Secure service composition with information flow control in service clouds

Service clouds built on cloud infrastructures and service-oriented architecture provide users with a novel pattern of composing basic services to achieve complicated tasks. However, in multiple clouds environment, outsourcing data and applications pose a great challenge to information flow security for the composite services, since sensitive data may be leaked to unauthorized attackers during service composition. Although model checking has been considered as a promising approach to enforce information flow security precisely, its high complexity on modeling and the heavy cost on verification cause great burdens to the process of service composition. In this paper, we propose a distributed approach to composing services securely with information flow control. In our approach, each service component is first verified through model checking, and then a compositional verification procedure is executed to ensure the information flow security along with the composition of these services. The experimental results indicate that our approach can reduce the cost of verification compared with the global verification approach. For the dynamic dependences in service chain, we propose a Secure Information Flow Model for service composition in service clouds.We specify the security constraints for each service participant based on the dependences and lattice model.We propose a distributed compositional information verification algorithm for the secure service composition in service clouds.Our approach simplifies the complexity of model checking and decreases the cost of the verification work effectively.