Camflow: Managed Data-Sharing for Cloud Services

  title={Camflow: Managed Data-Sharing for Cloud Services},
  author={Thomas Pasquier and Jatinder Singh and D. Eyers and Jean Bacon},
  journal={IEEE Transactions on Cloud Computing},
A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications… 

Figures and Tables from this paper

Data-Centric Access Control for Cloud Computing

This paper considers how IFC can be integrated with application-specific access control, transparently from application developers, while building from simple IFC primitives, access control policies that align with the data management obligations of cloud providers and tenants.

Data Flow Management and Compliance in Cloud Computing

As cloud computing becomes an increasingly dominant means of providing computing resources, the legal and regulatory issues associated with data in the cloud become more pronounced and these issues must be managed not only between applications, but also through the entire, potentially global, cloud supply chain.

Seeing through the clouds : Managing data flow and compliance in cloud computing

Information Flow Control is introduced as a technology enabling auditable, fine-grained management as data moves throughout systems and demonstrated through real-world legal/ regulatory examples, which show how IFC can help satisfy data management obligations, and improve the accountability of responsible parties.

Information Flow Audit for PaaS Clouds

It is demonstrated how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools, which allows detailed understanding of the overall system.

Clouds of Things Need Information Flow Control with Hardware Roots of Trust

An approach based on Information Flow Control (IFC) is proposed that allows for the continuous, end-to-end enforcement of data flow policy, and the generation of provenance-like audit logs to demonstrate policy adherence and contractual/regulatory compliance.

LUCON: Data Flow Control for Message-Based IoT Systems

  • J. SchütteG. Brost
  • Computer Science
    2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
  • 2018
This paper introduces LUCON, a data-centric security policy framework for distributed systems that considers data flows by controlling how messages may be routed across services and how they are combined and processed.

Agile Composition of Compliant Data Analytics Platforms

The design and implementation of a cloud-based middleware platform that supportson-demand composition and configuration of security mechanism to ease regulatory compliance enablement is introduced.

Secure‐CamFlow: A device‐oriented security model to assist information flow control systems in cloud environments for IoTs

This research focuses on securing the entire process of data migration to cloud from devices while the in‐cloud data flow is monitored by the Information Flow Control policies specified by the users.

Pileus: protecting user resources from vulnerable cloud services

This paper has ported the OpenStack cloud platform to Pileus, finding that it can systematically prevent compromised cloud services from attacking other users' cloud operations with less than 3% additional latency for the operation.

InFeMo: Flexible Big Data Management Through a Federated Cloud System

A novel architecture scenario based on Cloud Computing and counts on the innovative model of Federated Learning, which incorporates all the existing Cloud models with a federated learning scenario, as well as other related technologies that may have integrated use with each other, offering a novel integrated scenario.



Integrating Messaging Middleware and Information Flow Control

The case for, and the feasibility of an IFC-enabled messaging middleware is made, to enforce IFC within and across applications, containers, VMs, and hosts and the benefits of separating data management policy from application/service-logic are highlighted.

Data Flow Management and Compliance in Cloud Computing

As cloud computing becomes an increasingly dominant means of providing computing resources, the legal and regulatory issues associated with data in the cloud become more pronounced and these issues must be managed not only between applications, but also through the entire, potentially global, cloud supply chain.

FlowK: Information Flow Control for the Cloud

The Cloud Safety Net project aims to show that Information Flow Control (IFC), a loadable kernel module for Linux, can augment existing security mechanisms and provide continuous enforcement of extended.

From system-centric to data-centric logging - Accountability, trust & security in cloud computing

This paper proposes a data-centric, detective approach to increase trust and security of data in the cloud, and contains a suite of techniques that address cloud security, trust and accountability from a detective approach at all levels of granularity.

Provenance for the Cloud

The case is made that provenance is crucial for data stored on the cloud and identify the properties of provenance that enable its utility and the case for incorporating provenance as a core cloud feature, discussing the issues in doing so.

Auditing cloud management using information flow tracking

H-one, a new auditing mechanism for cloud, uses information flow tracking techniques to implement complete, efficient and privacy-preserving logs that will enable the auditing of the administrators of the cloud infrastructure, thus increasing the customer's trust in cloud services.

SafeWeb: A Middleware for Securing Ruby-Based Web Applications

The design and implementation of SafeWeb is described, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing.

Expressing and Enforcing Location Requirements in the Cloud Using Information Flow Control

Information Flow Control (IFC) is investigated as a possible technical solution to expressing, enforcing and demonstrating compliance of cloud computing systems with policy requirements inspired by data protection and other laws.

Securing tags to control information flows within the Internet of Things

This paper makes the case for IFC, as a data-centric control mechanism, for securing loT architectures, and presents a certificate-based model for secure, trustworthy policy specification, that also reflects real-world loT concerns such as 'thing' ownership.

Towards Trusted Cloud Computing

The design of a trusted cloud computing platform (TCCP) is proposed, which enables Infrastructure as a Service (IaaS) providers such as Amazon EC2 to provide a closed box execution environment that guarantees confidential execution of guest virtual machines.