| In the traditional environment, users download application code to their own computers, and then use the application to process their own data. All operations are performed on the users' own machine. However in the cloud computing environment, users upload their data to the cloud for processing, and these data are no longer under users' management or control. In the cloud computing model, the users' fear of leakage of their sensitive data hinders the transition of security sensitive tasks to the cloud environment.For the user privacy issue, track the data flow of user sensitive data, while cloud services are processing the user sensitive data, and strictly enforce the user privacy policy. Specifically, an extra data originator attribute is added to user sensitive data, and the attribute is used to determine whether user data are sensitive or not. Then based on the dynamic data flow tracking technology, the data flow of user sensitive data is tracked, while cloud service is running.When user sensitive data will flow out of cloud service application, the privacy policy will be acquired through the data originator attribute. And the privacy policy will be used as a filter, to determine whether the data flow is safe or not. If the user sensitive data are allowed to flow out of cloud service application into a new location, the data originator attribute of the new location will be set as the same data originator of the user sensitive data. So the same privacy policy can be enforced in the new location, in order to protect user sensitive data permanently.Experiment results show that:(1) for those legal cloud service application behaviors, they will be executed normally.(2) For those illegal cloud service application behaviors that violate the user privacy policy, they will be detected and terminated before execution, so as to protect user sensitive data. |
PDF Full Text Request