By Topic

A Decentralized Information Flow Model for SaaS Applications Security

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Liu Tingting ; Zhengzhou Inf. Sci. & Technol. Inst., Zhengzhou, China ; Zhao Yong

Software as a Service(SaaS) is a popular cloud service, but the SaaS providers have no security garantee for users. The SaaS providers may insert some malicious code in their applications with the primary goal of lifting user data. In order to address this problem, we introduce the security approach of Decentralized Information Flow Control (DIFC) and present a DIFC model that applies at the granularity of operating system processes for SaaS application security. The model allows untrusted software to compute with private data while trusted code controls the dissemination of that data. The trusted code is small which can be monitored easily. In addition, the model can be used in existing applications and allows safe interaction between conventional and DIFC-aware processes. Finally, we prove that the new model can enforce the security requirements of SaaS users.

Published in:

Intelligent System Design and Engineering Applications (ISDEA), 2013 Third International Conference on

Date of Conference:

16-18 Jan. 2013