To main content

From regulatory obligations to enforceable accountability policies in the cloud

Abstract

The widespread adoption of the cloud model for service delivery triggered several data protection issues. As a matter of fact, the proper delivery of these services typically involves sharing of personal/ business data between the different parties involved in the service provisioning. In order to increase cloud consumer’s trust, there must be guarantees on the fair use of their data. Accountability provides the necessary assurance about the data governance practices to the different stakeholders involved in a cloud service chain. In this context, we propose a framework for the representation of accountability policies. Such policies offer to end-users a clear view of the privacy and accountability clauses asserted by the entities they interact with, as well as means to represent their preferences. Our framework offers two accountability policy languages: (i) an abstract language called AAL devoted for the representation of preferences/clauses in an human readable fashion, and (ii) a concrete one for the implementation of enforceable policies

Category

Academic article

Language

English

Author(s)

  • Walid Benghabrit
  • Hervé Grall
  • Jean Claude Royer
  • Mohamed Sellami
  • Monir Azraoui
  • Kaoutar Elkhiyaoui
  • Melek Önen
  • Anderson Santana De Oliveira
  • Karin Bernsmed

Affiliation

  • France
  • Institut Eurecom, School of Engineering and Research Center
  • SINTEF Digital / Software Engineering, Safety and Security

Year

2015

Published in

Communications in Computer and Information Science

ISSN

1865-0929

Publisher

Springer

Volume

512

Page(s)

134 - 150

View this publication at Cristin