Skip to main content

A Data Location Control Model for Cloud Service Deployments

Part of the Communications in Computer and Information Science book series (CCIS,volume 512)


A data location control model for Cloud services is presented. The model is intended for use by Cloud SaaS providers that collect personal data that can potentially be stored and processed at multiple geographic locations. It incorporates users’ location preferences into authorization decisions by converting them into XACML policies that are consulted before data transfer operations. The model also ensures that the users have visibility into the location of their data and are informed when the location of their data changes. A prototype of the model has been implemented and was used to perform validation tests in various Cloud setups. These scenarios serve to demonstrate how location control can be integrated on top of existing public and private Cloud platforms. A sketch is also provided of an architecture that embeds location control functionality directly into the OpenStack Cloud platform. We further propose an enhancement to the model that alters its behaviour from being restrictive to prescriptive so that Cloud providers can copy data to a non-preferred locations in case of emergency. Under this approach, the number of authorized vs unauthorized transfers can be made publicly available by the provider as an assurance measure for consumers.


  • Authorization system
  • Access control
  • Data location
  • Cloud computing

This is a preview of subscription content, access via your institution.

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.


  1. 1.

  2. 2.


  1. Albeshri, A., Boyd, C., Nieto, J.G.: Geoproof: proofs of geographic location for cloud computing environment. In: 2012 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW), pp. 506–514 (2012)

    Google Scholar 

  2. Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., Ghafoor, A.: A distributed access control architecture for cloud computing. IEEE Softw. 29(2), 36–44 (2012)

    CrossRef  Google Scholar 

  3. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL 1.2). Submission to W3C (2003)

    Google Scholar 

  4. Basescu, C., Carpen-Amarie, A., Leordeanu, C., Costan, A., Antoniu, G.: Managing data access on clouds: a generic framework for enforcing security policies. In: 2011 IEEE International Conference on Advanced Information Networking and Applications (AINA), pp. 459–466 (2011)

    Google Scholar 

  5. Chadwick, D., Zhao, G., Otenko, S., Laborde, R., Linying, S., Nguyen, T.A.: PERMIS: a modular authorization infrastructure. Concurrency Comput. Pract. Experience 20(11), 1341–1357 (2008)

    CrossRef  Google Scholar 

  6. Chadwick, D.W., Fatema, K.: A privacy preserving authorisation system for the cloud. J. Comput. Syst. Sci. 78(5), 1359–1373 (2012)

    CrossRef  Google Scholar 

  7. Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 1, pp. 647–651. IEEE (2012)

    Google Scholar 

  8. Cranor, L.F.: P3P: making privacy policies more useful. IEEE Secur. Priv. 1(6), 50–55 (2003)

    CrossRef  Google Scholar 

  9. De Capitani di Vimercati, S., Samarati, P., Jajodia, S.: Policies, models, and languages for access control. In: Bhalla, S. (ed.) DNIS 2005. LNCS, vol. 3433, pp. 225–237. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  10. Fatema, K., Chadwick, D.W., Lievens, S.: A multi-privacy policy enforcement system. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 352, pp. 297–310. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  11. Fatema, K., Healy, P., Emeakaroha, V.C., Morrison, J.P., Lynn, T.: A user data location control model for cloud services. In: International Conference on Cloud Computing and Services Science, CLOSER 2014 (2014)

    Google Scholar 

  12. Godik, S., Anderson, A., Parducci, B., Humenn, P., Vajjhala, S.: Oasis extensible access control 2 markup language (XACML) 3. Technical report OASIS (2002)

    Google Scholar 

  13. Gondree, M., Peterson, Z.N.J.: Geolocation of data in the cloud. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 25–36. ACM (2013)

    Google Scholar 

  14. Iskander, M.K., Wilkinson, D.W., Lee, A.J., Chrysanthis, P.K.: Enforcing policy and data consistency of cloud transactions. In: 2011 31st International Conference on Distributed Computing Systems Workshops (ICDCSW), pp. 253–262. IEEE (2011)

    Google Scholar 

  15. ISO. Information technology - open systems interconnection - security frameworks for open systems: Access control framework (1996)

    Google Scholar 

  16. Jackson, K.: OpenStack Cloud Computing Cookbook. Packt, Birmingham (2012)

    Google Scholar 

  17. Lynn, T., Healy, P., McClatchey, R., Morrison, J., Pahl, C., Lee, B.: The case for cloud service trustmarks and assurance-as-a-service. In: International Conference on Cloud Computing and Services Science CLOSER 2013 (2013)

    Google Scholar 

  18. Massonet, P., Naqvi, S., Ponsard, C., Latanicki, J., Rochwerger, B., Villari, M.: A monitoring and audit logging architecture for data location compliance in federated cloud infrastructures. In: 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Ph.D. Forum (IPDPSW), pp. 1510–1517 (2011)

    Google Scholar 

  19. Mohan, A., Blough, D.M.: An attribute-based authorization policy framework with dynamic conflict resolution. In: Proceedings of the 9th Symposium on Identity and Trust on the Internet, pp. 37–50. ACM (2010)

    Google Scholar 

  20. Noman, A., Adams, C.: DLAS: data location assurance service for cloud computing environments. In: 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pp. 225–228. IEEE (2012)

    Google Scholar 

  21. Ries, T., Fusenig, V., Vilbois, C., Engel, T.: Verification of data location in cloud networking. In: 2011 Fourth IEEE International Conference on Utility and Cloud Computing (UCC), pp. 439–444. IEEE (2011)

    Google Scholar 

  22. Spillner, J., Schill, A.: Flexible data distribution policy language and gateway architecture. In: 2012 IEEE Latin America Conference on Cloud Computing and Communications (LATINCLOUD), pp. 1–6. IEEE (2012)

    Google Scholar 

  23. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)

    CrossRef  Google Scholar 

  24. Turkmen, F., Crispo, B.: Performance evaluation of XACML PDP implementations. In: Proceedings of the 2008 ACM workshop on Secure web services, pp. 37–44. ACM (2008)

    Google Scholar 

Download references


The research work described in this paper was supported by the Irish Centre for Cloud Computing and Commerce, an Irish national Technology Centre funded by Enterprise Ireland and the Irish Industrial Development Authority.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Kaniz Fatema .

Editor information

Editors and Affiliations

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (, which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and Permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Fatema, K., Healy, P.D., Emeakaroha, V.C., Morrison, J.P., Lynn, T. (2015). A Data Location Control Model for Cloud Service Deployments. In: Helfert, M., Desprez, F., Ferguson, D., Leymann, F., Méndez Munoz, V. (eds) Cloud Computing and Services Sciences. CLOSER 2014. Communications in Computer and Information Science, vol 512. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25413-5

  • Online ISBN: 978-3-319-25414-2

  • eBook Packages: Computer ScienceComputer Science (R0)