Abstract
A data location control model for Cloud services is presented. The model is intended for use by Cloud SaaS providers that collect personal data that can potentially be stored and processed at multiple geographic locations. It incorporates users’ location preferences into authorization decisions by converting them into XACML policies that are consulted before data transfer operations. The model also ensures that the users have visibility into the location of their data and are informed when the location of their data changes. A prototype of the model has been implemented and was used to perform validation tests in various Cloud setups. These scenarios serve to demonstrate how location control can be integrated on top of existing public and private Cloud platforms. A sketch is also provided of an architecture that embeds location control functionality directly into the OpenStack Cloud platform. We further propose an enhancement to the model that alters its behaviour from being restrictive to prescriptive so that Cloud providers can copy data to a non-preferred locations in case of emergency. Under this approach, the number of authorized vs unauthorized transfers can be made publicly available by the provider as an assurance measure for consumers.
Similar content being viewed by others
References
Albeshri, A., Boyd, C., Nieto, J.G.: Geoproof: proofs of geographic location for cloud computing environment. In: 2012 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW), pp. 506–514 (2012)
Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., Ghafoor, A.: A distributed access control architecture for cloud computing. IEEE Softw. 29(2), 36–44 (2012)
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL 1.2). Submission to W3C (2003)
Basescu, C., Carpen-Amarie, A., Leordeanu, C., Costan, A., Antoniu, G.: Managing data access on clouds: a generic framework for enforcing security policies. In: 2011 IEEE International Conference on Advanced Information Networking and Applications (AINA), pp. 459–466 (2011)
Chadwick, D., Zhao, G., Otenko, S., Laborde, R., Linying, S., Nguyen, T.A.: PERMIS: a modular authorization infrastructure. Concurrency Comput. Pract. Experience 20(11), 1341–1357 (2008)
Chadwick, D.W., Fatema, K.: A privacy preserving authorisation system for the cloud. J. Comput. Syst. Sci. 78(5), 1359–1373 (2012)
Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 1, pp. 647–651. IEEE (2012)
Cranor, L.F.: P3P: making privacy policies more useful. IEEE Secur. Priv. 1(6), 50–55 (2003)
De Capitani di Vimercati, S., Samarati, P., Jajodia, S.: Policies, models, and languages for access control. In: Bhalla, S. (ed.) DNIS 2005. LNCS, vol. 3433, pp. 225–237. Springer, Heidelberg (2005)
Fatema, K., Chadwick, D.W., Lievens, S.: A multi-privacy policy enforcement system. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 352, pp. 297–310. Springer, Heidelberg (2011)
Fatema, K., Healy, P., Emeakaroha, V.C., Morrison, J.P., Lynn, T.: A user data location control model for cloud services. In: International Conference on Cloud Computing and Services Science, CLOSER 2014 (2014)
Godik, S., Anderson, A., Parducci, B., Humenn, P., Vajjhala, S.: Oasis extensible access control 2 markup language (XACML) 3. Technical report OASIS (2002)
Gondree, M., Peterson, Z.N.J.: Geolocation of data in the cloud. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 25–36. ACM (2013)
Iskander, M.K., Wilkinson, D.W., Lee, A.J., Chrysanthis, P.K.: Enforcing policy and data consistency of cloud transactions. In: 2011 31st International Conference on Distributed Computing Systems Workshops (ICDCSW), pp. 253–262. IEEE (2011)
ISO. Information technology - open systems interconnection - security frameworks for open systems: Access control framework (1996)
Jackson, K.: OpenStack Cloud Computing Cookbook. Packt, Birmingham (2012)
Lynn, T., Healy, P., McClatchey, R., Morrison, J., Pahl, C., Lee, B.: The case for cloud service trustmarks and assurance-as-a-service. In: International Conference on Cloud Computing and Services Science CLOSER 2013 (2013)
Massonet, P., Naqvi, S., Ponsard, C., Latanicki, J., Rochwerger, B., Villari, M.: A monitoring and audit logging architecture for data location compliance in federated cloud infrastructures. In: 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Ph.D. Forum (IPDPSW), pp. 1510–1517 (2011)
Mohan, A., Blough, D.M.: An attribute-based authorization policy framework with dynamic conflict resolution. In: Proceedings of the 9th Symposium on Identity and Trust on the Internet, pp. 37–50. ACM (2010)
Noman, A., Adams, C.: DLAS: data location assurance service for cloud computing environments. In: 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pp. 225–228. IEEE (2012)
Ries, T., Fusenig, V., Vilbois, C., Engel, T.: Verification of data location in cloud networking. In: 2011 Fourth IEEE International Conference on Utility and Cloud Computing (UCC), pp. 439–444. IEEE (2011)
Spillner, J., Schill, A.: Flexible data distribution policy language and gateway architecture. In: 2012 IEEE Latin America Conference on Cloud Computing and Communications (LATINCLOUD), pp. 1–6. IEEE (2012)
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)
Turkmen, F., Crispo, B.: Performance evaluation of XACML PDP implementations. In: Proceedings of the 2008 ACM workshop on Secure web services, pp. 37–44. ACM (2008)
Acknowledgements
The research work described in this paper was supported by the Irish Centre for Cloud Computing and Commerce, an Irish national Technology Centre funded by Enterprise Ireland and the Irish Industrial Development Authority.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Fatema, K., Healy, P.D., Emeakaroha, V.C., Morrison, J.P., Lynn, T. (2015). A Data Location Control Model for Cloud Service Deployments. In: Helfert, M., Desprez, F., Ferguson, D., Leymann, F., MĂ©ndez Munoz, V. (eds) Cloud Computing and Services Sciences. CLOSER 2014. Communications in Computer and Information Science, vol 512. Springer, Cham. https://doi.org/10.1007/978-3-319-25414-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-25414-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25413-5
Online ISBN: 978-3-319-25414-2
eBook Packages: Computer ScienceComputer Science (R0)