A-PPL: An accountability policy language

Azraoui, Monir; Elkhiyaoui, Kaoutar; Önen, Melek; Bernsmed, Karin; Santana de Oliveira, Anderson; Sendor, Jakub
Research Report RR-14-294

The inherent lack of control of users over their data raises various security and privacy challenges in Cloud Computing. One approach to encourage customers to take advantage of the Cloud is the design of new accountability solutions which aid and enable customers to control and be informed on how their data is processed. In this paper, we focus on accountability policies and propose A-PPL, an accountability policy language that represents machinereadable
accountability policies. A-PPL policies provide cloud customers and cloud end-users with a way to express accountable obligations in order to automate their enforcement. Our work also describes a use case where medical sensors collect personal data which are then stored and processed in the cloud. We define the accountability obligations related to this use case and translate them into A-PPL policies as a proof of concept of our proposal.

Digital Security
Eurecom Ref:
© EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in Research Report RR-14-294 and is available at :

PERMALINK : https://www.eurecom.fr/publication/4372