Formal Verification of Secure Information Flow in Cloud Computing

Federated cloud systems increase the reliability and reduce the cost of computational support to an organization. However, the resulting combination of secure private clouds and less secure public clouds impacts on the overall security of the system as applications need to be located within di�erent clouds. In this paper, the entities of a federated cloud system as well as the clouds are assigned security levels of a given security lattice. Then a dynamic ow sensitive security model for a federated cloud system is introduced within which the Bell-LaPadula rules and cloud security rule can be captured. The rest of the paper demonstrates how Petri nets and the associated veri�cation techniques could be used to analyze the security of information ow in federated cloud systems

A methodology for cost-benefit analysis of information security technologies

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Although information security technologies (such as digital rights management products) has been proven effective and successful in protecting the confidentiality of sensitive information by providing access control, these technologies have not been widely adopted and used to their potential. One reason for this could be that cost and benefit of these products have not been analysed in a systematic and quantitative manner to date. As a result, companies do not have an established procedure to evaluate the cost and benefit of implementing these products. In this document, the benefits of implementing a digital rights management product in enterprises are quantified using stochastic Petri nets models and are compared with the security needs of a corporation and potential costs incurred by the implementation process. An evaluating procedure for implementing these products is established. This procedure has the potential to be used to improve the ability of a corporation to make sensible security investment decisions