Advertisement

A Generic Framework for Representing Context-Aware Security Policies in the Cloud

  • Simeon Veloudis
  • Iraklis ParaskakisEmail author
  • Yiannis Verginadis
  • Ioannis Patiniotakis
  • Gregoris Mentzas
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 740)

Abstract

Enterprises are increasingly embracing cloud computing in order to reduce costs and increase agility in their everyday business operations. Nevertheless, due mainly to confidentiality, privacy and integrity concerns, many organisations are reluctant to migrate their sensitive data to the cloud. In order to alleviate these security concerns, this chapter proposes the PaaSword framework: a generic PaaS solution that provides capabilities for guiding developers through the process of defining appropriate policies for protecting their sensitive data. More specifically, this chapter outlines the construction of an extensible and declarative formalism for representing policy-related knowledge, one which disentangles the definition of a policy from the code employed for enforcing it. It also outlines the construction of a suitable Context-aware Security Model, a framework of concepts and properties in terms of which the policy-related knowledge is expressed.

Keywords

Context-aware security Ontologies Linked USDL Policies Access control Data privacy Security-by-design Governance of policies 

Notes

Acknowledgements

The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 644814. The authors would like to thank the partners of the PaaSword project (www.paasword.eu) for their valuable advice and comments.

References

  1. 1.
    Cisco: Cloud: What an Enterprise Must Know, Cisco White Paper (2011)Google Scholar
  2. 2.
    Vaquero, L.M., Rodero-Merino, L., Caceres, J., Lindner, M.: A break in the clouds: towards a cloud definition. SIGCOMM Comput. Commun. Rev. 39(1), 50–55 (2008)CrossRefGoogle Scholar
  3. 3.
    Micro, T.: The Need for Cloud Computing Security. Trend Micro (2010)Google Scholar
  4. 4.
    NIST: Cloud Computing Reference Architecture, National Institute of Standards and Technology (2011)Google Scholar
  5. 5.
    CSA: The Notorious Nine. Cloud Computing Top Threats in 2013. Cloud Security Alliance (2013)Google Scholar
  6. 6.
    Verginadis, Y., Michalas, A., Gouvas, P., Schiefer, G., Hübsch, G., Paraskakis, I.: PaaSword: a holistic data privacy and security by design framework for cloud services. In: Proceedings of the 5th International Conference on Cloud Computing and Services Science, CLOSER 2015, 20–22 May, Lisbon, Portugal (2015)Google Scholar
  7. 7.
    Ferrari, E.: Access Control in Data Management Systems. Synthesis Lectures on Data Management, vol. 2, no. 1, pp. 1–117. Morgan & Claypool (2010)Google Scholar
  8. 8.
    Dey, A.K.: Understanding and using context. Pers. Ubiquit. Comput. J. 5(1), 4–7 (2001)CrossRefGoogle Scholar
  9. 9.
    OASIS: OASIS eXtensible Access Control Markup Language (XACML) (2013). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
  10. 10.
    Linked USDL (2014). http://linked-usdl.org/
  11. 11.
    Pedrinaci, C., Cardoso, J. Leidig, T.: Linked USDL: a vocabulary for web-scale service trading. In: 11th Extended Semantic Web Conference (ESWC) (2014)Google Scholar
  12. 12.
    Strang, T., Linnhoff-Popien, C.: A Context modeling survey. In: Workshop on Advanced Context Modelling, Reasoning and Management, UbiComp 2004 - The Sixth International Conference on Ubiquitous Computing, Nottingham, England (2004)Google Scholar
  13. 13.
    Bettini, C., Brdiczka, O., Henricksen, K., Indulska, J., Nicklas, D., Ranganathan, A., Riboni, D.: A survey of context modelling and reasoning techniques. Pervasive Mob. Comput., 161–180 (2010)Google Scholar
  14. 14.
    Miele, A., Quintarelli, E., Tanca, L.: A methodology for preference-based personalization of contextual data. In: ACM Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, EDBT 2009, Saint-Petersburg, Russia, pp. 287–298 (2009)Google Scholar
  15. 15.
    Bucchiarone, A., Kazhamiakin, R., Cappiello, C., Nitto, E., Mazza, V.: A context-driven adaptation process for service-based applications. In: ACM Proceedings of the 2nd International Workshop on Principles of Engineering Service-Oriented Systems, PESOS 2010, Cape Town, South Africa, pp. 50–56 (2010)Google Scholar
  16. 16.
    Truong, H.-L., Manzoor, A., Dustdar, S.: On modeling, collecting and utilizing context information for disaster responses in pervasive environments. In: ACM Proceedings of the First International Workshop on Context-Aware Software Technology and Applications, CASTA 2009, Amsterdam, The Netherlands, pp. 25–28 (2009)Google Scholar
  17. 17.
    Abowd, G., Mynatt, E.: Charting past, present, and future research in ubiquitous computing. ACM Trans. Comput. Hum. Interact. (TOCHI), 29–58 (2000). Special issue on human-computer interaction in the new millenniumGoogle Scholar
  18. 18.
    Heupel, M., Fischer, L., Bourimi, M., Kesdogan, D., Scerri, S., Hermann, F., Gimenez, R.: Context-aware, trust-based access control for the di.me userware. In: Proceedings of the 5th International Conference on New Technologies, Mobility and Security, NTMS 2012, Istanbul, Turkey, pp. 1–6. IEEE Computer Society (2012)Google Scholar
  19. 19.
    Jung, C., Eitel, A., Schwarz, R.: Cloud security with context-aware usage control policies. In: Proceedings of the INFORMATIK 2014 Conference, pp. 211–222 (2014)Google Scholar
  20. 20.
    Verginadis, Y., Mentzas, G., Veloudis, S., Paraskakis, I.: A survey on context security policies. In: Proceedings of the 1st International Workshop on Cloud Security and Data Privacy by Design, CloudSPD 2015, Co-located with the 8th IEEE/ACM International Conference on Utility and Cloud Computing, Limassol, Cyprus, 7–10 December (2015)Google Scholar
  21. 21.
    Specification of Deliberation RuleML 1.01 (2015). http://wiki.ruleml.org/index.php/Specification_of_Deliberation_RuleML_1.01
  22. 22.
    Security Assertions Markup Language (SAML) Version 2.0. Technical Overview (2008). https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf
  23. 23.
  24. 24.
    Uszok, A., Bradshaw, J., Jeffers, R., Johnson, M., Tate, A., Dalton, J., Aitken, S.: KAoS policy management for semantic web services. IEEE Intel. Sys. 19(4), 32–41 (2005)CrossRefGoogle Scholar
  25. 25.
    Kagal, L., Finin, T., Joshi, A.: A policy language for a pervasive computing environment. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2003 (2003)Google Scholar
  26. 26.
    Hu, H., Ahn, G.-J., Kulkarni, K.: Ontology-based policy anomaly management for autonomic computing. In: 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom) (2011)Google Scholar
  27. 27.
    OWL Web Ontology Language Reference. W3C Recommendation (2004). http://www.w3.org/TR/owl-ref/

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Simeon Veloudis
    • 1
  • Iraklis Paraskakis
    • 1
    Email author
  • Yiannis Verginadis
    • 2
  • Ioannis Patiniotakis
    • 2
  • Gregoris Mentzas
    • 2
  1. 1.South East European Research Centre (SEERC), International Faculty, CITY CollegeThe University of SheffieldThessalonikiGreece
  2. 2.Institute of Communications and Computer SystemsNational Technical University of AthensAthensGreece

Personalised recommendations