面向PaaS云的信息流控制框架设计与实现  被引量:1

Design and Implementation of Information Flow Control Framework for PaaS

在线阅读下载全文

作  者:邵婧[1,2] 陈左宁[2] 殷红武[2] 许国春[2] 

机构地区:[1]解放军信息工程大学,郑州450001 [2]江南计算技术研究所,无锡214083

出  处:《计算机科学》2015年第12期257-262,共6页Computer Science

基  金:核高基项目(2013ZX01029002-001)资助

摘  要:分布式信息流控制(DIFC)是实施端到端数据保护的一种有效方法。现有DIFC方法存在信息流控制粒度单一、需要修改语言运行时环境等问题,不能很好地满足PaaS平台的数据安全需求。基于最典型的PaaS云平台GAE,提出了一个信息流控制框架GIFC,其结合了对象级、消息级和SQL级3种控制粒度。组件内基于Python库来控制调用对象的方法中所涉及的实体间的信息交互;组件间消息代理根据消息安全标记来过滤消息,以此限制组件可以接收的消息集;组件与数据库之间扩展GAE中的数据模式支持标记信息在datastore中的持久化存储。实验表明,多种IFC粒度相结合有效平衡了信息流控制精度和运行性能。Decentralized information flow control is an effective method for end-to-end data protection. The existing DIFC methods have some shortages, for example, information flow tracking granularity is too simplex and language runtime environment has to be modified, which cannot satisfy the data security requirements of PaaS platform. An inforrnation flow control framework for GAE was proposed. The framework GIFC combines three granularities of objects, message and SOL. In the component, the information interactions of the entities are controlled with the Python library. The entities are those involved in the method calling for objects. Between the components, message proxies filter the messages with the security labels, in order to restrict the messages received by the component. Between the components and datastore, the data models of GAE are extended, supporting the persistent storage of labels in the datastore. The evaluation shows that the combination of multi IFC granularities effectively balances the precision and performance.

关 键 词:Google应用程序执行引擎 信息流控制 组件 PYTHON 中间件 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象