From regulatory obligations to enforceable accountability policies in the cloud

Walid Benghabrit; Hervé Grall; Jean Claude Royer; Mohamed Sellami; Monir Azraoui; Kaoutar Elkhiyaoui; Melek Önen; Anderson Santana De Oliveira; Karin Bernsmed

doi:10.1007/978-3-319-25414-2_9

From regulatory obligations to enforceable accountability policies in the cloud

Walid Benghabrit
, Hervé Grall
, Jean Claude Royer
, Mohamed Sellami
, Monir Azraoui
, Kaoutar Elkhiyaoui
, Melek Önen
, Anderson Santana De Oliveira
, Karin Bernsmed

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The widespread adoption of the cloud model for service delivery triggered several data protection issues. As a matter of fact, the proper delivery of these services typically involves sharing of personal/ business data between the different parties involved in the service provisioning. In order to increase cloud consumer’s trust, there must be guarantees on the fair use of their data. Accountability provides the necessary assurance about the data governance practices to the different stakeholders involved in a cloud service chain. In this context, we propose a framework for the representation of accountability policies. Such policies offer to end-users a clear view of the privacy and accountability clauses asserted by the entities they interact with, as well as means to represent their preferences. Our framework offers two accountability policy languages: (i) an abstract language called AAL devoted for the representation of preferences/clauses in an human readable fashion, and (ii) a concrete one for the implementation of enforceable policies.

Original language	English
Title of host publication	Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers
Editors	Markus Helfert, Frédéric Desprez, Donald Ferguson, Frank Leymann, Víctor Méndez Muñoz
Publisher	Springer Verlag
Pages	134-150
Number of pages	17
ISBN (Print)	9783319254135
DOIs	https://doi.org/10.1007/978-3-319-25414-2_9
Publication status	Published - 1 Jan 2015
Externally published	Yes
Event	International Conference in Cloud Computing and Services Sciences, CLOSER 2014 - Barcelona, Spain Duration: 3 Apr 2014 → 5 Apr 2014

Publication series

Name	Communications in Computer and Information Science
Volume	512
ISSN (Print)	1865-0929

Conference

Conference	International Conference in Cloud Computing and Services Sciences, CLOSER 2014
Country/Territory	Spain
City	Barcelona
Period	3/04/14 → 5/04/14

Keywords

Accountability
Data protection
Framework
Policy enforcement
Policy language

Access to Document

10.1007/978-3-319-25414-2_9

Cite this

Benghabrit, W., Grall, H., Royer, J. C., Sellami, M., Azraoui, M., Elkhiyaoui, K., Önen, M., De Oliveira, A. S., & Bernsmed, K. (2015). From regulatory obligations to enforceable accountability policies in the cloud. In M. Helfert, F. Desprez, D. Ferguson, F. Leymann, & V. M. Muñoz (Eds.), Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers (pp. 134-150). (Communications in Computer and Information Science; Vol. 512). Springer Verlag. https://doi.org/10.1007/978-3-319-25414-2_9

Benghabrit, Walid ; Grall, Hervé ; Royer, Jean Claude et al. / From regulatory obligations to enforceable accountability policies in the cloud. Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers. editor / Markus Helfert ; Frédéric Desprez ; Donald Ferguson ; Frank Leymann ; Víctor Méndez Muñoz. Springer Verlag, 2015. pp. 134-150 (Communications in Computer and Information Science).

@inproceedings{68598c457fc748ef8aa6f766b851eff5,

title = "From regulatory obligations to enforceable accountability policies in the cloud",

abstract = "The widespread adoption of the cloud model for service delivery triggered several data protection issues. As a matter of fact, the proper delivery of these services typically involves sharing of personal/ business data between the different parties involved in the service provisioning. In order to increase cloud consumer{\textquoteright}s trust, there must be guarantees on the fair use of their data. Accountability provides the necessary assurance about the data governance practices to the different stakeholders involved in a cloud service chain. In this context, we propose a framework for the representation of accountability policies. Such policies offer to end-users a clear view of the privacy and accountability clauses asserted by the entities they interact with, as well as means to represent their preferences. Our framework offers two accountability policy languages: (i) an abstract language called AAL devoted for the representation of preferences/clauses in an human readable fashion, and (ii) a concrete one for the implementation of enforceable policies.",

