Ecole d'ingénieur et centre de recherche en Sciences du numérique

A cloud accountability policy representation framework

Benghabrit, Walid; Grall, Hervé; Royer, Jean-Claude; Sellami, Mohamed; Azraoui, Monir; Elkhiyaoui, Kaoutar; Önen, Melek; Santana De Oliveira, Anderson; Bernsmed, Karin

CLOSER 2014, 4th International Conference on Cloud Computing and Services Science, 3-5 April 2014, Barcelona, Spain

Nowadays we are witnessing the democratization of cloud services. As a result, more and more end- users (individuals and businesses) are using these services for achieving their electronic transactions (shopping, administrative procedures, B2B transactions, etc.). In such scenarios, personal data is generally flowed between several entities and end-users need (i) to be aware of the management, processing, storage and retention of personal data, and (ii) to have necessary means to hold service providers accountable for the usage of their data. In fact, dealing with personal data raises several privacy and accountability issues that must be considered before to promote the use of cloud services. In this paper, we propose a framework for the representation of cloud accountability policies. Such policies offer to end-users a clear view of the privacy and accountability obligations asserted by the entities they interact with, as well as means to represent their preferences. This framework comes with two novel accountability policy languages. An abstract one devoted for the representation of preferences/obligations in an human readable fashion. And a concrete one for the mapping to concrete enforceable policies. We motivate our solution with concrete use case scenarios.

Document Hal Bibtex

Titre:A cloud accountability policy representation framework
Mots Clés:Accountability, Data Protection, Framework, Policy Language, Policy Enforcement
Type:Conférence
Langue:English
Ville:Barcelona
Pays:ESPAGNE
Date:
Département:Sécurité numérique
Eurecom ref:4222
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in CLOSER 2014, 4th International Conference on Cloud Computing and Services Science, 3-5 April 2014, Barcelona, Spain and is available at :
Bibtex: @inproceedings{EURECOM+4222, year = {2014}, title = {{A} cloud accountability policy representation framework}, author = {{B}enghabrit, {W}alid and {G}rall, {H}erv{\'e} and {R}oyer, {J}ean-{C}laude and {S}ellami, {M}ohamed and {A}zraoui, {M}onir and {E}lkhiyaoui, {K}aoutar and {\"{O}}nen, {M}elek and {S}antana {D}e {O}liveira, {A}nderson and {B}ernsmed, {K}arin}, booktitle = {{CLOSER} 2014, 4th {I}nternational {C}onference on {C}loud {C}omputing and {S}ervices {S}cience, 3-5 {A}pril 2014, {B}arcelona, {S}pain}, address = {{B}arcelona, {ESPAGNE}}, month = {04}, url = {http://www.eurecom.fr/publication/4222} }
Voir aussi: