HDFT++ Hybrid Data Flow Tracking for SaaS Cloud Services

• Published in: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud) pp. 333 - 338
• Main Authors: Fromm, Alexander, Stepa, Vladislav
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.06.2017
• Subjects: Cloud Audit; Cloud computing; Data Flow Tracking; Data mining; Data Protection; Java; Monitoring; Phosphors; Privacy; Software as a service
• DOI: 10.1109/CSCloud.2017.9

SaaS based cloud computing promises to provide dedicated and specialized computational resources on-premise and on a pay-per-use base to cloud consumers. These benefits, however, are traded with data confidentiality concerns: once data is transmitted to a cloud service, cloud consumers loose control over their data and remain in uncertainty about how their data is processed and disseminated inside the service. To counteract those concerns, we provide HDFT++, a hybrid data flow tracking approach to screen how data disseminate inside a cloud service. That way for instance, cloud service consumers are provided with valuable and detailed information to audit their cloud-resident data. Our approach is innovative, as we combine statically computed information flow analysis results with dynamic run-time data flow tracking mechanisms to monitor only those program locations inside a SaaS service that are actually relevant for a flow of data. Our evaluation results show, that our solution, while collecting run-time information, imposes less or at least equivalent performance overhead on the service under scrutiny than related work. Moreover, as we only track the flow of data at the service level, we could achieve by design a better balance between performance overhead and portability of the monitored service.