Abstract—In the extremely dynamic cloud computing system,
traditional access control technologies provide no autonomic
authorization and access control for the users on their data in
remote cloud. Once data is migrated to the cloud, the user
transfers the control to the providers of the cloud services and
cloud hardware. So, whether the data is proper protected will be
the users’ most primary concerns and major challenges. This
paper proposes a new decentralized information flow control
model- DIFC-AC and its implementation. It expands the
security label of DIFC with authorization condition used to
express the control demands of the user, and access to the data is
arbitrated based on their labels by intercepting IPC-relevant
system calls. Thereby, the controls on the data are reached to the
cloud, and sequentially the users’ demands on the confidentiality,
integrity and controllability of their data are meet.
Index Terms—Access control, authenticity, cloud computing,
confidentiality, decentralized information flow control.
Ye Jianwei is with Institute of Information Engineering, Chinese
Academy of Sciences, Beijing, China (e-mail: yejianwei@iie.ac.cn).
Xu Jie is with National Computer Network Emergency Response
Technical Team Coordination Center of China, China (e-mail:
xujie@cert.org.cn).
Jiao Xulu is with Information Center of Ministry of Industry and
Information Technology of China, China (e-mail: jxl@miit.gov.cn).
Xu Zhikai is with Haerbin Institute of Technology, Heilongjiang, China
(e-mail: zhikaixu@foxmail.com).
Cite: Ye Jianwei, Xu Jie, Jiao Xulu, and Xu Zhikai, "Protecting Cloud Data Using the Decentralized Information Flow Control with Authorization Condition," International Journal of Machine Learning and Computing vol. 5, no. 3, pp. 230-234, 2015.