Foundations for Designing, Defining, Validating and Executing Access Control Policies in Cloud Environments

  • Simeon Veloudis
  • Iraklis ParaskakisEmail author
  • Christos Petsos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10465)


By embracing cloud computing enterprises are able to boost their agility and productivity whilst realising significant cost savings. However, due to security and privacy concerns, many enterprises are reluctant to migrate their data and operations to the cloud. One way to alleviate these concerns is to devise access control policies that infuse suitable security controls into cloud services. Nevertheless, the complexity inherent in such policies, stemming from the dynamic nature of cloud environments, calls for a framework that provides assurances with respect to the effectiveness of the policies. In this respect, this work proposes a class of constraints, the so-called well-formedness constraints, that provide such assurances by empowering stakeholders to harness the attributes of the policies. Both the policies and the constraints are expressed ontologically hence enabling automated reasoning about the abidance of the policies with the constraints.


Foundation framework for policies Designing policies Defining policies policy governance Access control Policy governance Ontologies Description logics 



The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644814.


  1. 1.
    Cloud Security Alliance: What’s Hindering the Adoption of Cloud Computing in Europe? Cloud Security Alliance (2015). Accessed 6 May 2017
  2. 2.
    Veloudis, S., Paraskakis, I.: Defining an ontological framework for modelling policies in cloud environments. In: CloudCom 2016 – Proceedings of the 8th IEEE International Conference on Cloud Computing Technology and Science, pp. 277—284. IEEE Computer Society, Los Alamitos (2016)Google Scholar
  3. 3.
    Veloudis, S., Paraskakis, I., Petsos, C., Verginadis, Y., Patiniotakis, I., Mentzas, G.: An ontological template for context expressions in attribute-based access control policies. In: CLOSER 2017 – Proceedings of the 7th International Conference on Cloud Computing and Services Science, pp. 123–134. Scitepress (2017)Google Scholar
  4. 4.
    PaaSword project. Accessed 6 May 2017
  5. 5.
    Hu, V.C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller R., Scarfone, K.: Guide to Attribute Based Access Control (ABAC), Definition and Considerations. NIST (2014)Google Scholar
  6. 6.
    eXtensible Access Control Markup Language (XACML) Version 3.0. 22 January 2013. OASIS Standard. Accessed 6 May 2017
  7. 7.
    PaaSword Deliverable 2.1. Accessed 6 May 2017
  8. 8.
    Horrocks, I., Kutz, O., Sattler, U.: The even more irresistible SROIQ. In: Doherty, P., Mylopoulos, J., Welty, C.A. (eds.) Proceedings of the 10th International Conference on Principles of Knowledge Representation and Reasoning (KR 2006), pp. 57–67. AAAI Press (2006)Google Scholar
  9. 9.
    Tao, J., Sirin, E., Bao, J., McGuinness, D.L.: Integrity constraints in OWL. In: Proceedings of the 24th AAAI Conference on Artificial Intelligence (AAAI-10), Atlanta, Georgia, USA, 11–15 July 2010Google Scholar
  10. 10.
    SPARQL 1.1 Query Language W3C Recommendation, 21 March 2013. Accessed 6 May 2017
  11. 11.
    Sirin, E., Parsia, B., Cuenca Grau, B., Kalyanpur, A., Katz, Y.: Pellet: a practical OWL-DL reasoner. Web Semant. Sci. Serv. Agents World Wide Web 5(2), 51–53 (2007)CrossRefGoogle Scholar
  12. 12.
    Kagal, L., Finin, T., Joshi, A.: A policy language for a pervasive computing environment. In: Proceedings IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), pp. 63–74. IEEE Computer Society, Washington, D.C. (2003)Google Scholar
  13. 13.
    Nejdl, W., Olmedilla, D., Winslett, M., Zhang, C.C.: Ontology-based policy specification and management. In: Gómez-Pérez, A., Euzenat, J. (eds.) ESWC 2005, vol. 3532, pp. 290–302. Springer, Heidelberg (2005)Google Scholar
  14. 14.
    Uszok, A., Bradshaw, J., Jeffers, R., Johnson, M., Tate, A., Dalton, J., Aitken, S.: KAoS policy management for semantic web services. IEEE Intel. Syst. 19(4), 32–41 (2004)CrossRefGoogle Scholar
  15. 15.
    OWL 2 Web Ontology Language Primer, 2nd edn. Accessed 6 May 2017

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  • Simeon Veloudis
    • 1
  • Iraklis Paraskakis
    • 1
    Email author
  • Christos Petsos
    • 1
  1. 1.South East European Research Centre (SEERC)The University of Sheffield, International Faculty CITY CollegeThessalonikiGreece

Personalised recommendations