A Runtime Model Approach for Data Geo-location Checks of Cloud Services

  • Eric Schmieders
  • Andreas Metzger
  • Klaus Pohl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8831)


Organizations have to comply with geo-location policies that prescribe geographical locations at which personal data may be stored or processed. When using cloud services, checking data geo-location policies during design-time is no longer possible - data geo-location policies need to be checked during run-time. Cloud elasticity mechanisms dynamically replicate and migrate virtual machines and services among data centers, thereby affecting the geo-location of data. Due to the dynamic nature of such replications and migrations, the actual, concrete changes to the deployment of cloud services and thus to the data geo-locations are not known. We propose a policy checking approach utilizing runtime models that reflect the deployment and interaction structure of cloud services and components. By expressing privacy policy checks as an st-connectivity problem, potential data transfers that violate the geo-location policies can be rapidly determined. We experimentally evaluate our approach with respect to applicability and performance using an SOA-version of the CoCoME case study.


Privacy Cloud Service Management Service Governance Runtime Checking 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    van der Aalst, W., Schonenberg, M., Song, M.: Time prediction based on process mining. Information Systems 36(2) (Apr 2011)Google Scholar
  2. 2.
    Brosig, F., Huber, N., Kounev, S.: Automated extraction of architecture-level performance models of distributed component-based systems. In: 2011 26th IEEE/ACM International Conference on Automated Software Engineering, ASE (2011)Google Scholar
  3. 3.
    Canfora, G., Di Penta, M., Esposito, R., Villani, M.L.: A framework for QoS-aware binding and re-binding of composite web services. Journal of Systems and Software 81(10) (2008)Google Scholar
  4. 4.
    Chen, Y., Alspaugh, S., Katz, R.: Interactive analytical processing in big data systems: A cross-industry study of MapReduce workloads. Proc. VLDB Endow. 5(12) (August 2012)Google Scholar
  5. 5.
    Copil, G., Moldovan, D., Truong, H.-L., Dustdar, S.: Multi-level elasticity control of cloud services. In: Basu, S., Pautasso, C., Zhang, L., Fu, X. (eds.) ICSOC 2013. LNCS, vol. 8274, pp. 429–436. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Epifani, I., Ghezzi, C., Mirandola, R., Tamburrelli, G.: Model evolution by run-time parameter adaptation. In: 31st Internal Conference on Software Engineering (ICSE) (2009)Google Scholar
  7. 7.
    e-Ghazia, U., Masood, R., Shibli, M.A.: Comparative analysis of access control systems on cloud. In: 2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel Distributed Computing (SNPD) (2012)Google Scholar
  8. 8.
    Gondree, M., Peterson, Z.N.: Geolocation of data in the cloud. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY 2013. ACM, New York (2013)Google Scholar
  9. 9.
    Gutiérrez, A.M., Cassales Marquezan, C., Resinas, M., Metzger, A., Ruiz-Cortés, A., Pohl, K.: Extending WS-Agreement to support automated conformity check on transport and logistics service agreements. In: Basu, S., Pautasso, C., Zhang, L., Fu, X. (eds.) ICSOC 2013. LNCS, vol. 8274, pp. 567–574. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  10. 10.
    van Hoorn, A., Rohr, M., Hasselbring, W.: Engineering and continuously operating self-adaptive software systems: Required design decisions. In: Engels, G., Reussner, R.H., Momm, C., Stefan, S. (eds.) Design for Future 2009, Karlsruhe, Germany (November 2009)Google Scholar
  11. 11.
    Huber, N., Brosig, F., Kounev, S.: Modeling dynamic virtualized resource landscapes. In: Proceedings of the 8th International ACM SIGSOFT Conference on Quality of Software Architectures (2012)Google Scholar
  12. 12.
    Ivanović, D., Carro, M., Hermenegildo, M.: Constraint-based runtime prediction of sla violations in service orchestrations. In: Kappel, G., Maamar, Z., Motahari-Nezhad, H.R. (eds.) Service Oriented Computing. LNCS, vol. 7084, pp. 62–76. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Juels, A., Oprea, A.: New approaches to security and availability for cloud data. Commun. ACM 56(2) (February 2013)Google Scholar
  14. 14.
    Jung, R., Heinrich, R., Schmieders, E.: Model-driven instrumentation with kieker and palladio to forecast dynamic applications. In: Symposium on Software Performance: Joint Kieker/Palladio Days 2013. CEUR (2013)Google Scholar
  15. 15.
    Maoz, S.: Using model-based traces as runtime models. Computer 42(10) (2009)Google Scholar
  16. 16.
    von Massow, R., van Hoorn, A., Hasselbring, W.: Performance simulation of runtime reconfigurable component-based software architectures. In: Crnkovic, I., Gruhn, V., Book, M. (eds.) ECSA 2011. LNCS, vol. 6903, pp. 43–58. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Park, S., Chung, S.: Privacy-preserving attribute distribution mechanism for access control in a grid. In: 21st International Conference on Tools with Artificial Intelligence (2009)Google Scholar
  18. 18.
    Rausch, A., Reussner, R., Mirandola, R., Plášil, F. (eds.): The Common Component Modeling Example. LNCS, vol. 5153. Springer, Heidelberg (2008)Google Scholar
  19. 19.
    Ries, T., Fusenig, V., Vilbois, C., Engel, T.: Verification of data location in cloud networking. IEEE (December 2011)Google Scholar
  20. 20.
    Schmieders, E., Metzger, A.: Preventing performance violations of service compositions using assumption-based run-time verification. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds.) ServiceWave 2011. LNCS, vol. 6994, pp. 194–205. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Suleiman, B., Venugopal, S.: Modeling performance of elasticity rules for cloud-based applications. In: 2013 17th IEEE International Enterprise Distributed Object Computing Conference (EDOC) (September 2013)Google Scholar
  22. 22.
    Szvetits, M., Zdun, U.: Systematic literature review of the objectives, techniques, kinds, and architectures of models at runtime. Software & Systems Modeling (December 2013)Google Scholar
  23. 23.
    Vaquero, L.M., Rodero-Merino, L., Buyya, R.: Dynamically scaling applications in the cloud. ACM SIGCOMM Computer Communication Review 41(1) (2011)Google Scholar
  24. 24.
    Zang, H., Bolot, J.: Anonymization of location data does not work: A large-scale measurement study. In: Proceedings of the 17th Annual International Conference on Mobile Computing and Networking. ACM, New York (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Eric Schmieders
    • 1
  • Andreas Metzger
    • 1
  • Klaus Pohl
    • 1
  1. 1.paluno (The Ruhr Institute for Software Technology)University of Duisburg-EssenEssenGermany

Personalised recommendations