Martin Sadler

Information Stewardship in Cloud Computing

Cloud computing ecosystems of service providers and consumers will become a significant part of the way information services are provided, allowing more agile coalitions, cost savings and improved service delivery. Existing approaches to information security do not readily extend to this complex multi-party world. The authors argue for a mathematical model-based framework for the analysis and management of information stewardship that makes explicit both the expectations and responsibilities of cloud stakeholders and the design assumptions of systems. Such a framework supports integrated economic, technology, and behavioural analyses, so providing a basis for a better understanding of the interplay between preferences, policies, system design, regulations, and Service Level Agreements. The authors suggest approaches to constructing economic, technology, and behavioural models and discuss the challenges in integrating them.

Information Stewardship in Cloud Ecosystems: Towards Models, Economics, and Delivery

We discuss the concept of information stewardship in cloud-based business ecosystems. The constituent concepts of stewardship -- which we believe will be crucial to the successful development of cloud-based business of all kinds -- extend those of security to encompass concepts of objectives, ethics/values, sustainability, and resilience: all familiar from the stewardship of natural resources. Our view is based on rigorous approaches from mathematical systems modelling and economics, and is informed by concepts from natural resource management and information assurance.

Reducing risks of widespread faults and attacks for commercial software applications: towards diversity of software components

Recent IT attacks demonstrated how vulnerable consumers and enterprises are when adopting commercial and widely deployed operating systems, software applications and solutions. Diversity in software applications is fundamental to increase chances of survivability to faults and attacks. Current approaches to diversity are mainly based on the development of multiple versions of the same software, their parallel execution and the usage of voting mechanisms. Because of the high cost, they are used mainly for very critical and special cases. We introduce and discuss an alternative method to ensure diversity for common widespread software applications without requiring additional resources. We describe a few encouraging results obtained from simulations.