Abstract
Transparent computing is a novel network computing paradigm in which operating systems, applications, data, etc. are stored and managed on remote servers, and complex computing tasks are performed on local clients in real time. The unified and professional storage managements on servers make clients capable of owning an intrinsic advantage of storage security. However, due to runtime computing tasks of applications, protecting information flow security in end devices becomes important. In this paper, we propose a secure information flow model and design an information flow search algorithm based on Depth-first-search to prevent illegal access between files in transparent computing local environment. The main idea is to detect indirect access in information flow graph constructed with historic access records at first. Then compare the indirect access with previously designed white list to find out whether there are illegal behaviors. Intercepting access behavior is implemented by a special and secure file filter above file system at kernel level. Algorithm and security analysis show that our work can provide a secure information flow mechanism efficiently.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang, Y.: Transparence computing: concept, architecture and example. Acta Electronica Sin. 32(12A), 169–173 (2004)
Zhang, Y., Zhou, Y.: Transparent computing: a new paradigm for pervasive computing. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 1–11. Springer, Heidelberg (2006)
Lapadula, L., Lapadula, L.J., Bell, D.E.: Secure computer systems: a mathematical model. Technical report 2547 (1996)
Xue, H., Dai, Y.: A privacy protection model for transparent computing system. Int. J. Cloud Comput. 1(4), 367–384 (2012)
Yang, Y., Ding, R., Min, Y.: Object-based access control model. Autom. Electr. Power Syst. 27(7), 36–40 (2003)
Deng, J.B., Hong, F.: Task-based access control model. J. Softw. 14(1), 76–82 (2003)
Ferraiolo, D., Kuhn, D.R., Chandramouli, R.: Role-based access control. Artech House (2003)
Li, F., Wang, W., Ma, J., Liang, X.: Action-based access control model and administration of actions. Acta Electronica Sin. 36(10), 1881–1890 (2008)
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Cheng, W., Ports, D.R., Schultz, D.A., Popic, V., Blankstein, A., Cowling, J.A., Curtis, D., Shrira, L., Liskov, B.: Abstractions for usable information flow control in aeolus. In: USENIX Annual Technical Conference, pp. 139–151 (2012)
Bichhawat, A., Rajani, V., Garg, D., Hammer, C.: Information flow control in WebKit’s javascript bytecode. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 159–178. Springer, Heidelberg (2014)
Hedin, D., Sabelfeld, A.: Information-flow security for a core of javascript. In: 25th IEEE Computer Security Foundations Symposium, pp. 3–18 (2012)
Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: Jsflow: tracking information flow in javascript and its apis. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1663–1671 (2014)
Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire: lightweight provenance for smart phone operating systems. In: USENIX Security Symposium, p. 24 (2011)
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2), 5 (2014)
Nakamura, S., Doulikun, D., Aikebaier, A., Enokido, T., Takizawa, M.: Role-based information flow control models. In: 28th IEEE International Conference on Advanced Information Networking and Applications, pp. 1140–1147 (2014)
Zhou, Y., Zhang, Y., Xie, Y., Zhang, H., Yang, L.T., Min, G.: Transcom: a virtual disk-based cloud computing platform for heterogeneous services. IEEE Trans. Netw. Serv. Manage. 11(1), 46–59 (2014)
Chen, J., Jie, S., Zhang, X.: Implementation of virus prevention method based on file system filter driver. Comput. Technol. Dev. 23(3), 143–146 (2013)
Qiu, S., Tang, G., Wang, Y.: Research of file backup method based on double cache and minifilter driver. In: 2015 International Conference on Advances in Mechanical Engineering and Industrial Informatics. Atlantis Press (2015)
Chen, J., Ye, J.: Research on the file encryption system based on minifilter driver. In: Long, S., Dhillon, B.S. (eds.) Proceedings of the 13th International Conference on Man-Machine-Environment System Engineering. Lecture Notes in Electrical Engineering, pp. 175–182. Springer, Heidelberg (2014)
Li, Z.: Research on the technology of dynamically access control based on file filter driver in windows system. Comput. Knowl. Technol. 8(9), 2045–2047 (2012)
Zhang, Y., Zhou, Y.: TransOS: a transparent computing-based operating system for the cloud. Int. J. Cloud Comput. 1(4), 287–301 (2012)
Acknowledgments
This work is supported in part by the Joint Project of Central South University and Tencent Corporation under Grant Number 2014002H029, the Hunan Provincial Innovation Foundation for Postgraduate under Grant Number CX2015B047, the Hunan Provincial Education Department of China under grant number 2015C0589, the International Science & Technology Cooperation Program of China under Grant Number 2013DFB10070, and the China Hunan Provincial Science & Technology Program under Grant Number 2012GK4106.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Tang, W., Xu, Y., Wang, G., Zhang, Y. (2015). An Illegal Indirect Access Prevention Method in Transparent Computing System. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9532. Springer, Cham. https://doi.org/10.1007/978-3-319-27161-3_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-27161-3_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27160-6
Online ISBN: 978-3-319-27161-3
eBook Packages: Computer ScienceComputer Science (R0)