, LNCS 3934. Berlin:Springer, 2006:196-210.
[8] SHE W, YEN I-L, THURAISINGHAM B, et al. The SCIFC model for information flow control in Web service composition[C]//ICWS'09:Proceedings of the 2009 IEEE International Conference on Web Services. Piscataway, NJ:IEEE, 2009:1-8.
[9] SHE W, YEN I-L, THURAISINGHAM B, et al. Rule-based run-time information flow control in service cloud[C]//ICWS 2011:Proceedings of the 201120th IEEE International Conference on Web Services. Washington, DC:IEEE Computer Society, 2011:524-531.
[10] YU B, YANG L, CHEN S, et al. An information flow control approach in composite services[C]//IETICT 2013:Proceedings of the 2013 IET International Conference on Information and Communications Technologies.[S.l.]:IET, 2013:263-269.
[11] XI N, SUN C, MA J, et al. Secure service composition with information flow control in service clouds[J]. Future Generation Computer Systems, 2015, 49:142-148.
[12] SOLANKI N, HOFFMAN T, YEN I-L, et al. An access and information flow control paradigm for secure information sharing in service-based systems[C]//COMPSAC 2015:Proceedings of the 2015 IEEE 39th Computer Software and Applications Conference. Washington, DC:IEEE Computer Society, 2015:60-67.
[13] XI N, SUN C, MA J, et al. Distributed information flow verification for secure service composition in smart sensor network[J]. China Communications, 2016, 13(4):119-130.
[14] 马俊,王志英,任江春,等. 一种实现数据主动泄漏防护的扩展中国墙模型[J].软件学报,2012, 23(3):677-687. (MA J, WANG Z Y, REN J C, et al. Extended Chinese Wall model for aggressive data leakage prevention[J]. Journal of Software, 2012, 23(3):677-687.)

[1]	赵秋云, 魏乐, 舒红平. 面向制造任务的云制造虚拟车间构造方法[J]. 计算机应用, 2021, 41(7): 2003-2011.
[2]	郭丽峰, 王倩丽. 自适应安全的带关键字搜索的外包属性基加密方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3266-3273.
[3]	刘惠剑, 刘峻松, 王佳伟, 薛岗. 基于过程划分技术的服务组合拆分方法[J]. 计算机应用, 2020, 40(3): 799-805.
[4]	毛昕怡, 钮俊, 丁雪儿, 张开乐. 基于模型检测的微服务组合平台QoS验证[J]. 计算机应用, 2020, 40(11): 3267-3272.
[5]	任玉柱, 张有为, 艾成炜. 污点分析技术研究综述[J]. 计算机应用, 2019, 39(8): 2302-2309.
[6]	郭荣佐, 冯朝胜, 秦志光. 物联网智能物流系统容错服务组合建模与分析[J]. 计算机应用, 2019, 39(2): 589-597.
[7]	王思臣, 涂辉, 张以文. 基于不确定服务质量感知的云服务组合方法[J]. 计算机应用, 2018, 38(10): 2753-2758.
[8]	刘其源, 焦健, 曹宏盛. Android隐式信息流检测的本体模型[J]. 计算机应用, 2018, 38(1): 61-66.
[9]	陈伟, 陈继明. 基于贝叶斯模型的云服务服务质量预测[J]. 计算机应用, 2016, 36(4): 914-917.
[10]	谢洪安, 刘大福, 苏旸, 张英男. 基于无干扰理论的云服务行为可信模型[J]. 计算机应用, 2016, 36(10): 2728-2732.
[11]	倪志伟, 方清华, 李蓉蓉, 李一鸣. 改进蚁群算法在基于服务质量的Web服务组合优化中的应用[J]. 计算机应用, 2015, 35(8): 2238-2243.
[12]	侯金奎, 王磊. 支持Web服务组合与验证的形式化模型[J]. 计算机应用, 2015, 35(6): 1773-1779.
[13]	张千, 陈朝根, 梁鸿. 基于虚拟化技术的私有云计算平台设计[J]. 计算机应用, 2015, 35(11): 3063-3069.
[14]	王涛, 严飞, 王庆飞, 张乐艺. 基于软件定义网络的非集中式信息流控制系统——S-DIFC[J]. 计算机应用, 2015, 35(1): 62-67.
[15]	田强夏永滢付晓东李昌志王威. 基于成本效益系数的Web服务组合可靠性优化方法[J]. 计算机应用, 2014, 34(3): 683-689.

支持中国墙策略的云组合服务信息流控制模型

Information flow control model for cloud composite service supporting Chinese Wall policy

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics