A data location control model for cloud service deployments

Kaniz Fatema; Philip D. Healy; Vincent C. Emeakaroha; John P. Morrison; Theo Lynn

doi:10.1007/978-3-319-25414-2_8

A data location control model for cloud service deployments

Kaniz Fatema
, Philip D. Healy
, Vincent C. Emeakaroha
, John P. Morrison
, Theo Lynn

School of Computer Science and Information Technology

Research output: Chapter in Book/Report/Conference proceedings › Chapter › peer-review

Abstract

A data location control model for Cloud services is presented. The model is intended for use by Cloud SaaS providers that collect personal data that can potentially be stored and processed at multiple geographic locations. It incorporates users’ location preferences into authorization decisions by converting them into XACML policies that are consulted before data transfer operations. The model also ensures that the users have visibility into the location of their data and are informed when the location of their data changes. A prototype of the model has been implemented and was used to perform validation tests in various Cloud setups. These scenarios serve to demonstrate how location control can be integrated on top of existing public and private Cloud platforms. A sketch is also provided of an architecture that embeds location control functionality directly into the OpenStack Cloud platform. We further propose an enhancement to the model that alters its behaviour from being restrictive to prescriptive so that Cloud providers can copy data to a non-preferred locations in case of emergency. Under this approach, the number of authorized vs unauthorized transfers can be made publicly available by the provider as an assurance measure for consumers.

Original language	English
Title of host publication	Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers
Editors	Markus Helfert, Frédéric Desprez, Donald Ferguson, Frank Leymann, Víctor Méndez Muñoz
Publisher	Springer Verlag
Pages	117-133
Number of pages	17
ISBN (Print)	9783319254135
DOIs	https://doi.org/10.1007/978-3-319-25414-2_8
Publication status	Published - 2015
Event	International Conference in Cloud Computing and Services Sciences, CLOSER 2014 - Barcelona, Spain Duration: 3 Apr 2014 → 5 Apr 2014

Publication series

Name	Communications in Computer and Information Science
Volume	512
ISSN (Print)	1865-0929

Conference

Conference	International Conference in Cloud Computing and Services Sciences, CLOSER 2014
Country/Territory	Spain
City	Barcelona
Period	3/04/14 → 5/04/14

Keywords

Access control
Authorization system
Cloud computing
Data location
XACML

Access to Document

10.1007/978-3-319-25414-2_8

Cite this

Fatema, K., Healy, P. D., Emeakaroha, V. C., Morrison, J. P., & Lynn, T. (2015). A data location control model for cloud service deployments. In M. Helfert, F. Desprez, D. Ferguson, F. Leymann, & V. M. Muñoz (Eds.), Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers (pp. 117-133). (Communications in Computer and Information Science; Vol. 512). Springer Verlag. https://doi.org/10.1007/978-3-319-25414-2_8

Fatema, Kaniz ; Healy, Philip D. ; Emeakaroha, Vincent C. et al. / A data location control model for cloud service deployments. Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers. editor / Markus Helfert ; Frédéric Desprez ; Donald Ferguson ; Frank Leymann ; Víctor Méndez Muñoz. Springer Verlag, 2015. pp. 117-133 (Communications in Computer and Information Science).

@inbook{9e8e5450ee134e559e17e40d8ffc452a,

title = "A data location control model for cloud service deployments",

abstract = "A data location control model for Cloud services is presented. The model is intended for use by Cloud SaaS providers that collect personal data that can potentially be stored and processed at multiple geographic locations. It incorporates users{\textquoteright} location preferences into authorization decisions by converting them into XACML policies that are consulted before data transfer operations. The model also ensures that the users have visibility into the location of their data and are informed when the location of their data changes. A prototype of the model has been implemented and was used to perform validation tests in various Cloud setups. These scenarios serve to demonstrate how location control can be integrated on top of existing public and private Cloud platforms. A sketch is also provided of an architecture that embeds location control functionality directly into the OpenStack Cloud platform. We further propose an enhancement to the model that alters its behaviour from being restrictive to prescriptive so that Cloud providers can copy data to a non-preferred locations in case of emergency. Under this approach, the number of authorized vs unauthorized transfers can be made publicly available by the provider as an assurance measure for consumers.",

keywords = "Access control, Authorization system, Cloud computing, Data location, XACML",

author = "Kaniz Fatema and Healy, \{Philip D.\} and Emeakaroha, \{Vincent C.\} and Morrison, \{John P.\} and Theo Lynn",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; International Conference in Cloud Computing and Services Sciences, CLOSER 2014 ; Conference date: 03-04-2014 Through 05-04-2014",

