Abstract
Enterprises are increasingly embracing cloud computing in order to reduce costs and increase agility in their everyday business operations. Nevertheless, due mainly to confidentiality, privacy and integrity concerns, many organisations are reluctant to migrate their sensitive data to the cloud. In order to alleviate these security concerns, this chapter proposes the PaaSword framework: a generic PaaS solution that provides capabilities for guiding developers through the process of defining appropriate policies for protecting their sensitive data. More specifically, this chapter outlines the construction of an extensible and declarative formalism for representing policy-related knowledge, one which disentangles the definition of a policy from the code employed for enforcing it. It also outlines the construction of a suitable Context-aware Security Model, a framework of concepts and properties in terms of which the policy-related knowledge is expressed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
All USDL-SEC classes and properties are prefixed with the usdl-sec namespace. To avoid notational clutter, this namespace is omitted here.
References
Cisco: Cloud: What an Enterprise Must Know, Cisco White Paper (2011)
Vaquero, L.M., Rodero-Merino, L., Caceres, J., Lindner, M.: A break in the clouds: towards a cloud definition. SIGCOMM Comput. Commun. Rev. 39(1), 50–55 (2008)
Micro, T.: The Need for Cloud Computing Security. Trend Micro (2010)
NIST: Cloud Computing Reference Architecture, National Institute of Standards and Technology (2011)
CSA: The Notorious Nine. Cloud Computing Top Threats in 2013. Cloud Security Alliance (2013)
Verginadis, Y., Michalas, A., Gouvas, P., Schiefer, G., Hübsch, G., Paraskakis, I.: PaaSword: a holistic data privacy and security by design framework for cloud services. In: Proceedings of the 5th International Conference on Cloud Computing and Services Science, CLOSER 2015, 20–22 May, Lisbon, Portugal (2015)
Ferrari, E.: Access Control in Data Management Systems. Synthesis Lectures on Data Management, vol. 2, no. 1, pp. 1–117. Morgan & Claypool (2010)
Dey, A.K.: Understanding and using context. Pers. Ubiquit. Comput. J. 5(1), 4–7 (2001)
OASIS: OASIS eXtensible Access Control Markup Language (XACML) (2013). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
Linked USDL (2014). http://linked-usdl.org/
Pedrinaci, C., Cardoso, J. Leidig, T.: Linked USDL: a vocabulary for web-scale service trading. In: 11th Extended Semantic Web Conference (ESWC) (2014)
Strang, T., Linnhoff-Popien, C.: A Context modeling survey. In: Workshop on Advanced Context Modelling, Reasoning and Management, UbiComp 2004 - The Sixth International Conference on Ubiquitous Computing, Nottingham, England (2004)
Bettini, C., Brdiczka, O., Henricksen, K., Indulska, J., Nicklas, D., Ranganathan, A., Riboni, D.: A survey of context modelling and reasoning techniques. Pervasive Mob. Comput., 161–180 (2010)
Miele, A., Quintarelli, E., Tanca, L.: A methodology for preference-based personalization of contextual data. In: ACM Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, EDBT 2009, Saint-Petersburg, Russia, pp. 287–298 (2009)
Bucchiarone, A., Kazhamiakin, R., Cappiello, C., Nitto, E., Mazza, V.: A context-driven adaptation process for service-based applications. In: ACM Proceedings of the 2nd International Workshop on Principles of Engineering Service-Oriented Systems, PESOS 2010, Cape Town, South Africa, pp. 50–56 (2010)
Truong, H.-L., Manzoor, A., Dustdar, S.: On modeling, collecting and utilizing context information for disaster responses in pervasive environments. In: ACM Proceedings of the First International Workshop on Context-Aware Software Technology and Applications, CASTA 2009, Amsterdam, The Netherlands, pp. 25–28 (2009)
Abowd, G., Mynatt, E.: Charting past, present, and future research in ubiquitous computing. ACM Trans. Comput. Hum. Interact. (TOCHI), 29–58 (2000). Special issue on human-computer interaction in the new millennium
Heupel, M., Fischer, L., Bourimi, M., Kesdogan, D., Scerri, S., Hermann, F., Gimenez, R.: Context-aware, trust-based access control for the di.me userware. In: Proceedings of the 5th International Conference on New Technologies, Mobility and Security, NTMS 2012, Istanbul, Turkey, pp. 1–6. IEEE Computer Society (2012)
Jung, C., Eitel, A., Schwarz, R.: Cloud security with context-aware usage control policies. In: Proceedings of the INFORMATIK 2014 Conference, pp. 211–222 (2014)
Verginadis, Y., Mentzas, G., Veloudis, S., Paraskakis, I.: A survey on context security policies. In: Proceedings of the 1st International Workshop on Cloud Security and Data Privacy by Design, CloudSPD 2015, Co-located with the 8th IEEE/ACM International Conference on Utility and Cloud Computing, Limassol, Cyprus, 7–10 December (2015)
Specification of Deliberation RuleML 1.01 (2015). http://wiki.ruleml.org/index.php/Specification_of_Deliberation_RuleML_1.01
Security Assertions Markup Language (SAML) Version 2.0. Technical Overview (2008). https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf
WS-Trust 1.3 (2007). http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.doc
Uszok, A., Bradshaw, J., Jeffers, R., Johnson, M., Tate, A., Dalton, J., Aitken, S.: KAoS policy management for semantic web services. IEEE Intel. Sys. 19(4), 32–41 (2005)
Kagal, L., Finin, T., Joshi, A.: A policy language for a pervasive computing environment. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2003 (2003)
Hu, H., Ahn, G.-J., Kulkarni, K.: Ontology-based policy anomaly management for autonomic computing. In: 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom) (2011)
OWL Web Ontology Language Reference. W3C Recommendation (2004). http://www.w3.org/TR/owl-ref/
Acknowledgements
The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 644814. The authors would like to thank the partners of the PaaSword project (www.paasword.eu) for their valuable advice and comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Veloudis, S., Paraskakis, I., Verginadis, Y., Patiniotakis, I., Mentzas, G. (2017). A Generic Framework for Representing Context-Aware Security Policies in the Cloud. In: Helfert, M., Ferguson, D., Méndez Muñoz, V., Cardoso, J. (eds) Cloud Computing and Services Science. CLOSER 2016. Communications in Computer and Information Science, vol 740. Springer, Cham. https://doi.org/10.1007/978-3-319-62594-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-62594-2_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-62593-5
Online ISBN: 978-3-319-62594-2
eBook Packages: Computer ScienceComputer Science (R0)