Verifying Secure Information Flow in Federated Clouds

Federated cloud systems increase the reliability and reduce the cost of computational support to an organization. However, the resulting combination of secure private clouds and less secure public clouds impacts on the security requirements of the system. Therefore, applications need to be located within different clouds, which strongly affects the information flow security of the entire system. In this paper, the entities of a federated cloud system as well as the clouds are assigned security levels of a given security lattice. Then a dynamic flow sensitive security model for a federated cloud system is proposed within which the Bell-LaPadula rules and cloud security rule can be captured. As a result, one can track and verify the security information flow in federated clouds. Moreover, an example is used to explain how Petri nets could be used to represent such a system, making it possible to verify secure information flow in federated clouds using the existing Petri net techniques.