year = "2015",

doi = "10.1007/978-3-319-25414-2\_8",

language = "English",

isbn = "9783319254135",

series = "Communications in Computer and Information Science",

publisher = "Springer Verlag",

pages = "117--133",

editor = "Markus Helfert and Fr{\'e}d{\'e}ric Desprez and Donald Ferguson and Frank Leymann and Mu{\~n}oz, \{V{\'i}ctor M{\'e}ndez\}",

booktitle = "Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers",

address = "Germany",

}

Fatema, K, Healy, PD, Emeakaroha, VC, Morrison, JP & Lynn, T 2015, A data location control model for cloud service deployments. in M Helfert, F Desprez, D Ferguson, F Leymann & VM Muñoz (eds), Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers. Communications in Computer and Information Science, vol. 512, Springer Verlag, pp. 117-133, International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Barcelona, Spain, 3/04/14. https://doi.org/10.1007/978-3-319-25414-2_8

A data location control model for cloud service deployments. / Fatema, Kaniz; Healy, Philip D.; Emeakaroha, Vincent C. et al.
Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers. ed. / Markus Helfert; Frédéric Desprez; Donald Ferguson; Frank Leymann; Víctor Méndez Muñoz. Springer Verlag, 2015. p. 117-133 (Communications in Computer and Information Science; Vol. 512).

Research output: Chapter in Book/Report/Conference proceedings › Chapter › peer-review

TY - CHAP

T1 - A data location control model for cloud service deployments

AU - Fatema, Kaniz

AU - Healy, Philip D.

AU - Emeakaroha, Vincent C.

AU - Morrison, John P.

AU - Lynn, Theo

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - A data location control model for Cloud services is presented. The model is intended for use by Cloud SaaS providers that collect personal data that can potentially be stored and processed at multiple geographic locations. It incorporates users’ location preferences into authorization decisions by converting them into XACML policies that are consulted before data transfer operations. The model also ensures that the users have visibility into the location of their data and are informed when the location of their data changes. A prototype of the model has been implemented and was used to perform validation tests in various Cloud setups. These scenarios serve to demonstrate how location control can be integrated on top of existing public and private Cloud platforms. A sketch is also provided of an architecture that embeds location control functionality directly into the OpenStack Cloud platform. We further propose an enhancement to the model that alters its behaviour from being restrictive to prescriptive so that Cloud providers can copy data to a non-preferred locations in case of emergency. Under this approach, the number of authorized vs unauthorized transfers can be made publicly available by the provider as an assurance measure for consumers.

AB - A data location control model for Cloud services is presented. The model is intended for use by Cloud SaaS providers that collect personal data that can potentially be stored and processed at multiple geographic locations. It incorporates users’ location preferences into authorization decisions by converting them into XACML policies that are consulted before data transfer operations. The model also ensures that the users have visibility into the location of their data and are informed when the location of their data changes. A prototype of the model has been implemented and was used to perform validation tests in various Cloud setups. These scenarios serve to demonstrate how location control can be integrated on top of existing public and private Cloud platforms. A sketch is also provided of an architecture that embeds location control functionality directly into the OpenStack Cloud platform. We further propose an enhancement to the model that alters its behaviour from being restrictive to prescriptive so that Cloud providers can copy data to a non-preferred locations in case of emergency. Under this approach, the number of authorized vs unauthorized transfers can be made publicly available by the provider as an assurance measure for consumers.

KW - Access control

KW - Authorization system

KW - Cloud computing

KW - Data location

KW - XACML

UR - https://www.scopus.com/pages/publications/84955310699

U2 - 10.1007/978-3-319-25414-2_8

DO - 10.1007/978-3-319-25414-2_8

M3 - Chapter

AN - SCOPUS:84955310699

SN - 9783319254135

T3 - Communications in Computer and Information Science

SP - 117

EP - 133

BT - Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers

A2 - Helfert, Markus

A2 - Desprez, Frédéric

A2 - Ferguson, Donald

A2 - Leymann, Frank

A2 - Muñoz, Víctor Méndez

PB - Springer Verlag

T2 - International Conference in Cloud Computing and Services Sciences, CLOSER 2014

Y2 - 3 April 2014 through 5 April 2014

ER -

Fatema K, Healy PD, Emeakaroha VC, Morrison JP, Lynn T. A data location control model for cloud service deployments. In Helfert M, Desprez F, Ferguson D, Leymann F, Muñoz VM, editors, Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers. Springer Verlag. 2015. p. 117-133. (Communications in Computer and Information Science). doi: 10.1007/978-3-319-25414-2_8

A data location control model for cloud service deployments

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this