Semantics-Enabled Policies for Information Sharing and Protection in the Cloud

  • Yuh-Jong Hu
  • Win-Nan Wu
  • Jiun-Jan Yang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6984)


The cloud computing platform provides utility computing allowing people to have convenient and flexible information sharing services on the web. We investigate the inter-disciplinary area of information technology and law and use semantics-enabled policies for modeling legal regulations in the cloud. The semantics-enabled policies of information sharing and protection are represented as a combination of ontologies and rules to capture the concept of security and privacy laws. Ontologies are abstract knowledge representations of information sharing and protection which extracted manually from the data sharing and protection laws. Rules provide further enforcement power after ontologies have been constructed. The emerging challenges of legalizing semantics-enabled policies for laws in the cloud include mitigating the gap between semantics-enabled policy and laws to avoid any ambiguity in the policy representation, and resolving possible conflicts among policies when they are required to integrate the laws from multiple jurisdictions.


semantics-enabled policies information sharing data protection national security cloud computing privacy for social network cloud 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bruening, J.P., Treacy, B.C.: Cloud computing: privacy, security challenges. Privacy & Security Law Report (2009)Google Scholar
  2. 2.
    Takabi, H., et al.: Security and privacy challenges in cloud computing environments. IEEE Seurity & Privacy 8, 24–31 (2010)CrossRefGoogle Scholar
  3. 3.
    Antón, I.A., et al.: A roadmap for comprehensive online for privacy policy management. Comm. of the ACM 50, 109–116 (2007)CrossRefGoogle Scholar
  4. 4.
    Vimercati, S.D.C.d., et al.: Second research report on next generation policies, project deliverable D5.2.2. Technical report, PrimeLife (2010)Google Scholar
  5. 5.
    Ardagna, A.C., et al.: A privacy-aware access control system. Journal of Computer Security 16, 369–397 (2008)CrossRefGoogle Scholar
  6. 6.
    Karjoth, G., et al.: Translating privacy practices into privacy promises - how to promise what you can keep. In: POLICY 2003. IEEE, Los Alamitos (2003)Google Scholar
  7. 7.
    Hu, Y.J., Yang, J.J.: A semantic privacy-preserving model for data sharing and integration. In: International Conference on Web Intelligence, Mining and Semantics (WIMS 2011). ACM, Norway (2011)Google Scholar
  8. 8.
    Cabuk, S., et al.: Towards automated security policy enforcement in multi-tenant virtual data centers. Journal of Computer Security 18, 89–121 (2010)CrossRefGoogle Scholar
  9. 9.
    Popp, R., Poindexter, J.: Countering terrorism through information and privacy protection technologies. IEEE Seurity & Privacy 4, 24–33 (2006)CrossRefGoogle Scholar
  10. 10.
    Kettler, B., et al.: Facilitating information sharing across intelligence community boundaries using knowledge management and semantic web technologies. In: Popp, L.R., Yen, J. (eds.) Emergent Information Technologies and Enabling Policies for Counter-Terrorism, pp. 175–195. Wiley, Chichester (2005)Google Scholar
  11. 11.
    Buchanan, W., et al.: Interagency data exchange protocols as computational data protection law. In: Legal Knowledge and Information Systems - JURIX, pp. 143–146. IOS Press, Amsterdam (2010)Google Scholar
  12. 12.
    Bonatti, P., Olmedilla, D.: Policy language specification, enforcement, and integration. project deliverable D2, working group I2. Technical report, REWERSE (2005)Google Scholar
  13. 13.
    Gruber, T.R.: A translation approach to portable ontology specifications. Knowledge Acquisition 5 (1993)Google Scholar
  14. 14.
    Kagal, L., et al.: Using semantic web technologies for policy management on the web. In: 21st National Conference on Artificial Intelligence (AAAI). AAAI, Menlo Park (2006)Google Scholar
  15. 15.
    Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic web languages for policy representation and reasoning: A comparison of kAoS, Rei, and Ponder. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 419–437. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Hu, Y.J., Boley, H.: SemPIF: A semantic meta-policy interchange format for multiple web policies. In: 2010 IEEE/WIC/ACM Int. Conference on Web Intelligence and Intelligent Agent Technology, pp. 302–307. IEEE, Los Alamitos (2010)CrossRefGoogle Scholar
  17. 17.
    Hosmer, H.H.: Metapolicies I. ACM SIGSAC Review 10, 18–43 (1992)CrossRefGoogle Scholar
  18. 18.
    Berger, S., et al.: Security for the cloud infrastructure: Trusted virtual data center implementation. IBM Journal of Research and Development, 6:1–6:12 (2009)Google Scholar
  19. 19.
    Clifton, C., et al.: Privacy-preserving data integration and sharing. In: Data Mining and Knowledge Discovery, pp. 19–26. ACM, New York (2004)Google Scholar
  20. 20.
    Calvanese, D., Giacomo, G.D.: Data integration: A logic-based perspective. AI Magazine 26, 59–70 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Yuh-Jong Hu
    • 1
  • Win-Nan Wu
    • 1
  • Jiun-Jan Yang
    • 1
  1. 1.Emerging Network Technology (ENT) Lab., Department of Computer ScienceNational Chengchi UniversityTaipeiTaiwan

Personalised recommendations