Monitoring and Checking Privacy Policies of Cloud Services Based on Models
Data geo-location policies constrain the geographical locations at which personal data may be stored or processed. Data storage and processing locations are dynamically changed by cloud elasticity that migrates and replicates cloud services across data centers. Thus, cloud elasticity as well as data transfers of interacting services may re-locate data, which potentially violates data geo-location policies. To detect these violations, we develop a policy checking approach based on runtime models. We examine monitoring and model updating mechanisms for reflecting service composition and deployment changes caused by elasticity. Based on the updated runtime model we derive potential data transfers and check them against policies. Initial results indicate the effectiveness and high-performance of our approach.
KeywordsPrivacy Cloud platform management Decentralized cloud platform architectures Runtime verification Data-geo-location
This work was partially supported by the DFG (German Research Foundation) under the Priority Programme “SPP1593: Design For Future – Managed Software Evolution” (grant PO 607/3-1).
- 1.Comparative analysis of access control systems on cloud. In: International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel Distributed ComputingGoogle Scholar
- 3.Brosig, F., Huber, N., Kounev, S.: Automated extraction of architecture-level performance models of distributed component-based systems. In: 26th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2011)Google Scholar
- 6.Epifani, I., Ghezzi, C., Mirandola, R., Tamburrelli, G.: Model evolution by run-time parameter adaptation. In: 31st ICSE (2009)Google Scholar
- 7.Jung, R., Heinrich, R., Schmieders, E.: Model-driven instrumentation with kieker and palladio to forecast dynamic applications. In: Symposium on Software Performance: Joint Kieker/Palladio Days 2013. CEUR (2013)Google Scholar
- 9.Park, S., Chung, S.: Privacy-preserving attribute distribution mechanism for access control in a grid. In: 21st International Conference on Tools with Artificial Intelligence, ICTAI 2009 (2009)Google Scholar
- 12.Schmieders, E., Metzger, A.: Preventing performance violations of service compositions using assumption-based run-time verification. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds.) ServiceWave 2011. LNCS, vol. 6994, pp. 194–205. Springer, Heidelberg (2011) CrossRefGoogle Scholar
- 14.Suleiman, B., Venugopal, S.: Modeling performance of elasticity rules for cloud-based applications. In: 2013 17th IEEE International Enterprise Distributed Object Computing Conference (EDOC), September 2013Google Scholar
- 15.Wu, E., Diao, Y., Rizvi, S.: High-performance complex event processing over streams. In: Proceedings of the 2006 ACM SIGMOD International Conference on Management of Data, SIGMOD 2006, pp. 407–418. ACM, New York (2006)Google Scholar