Quantitative Analysis of Opacity in Cloud Computing Systems

Federated cloud systems increase the reliability and reduce the cost of the computational support. The resulting combination of secure private clouds and less secure public clouds, together with the fact that resources need to be located within different clouds, strongly affects the information flow security of the entire system. In this paper, the clouds as well as entities of a federated cloud system are assigned security levels, and a probabilistic flow sensitive security model for a federated cloud system is proposed. Then the notion of opacity --- a notion capturing the security of information flow --- of a cloud computing systems is introduced, and different variants of quantitative analysis of opacity are presented. As a result, one can track the information flow in a cloud system, and analyze the impact of different resource allocation strategies by quantifying the corresponding opacity characteristics.

[1]  Maciej Koutny,et al.  Verifying Secure Information Flow in Federated Clouds , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[2]  Vladimiro Sassone,et al.  Quantifying leakage in the presence of unreliable sources of information , 2017, J. Comput. Syst. Sci..

[3]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[4]  Maciej Koutny,et al.  Opacity Generalised to Transition Systems , 2005, Formal Aspects in Security and Trust.

[5]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[6]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[7]  Paul Watson,et al.  A framework for dynamically generating predictive models of workflow execution , 2013, WORKS@SC.

[8]  Maciej Koutny,et al.  Opacity generalised to transition systems , 2005, International Journal of Information Security.

[9]  Victor Khomenko,et al.  Diagnosability under Weak Fairness , 2014, 2014 14th International Conference on Application of Concurrency to System Design.

[10]  Serge Haddad,et al.  Optimal constructions for active diagnosis , 2013, J. Comput. Syst. Sci..

[11]  David Clark,et al.  A static analysis for quantifying information flow in a simple imperative language , 2007, J. Comput. Secur..

[12]  Jaisook Landauer,et al.  A lattice of information , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[13]  Mário S. Alvim,et al.  Probabilistic Information Flow , 2010, 2010 25th Annual IEEE Symposium on Logic in Computer Science.

[14]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[15]  Albert Y. Zomaya,et al.  Privacy-Aware Scheduling SaaS in High Performance Computing Environments , 2017, IEEE Transactions on Parallel and Distributed Systems.

[16]  Vasileios Germanos,et al.  Benefit and Cost of Cloud Computing Security , 2019, 2019 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI).

[17]  Geoffrey Smith,et al.  Computing the Leakage of Information-Hiding Systems , 2010, TACAS.

[18]  Paul Watson,et al.  Cloud computing for fast prediction of chemical activity , 2013, Future Gener. Comput. Syst..

[19]  Stefan Haar Types of Asynchronous Diagnosability and the Reveals-Relation in Occurrence Nets , 2010, IEEE Transactions on Automatic Control.

[20]  Maciej Koutny,et al.  Opacity in Internet of Things with Cloud Computing (Short Paper) , 2015, 2015 IEEE 8th International Conference on Service-Oriented Computing and Applications (SOCA).

[21]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[22]  Vijay Varadharajan,et al.  Hook-up property for information flow secure nets , 1991, Proceedings Computer Security Foundations Workshop IV.

[23]  Maciej Koutny,et al.  Modelling Opacity Using Petri Nets , 2005, WISP@ICATPN.

[24]  David Elliott Bell Concerning 'modeling' of computer security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[25]  Ana Sokolova,et al.  Information Hiding in Probabilistic Concurrent Systems , 2010, 2010 Seventh International Conference on the Quantitative Evaluation of Systems.

[26]  Krzysztof Juszczyszyn,et al.  Verifying enterprise's mandatory access control policies with coloured Petri nets , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[27]  Jonathan K. Millen,et al.  Covert Channel Capacity , 1987, 1987 IEEE Symposium on Security and Privacy.

[28]  Annabelle McIver,et al.  A probabilistic approach to information hiding , 2003 .

[29]  Maciej Koutny,et al.  Formal verification of secure information flow in cloud computing , 2016, J. Inf. Secur. Appl..

[30]  Mário S. Alvim,et al.  Measuring Information Leakage Using Generalized Gain Functions , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[31]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[32]  Paul Watson,et al.  Applications of provenance in performance prediction and data storage optimisation , 2017, Future Gener. Comput. Syst..

[33]  Paul Watson A multi-level security model for partitioning workflows over federated clouds , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.