ABSTRACT
It is generally conceded that by embracing the cloud computing paradigm enterprises are able to boost their agility and productivity whilst realising significant cost savings. However, many enterprises are reluctant to adopt cloud services for supporting their critical operations due to security and privacy concerns. One way to alleviate these concerns is to devise a set of policies that infuse adequate security controls in cloud services. However, the heterogeneous nature of these services, together with the dynamicity inherent in cloud environments, hinders the formulation of an effective and interoperable set of policies that is suitable for the underlying domain of application. To this end, this work proposes an approach to the construction of ontological templates for the semantic representation of policies. These templates are capable of capturing the knowledge that must be infused into a policy in order for it to adequately take into account the needs of the underlying domain of application in which it is to be enforced.
- Barros, A. and Oberle, D.: Handbook of Service Description: USDL and its Methods, Springer (2012) Google ScholarDigital Library
- Cardoso, J., Pedrinaci, C., Leidig, T., Rupino P. and Leenheer, P.: Foundations of Open Semantic Service Networks. International Journal of Service Science, Management, Engineering, and Technology, vol. 4, no. 2, 1--16 (2013)Google Scholar
- Cardoso, J., Pedrinaci, C., Leidig, T.: Linked USDL: a Vocabulary for Web-scale Service Trading. In 11th Extended Semantic Web Conference (ESWC) (2014)Google Scholar
- Cloud Computing Reference Architecture. Technical report, NIST (2011)Google Scholar
- CloudPassage, "Cloud Security Spotlight Report," LinkedIn, 2015Google Scholar
- Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In Sloman, M., Lobo, J., Lupu, E. (eds.) Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY '01), pp. 18--38, Springer-Verlag, London (2000) Google ScholarDigital Library
- eXtensible Access Control Markup Language (XACML) Version 3.0. 22 January 2013. OASIS Standard. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.htmlGoogle Scholar
- GoodRelations: The Professional Web Vocabulary for E-Commerce. http://www.heppnetz.de/projects/goodrelations/Google Scholar
- Kagal, L., Finin, T., Joshi, A.: A Policy Language for a Pervasive Computing Environment. In 4th IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY '03), pp. 63--74, IEEE Computer Society, Washington, DC (2003) Google ScholarDigital Library
- Linked USDL, http://www.linked-usdl.org/Google Scholar
- Nejdl, W., Olmedilla, D., Winslett, M, Zhang. C.C.: Ontology-Based policy specification and management. In Gómez-Pérez, A. and Euzenat, J. (eds.) ESWC'05, pp. 290--302, Springer-Verlag, Berlin, Heidelberg (2005) Google ScholarDigital Library
- OWL 2 Web Ontology Language Primer (2nd Edition), https://www.w3.org/TR/owl2-primer/Google Scholar
- PaaSword Deliverable 2.1. https://www.paasword.eu/deliverables/Google Scholar
- PaaSword Deliverable 2.2. https://www.paasword.eu/deliverables/Google Scholar
- PaaSword project, http://www.paasword.eu/Google Scholar
- RDF 1.1 XML Syntax, http://www.w3.org/TR/2014/REC-rdf-syntax-grammar-20140225/Google Scholar
- Security Assertions Markup Language (SAML) Version 2.0. Technical Overview 25 March 2008. OASIS Standard. https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf (2008)Google Scholar
- SKOS Simple Knowledge Organization System. http://www.w3.org/2004/02/skos/Google Scholar
- Tao, J., Sirin, E., Bao, J. and McGuinness, D. L.: Integrity Constraints in OWL, In Proceedings of the 24th AAAI Conference on Artificial Intelligence (AAAI-10), Atlanta, Georgia, USA, July 11-15 (2010) Google ScholarDigital Library
- The FOAF Project. http://www.foaf-project.org/Google Scholar
- Uszok, A., Bradshaw, J., Jeffers, R., Johnson, M., Tate, A., Dalton, J., and Aitken, S.: KAoS Policy Management for Semantic Web Services. IEEE Intel. Sys. 19, 4, 32--41 (2004) Google ScholarDigital Library
- Veloudis, S., Paraskakis, I., Petsos, C.: Cloud Service Brokerage: Strengthening Service Resilience in Cloud-Based Virtual Enterprises. In Camarinha-Matos et al. (eds.) PRO-VE 2015. LNCS, vol 463, pp. 122--135, Springer, Heidelberg (2015)Google Scholar
- Veloudis, S., Verginadis, Y., Patiniotakis, I., Paraskakis, I., Mentzas, G.: Context-aware Security Models for PaaS-enabled Access Control. CLOSER Conference (2016) Google ScholarDigital Library
- What's Hindering the Adoption of Cloud Computing in Europe?, 15 September 2015. {Online}. Available: https://blog.cloudsecurityalliance.org/2015/09/15/whats-hindering-the-adoption-of-cloud-computing-in-europe/Google Scholar
- WS-Trust 1.3. 19 March 2007. OASIS Standard. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.doc (2007)Google Scholar
Recommendations
A generic mechanism for cloud service governance and quality control
PCI '15: Proceedings of the 19th Panhellenic Conference on InformaticsWith the pervasion of cloud computing the enterprise IT environment is progressively transformed into an ecosystem of highly distributed, task-oriented, modular, and collaborative cloud services. In order to deal effectively with the complexity inherent ...
Ontological Definition of Governance Framework for Security Policies in Cloud Environments
PCI '17: Proceedings of the 21st Pan-Hellenic Conference on InformaticsThe cloud computing paradigm enables enterprises to realise significant cost savings whilst boosting their agility and productivity. However, security and privacy concerns generally deter enterprises from migrating their critical data to the cloud. One ...
Cloud Computing Security: Opportunities and Pitfalls
The evolution of modern computing systems has lead to the emergence of Cloud computing. Cloud computing facilitates on-demand establishment of dynamic, large scale, flexible, and highly scalable computing infrastructures. However, as with any other ...
Comments