Ecole d'ingénieur et centre de recherche en Sciences du numérique

A-PPL: An accountability policy language

Azraoui, Monir; Elkhiyaoui, Kaoutar; Önen, Melek; Bernsmed, Karin; Santana de Oliveira, Anderson; Sendor, Jakub

Research Report RR-14-294

The inherent lack of control of users over their data raises various security and privacy challenges in Cloud Computing. One approach to encourage customers to take advantage of the Cloud is the design of new accountability solutions which aid and enable customers to control and be informed on how their data is processed. In this paper, we focus on accountability policies and propose A-PPL, an accountability policy language that represents machinereadable accountability policies. A-PPL policies provide cloud customers and cloud end-users with a way to express accountable obligations in order to automate their enforcement. Our work also describes a use case where medical sensors collect personal data which are then stored and processed in the cloud. We define the accountability obligations related to this use case and translate them into A-PPL policies as a proof of concept of our proposal.

Document Bibtex

Titre:A-PPL: An accountability policy language
Mots Clés:Cloud Computing, Accountability, Policy Language and Enforcement
Département:Sécurité numérique
Eurecom ref:4372
Copyright: © EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in Research Report RR-14-294 and is available at :
Bibtex: @techreport{EURECOM+4372, year = {2014}, title = {{A}-{PPL}: {A}n accountability policy language}, author = {{A}zraoui, {M}onir and {E}lkhiyaoui, {K}aoutar and {\"{O}}nen, {M}elek and {B}ernsmed, {K}arin and {S}antana de {O}liveira, {A}nderson and {S}endor, {J}akub}, number = {EURECOM+4372}, month = {08}, institution = {Eurecom}, url = {},, }
Voir aussi: