Access and Information Flow control in Cloud Environments
Date
Authors
ORCID
Journal Title
Journal ISSN
Volume Title
Publisher
item.page.doi
Abstract
Different service computing paradigms have been widely supported in the Cloud. A wide varieties of services from different providers belonging to different domains are hosted in the cloud. These services can be composed together dynamically to realize important tasks. Due to composition, information may flow from one service domain to another along the workflow paths in a composite service. Also, cloud offers the SaaS (Software as a Service) paradigm where a single, highly configurable software service can be provided to multiple tenants. In SaaS, there may also be information flow from one tenant to another when there is information sharing among different tenants. The information flow in these service based systems, if not properly controlled, may cause undesired leakage of critical data. Existing works on access control for service based systems do not consider the information flow problem discussed above. We have developed the WS-AIFC (access and information flow control for web services) model and tools for enforcing access and information flow control (AIFC) in cloud-based distributed web service systems as well as in SaaS cloud. In WS-AIFC, each domain (or tenant) can define its AIFC policies independently. The system keeps track of the dependencies of data due to information flows using the provenance techniques. When an access to a data d is to be validated, WS-AIFC not only validates the access rights for d against the access control policies of the domain that d belongs to (or d’s owner tenant), but also validates the access rights to each d' in d’s dependency list against the access control policies of the domain d' belongs to (or d’s owner tenant). During such validations, we use existing role mapping techniques to map the accessor role to the roles in the domains of d and d’s dependency list. We also implemented a WS-AIFC framework to realize the access and information flow control in cloud based distributed web services systems as well as SaaS cloud. WS-AIFC is based on the role-based access control (RBAC) model. RBAC organizes subjects in a domain (or of a tenant) into a role hierarchy but does not consider organizing the object space (resources). Thus, in a system with a large object space (i.e., a large number of resources that have independent access rights), RBAC can incur a high permission assignment and validation cost. To enhance the access control efficiency for WS-AIFC, we further develop the RRBAC (resource and role based access control) model. In RRBAC, resources in each domain (or tenant) are organized into a resource tree. Access permissions assigned to an intermediate node n can be inherited by n’s child nodes in the resource tree. Thus, permission assignment overhead in RRBAC is greatly reduced from that of RBAC. We have also designed a resource tree based data structure to manage RRBAC permissions and achieve high performance for various permission related operations. We experimentally evaluate the performance of the WS-AIFC framework and the RRBAC enhancement and the results show that our AIFC solution can achieve very good performance for access and information flow control in distributed web services as well as SaaS systems hosted in the cloud.