3 research outputs found
A methodology for cost-benefit analysis of information security technologies
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Although information security technologies (such as digital rights management products) has been proven effective and successful in protecting the confidentiality of sensitive information by providing access control, these technologies have not been widely adopted and used to their potential. One reason for this could be that cost and benefit of these products have not been analysed in a systematic and quantitative manner to date. As a result, companies do not have an established procedure to evaluate the cost and benefit of implementing these products. In this document, the benefits of implementing a digital rights management product in enterprises are quantified using stochastic Petri nets models and are compared with the security needs of a corporation and potential costs incurred by the implementation process. An evaluating procedure for implementing these products is established. This procedure has the potential to be used to improve the ability of a corporation to make sensible security investment decisions
Quantitative analysis of distributed systems
PhD ThesisComputing Science addresses the security of real-life systems by using
various security-oriented technologies (e.g., access control solutions
and resource allocation strategies). These security technologies
signficantly increase the operational costs of the organizations in
which systems are deployed, due to the highly dynamic, mobile and
resource-constrained environments. As a result, the problem of designing
user-friendly, secure and high efficiency information systems
in such complex environment has become a major challenge for the
developers.
In this thesis, firstly, new formal models are proposed to analyse the
secure information
flow in cloud computing systems. Then, the opacity of work
flows in cloud computing systems is investigated, a threat
model is built for cloud computing systems, and the information leakage
in such system is analysed. This study can help cloud service
providers and cloud subscribers to analyse the risks they take with
the security of their assets and to make security related decision.
Secondly, a procedure is established to quantitatively evaluate the
costs and benefits of implementing information security technologies.
In this study, a formal system model for data resources in a dynamic
environment is proposed, which focuses on the location of different
classes of data resources as well as the users. Using such a model, the
concurrent and probabilistic behaviour of the system can be analysed.
Furthermore, efficient solutions are provided for the implementation of
information security system based on queueing theory and stochastic
Petri nets. This part of research can help information security officers
to make well judged information security investment decisions