Abstract
Organizations have to comply with geo-location policies that prescribe geographical locations at which personal data may be stored or processed. When using cloud services, checking data geo-location policies during design-time is no longer possible - data geo-location policies need to be checked during run-time. Cloud elasticity mechanisms dynamically replicate and migrate virtual machines and services among data centers, thereby affecting the geo-location of data. Due to the dynamic nature of such replications and migrations, the actual, concrete changes to the deployment of cloud services and thus to the data geo-locations are not known. We propose a policy checking approach utilizing runtime models that reflect the deployment and interaction structure of cloud services and components. By expressing privacy policy checks as an st-connectivity problem, potential data transfers that violate the geo-location policies can be rapidly determined. We experimentally evaluate our approach with respect to applicability and performance using an SOA-version of the CoCoME case study.
Chapter PDF
Similar content being viewed by others
References
van der Aalst, W., Schonenberg, M., Song, M.: Time prediction based on process mining. Information Systems 36(2) (Apr 2011)
Brosig, F., Huber, N., Kounev, S.: Automated extraction of architecture-level performance models of distributed component-based systems. In: 2011 26th IEEE/ACM International Conference on Automated Software Engineering, ASE (2011)
Canfora, G., Di Penta, M., Esposito, R., Villani, M.L.: A framework for QoS-aware binding and re-binding of composite web services. Journal of Systems and Software 81(10) (2008)
Chen, Y., Alspaugh, S., Katz, R.: Interactive analytical processing in big data systems: A cross-industry study of MapReduce workloads. Proc. VLDB Endow. 5(12) (August 2012)
Copil, G., Moldovan, D., Truong, H.-L., Dustdar, S.: Multi-level elasticity control of cloud services. In: Basu, S., Pautasso, C., Zhang, L., Fu, X. (eds.) ICSOC 2013. LNCS, vol. 8274, pp. 429–436. Springer, Heidelberg (2013)
Epifani, I., Ghezzi, C., Mirandola, R., Tamburrelli, G.: Model evolution by run-time parameter adaptation. In: 31st Internal Conference on Software Engineering (ICSE) (2009)
e-Ghazia, U., Masood, R., Shibli, M.A.: Comparative analysis of access control systems on cloud. In: 2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel Distributed Computing (SNPD) (2012)
Gondree, M., Peterson, Z.N.: Geolocation of data in the cloud. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY 2013. ACM, New York (2013)
Gutiérrez, A.M., Cassales Marquezan, C., Resinas, M., Metzger, A., Ruiz-Cortés, A., Pohl, K.: Extending WS-Agreement to support automated conformity check on transport and logistics service agreements. In: Basu, S., Pautasso, C., Zhang, L., Fu, X. (eds.) ICSOC 2013. LNCS, vol. 8274, pp. 567–574. Springer, Heidelberg (2013)
van Hoorn, A., Rohr, M., Hasselbring, W.: Engineering and continuously operating self-adaptive software systems: Required design decisions. In: Engels, G., Reussner, R.H., Momm, C., Stefan, S. (eds.) Design for Future 2009, Karlsruhe, Germany (November 2009)
Huber, N., Brosig, F., Kounev, S.: Modeling dynamic virtualized resource landscapes. In: Proceedings of the 8th International ACM SIGSOFT Conference on Quality of Software Architectures (2012)
Ivanović, D., Carro, M., Hermenegildo, M.: Constraint-based runtime prediction of sla violations in service orchestrations. In: Kappel, G., Maamar, Z., Motahari-Nezhad, H.R. (eds.) Service Oriented Computing. LNCS, vol. 7084, pp. 62–76. Springer, Heidelberg (2011)
Juels, A., Oprea, A.: New approaches to security and availability for cloud data. Commun. ACM 56(2) (February 2013)
Jung, R., Heinrich, R., Schmieders, E.: Model-driven instrumentation with kieker and palladio to forecast dynamic applications. In: Symposium on Software Performance: Joint Kieker/Palladio Days 2013. CEUR (2013)
Maoz, S.: Using model-based traces as runtime models. Computer 42(10) (2009)
von Massow, R., van Hoorn, A., Hasselbring, W.: Performance simulation of runtime reconfigurable component-based software architectures. In: Crnkovic, I., Gruhn, V., Book, M. (eds.) ECSA 2011. LNCS, vol. 6903, pp. 43–58. Springer, Heidelberg (2011)
Park, S., Chung, S.: Privacy-preserving attribute distribution mechanism for access control in a grid. In: 21st International Conference on Tools with Artificial Intelligence (2009)
Rausch, A., Reussner, R., Mirandola, R., Plášil, F. (eds.): The Common Component Modeling Example. LNCS, vol. 5153. Springer, Heidelberg (2008)
Ries, T., Fusenig, V., Vilbois, C., Engel, T.: Verification of data location in cloud networking. IEEE (December 2011)
Schmieders, E., Metzger, A.: Preventing performance violations of service compositions using assumption-based run-time verification. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds.) ServiceWave 2011. LNCS, vol. 6994, pp. 194–205. Springer, Heidelberg (2011)
Suleiman, B., Venugopal, S.: Modeling performance of elasticity rules for cloud-based applications. In: 2013 17th IEEE International Enterprise Distributed Object Computing Conference (EDOC) (September 2013)
Szvetits, M., Zdun, U.: Systematic literature review of the objectives, techniques, kinds, and architectures of models at runtime. Software & Systems Modeling (December 2013)
Vaquero, L.M., Rodero-Merino, L., Buyya, R.: Dynamically scaling applications in the cloud. ACM SIGCOMM Computer Communication Review 41(1) (2011)
Zang, H., Bolot, J.: Anonymization of location data does not work: A large-scale measurement study. In: Proceedings of the 17th Annual International Conference on Mobile Computing and Networking. ACM, New York (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schmieders, E., Metzger, A., Pohl, K. (2014). A Runtime Model Approach for Data Geo-location Checks of Cloud Services. In: Franch, X., Ghose, A.K., Lewis, G.A., Bhiri, S. (eds) Service-Oriented Computing. ICSOC 2014. Lecture Notes in Computer Science, vol 8831. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45391-9_21
Download citation
DOI: https://doi.org/10.1007/978-3-662-45391-9_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45390-2
Online ISBN: 978-3-662-45391-9
eBook Packages: Computer ScienceComputer Science (R0)