keywords = "Accountability, Data protection, Framework, Policy enforcement, Policy language",

author = "Walid Benghabrit and Herv{\'e} Grall and Royer, \{Jean Claude\} and Mohamed Sellami and Monir Azraoui and Kaoutar Elkhiyaoui and Melek {\"O}nen and \{De Oliveira\}, \{Anderson Santana\} and Karin Bernsmed",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; International Conference in Cloud Computing and Services Sciences, CLOSER 2014 ; Conference date: 03-04-2014 Through 05-04-2014",

year = "2015",

month = jan,

day = "1",

doi = "10.1007/978-3-319-25414-2\_9",

language = "English",

isbn = "9783319254135",

series = "Communications in Computer and Information Science",

publisher = "Springer Verlag",

pages = "134--150",

editor = "Markus Helfert and Fr{\'e}d{\'e}ric Desprez and Donald Ferguson and Frank Leymann and Mu{\~n}oz, \{V{\'i}ctor M{\'e}ndez\}",

booktitle = "Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers",

}

Benghabrit, W, Grall, H, Royer, JC, Sellami, M, Azraoui, M, Elkhiyaoui, K, Önen, M, De Oliveira, AS & Bernsmed, K 2015, From regulatory obligations to enforceable accountability policies in the cloud. in M Helfert, F Desprez, D Ferguson, F Leymann & VM Muñoz (eds), Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers. Communications in Computer and Information Science, vol. 512, Springer Verlag, pp. 134-150, International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Barcelona, Spain, 3/04/14. https://doi.org/10.1007/978-3-319-25414-2_9

From regulatory obligations to enforceable accountability policies in the cloud. / Benghabrit, Walid; Grall, Hervé; Royer, Jean Claude et al.
Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers. ed. / Markus Helfert; Frédéric Desprez; Donald Ferguson; Frank Leymann; Víctor Méndez Muñoz. Springer Verlag, 2015. p. 134-150 (Communications in Computer and Information Science; Vol. 512).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - From regulatory obligations to enforceable accountability policies in the cloud

AU - Benghabrit, Walid

AU - Grall, Hervé

AU - Royer, Jean Claude

AU - Sellami, Mohamed

AU - Azraoui, Monir

AU - Elkhiyaoui, Kaoutar

AU - Önen, Melek

AU - De Oliveira, Anderson Santana

AU - Bernsmed, Karin

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015/1/1

Y1 - 2015/1/1

N2 - The widespread adoption of the cloud model for service delivery triggered several data protection issues. As a matter of fact, the proper delivery of these services typically involves sharing of personal/ business data between the different parties involved in the service provisioning. In order to increase cloud consumer’s trust, there must be guarantees on the fair use of their data. Accountability provides the necessary assurance about the data governance practices to the different stakeholders involved in a cloud service chain. In this context, we propose a framework for the representation of accountability policies. Such policies offer to end-users a clear view of the privacy and accountability clauses asserted by the entities they interact with, as well as means to represent their preferences. Our framework offers two accountability policy languages: (i) an abstract language called AAL devoted for the representation of preferences/clauses in an human readable fashion, and (ii) a concrete one for the implementation of enforceable policies.

AB - The widespread adoption of the cloud model for service delivery triggered several data protection issues. As a matter of fact, the proper delivery of these services typically involves sharing of personal/ business data between the different parties involved in the service provisioning. In order to increase cloud consumer’s trust, there must be guarantees on the fair use of their data. Accountability provides the necessary assurance about the data governance practices to the different stakeholders involved in a cloud service chain. In this context, we propose a framework for the representation of accountability policies. Such policies offer to end-users a clear view of the privacy and accountability clauses asserted by the entities they interact with, as well as means to represent their preferences. Our framework offers two accountability policy languages: (i) an abstract language called AAL devoted for the representation of preferences/clauses in an human readable fashion, and (ii) a concrete one for the implementation of enforceable policies.

KW - Accountability

KW - Data protection

KW - Framework

KW - Policy enforcement

KW - Policy language

U2 - 10.1007/978-3-319-25414-2_9

DO - 10.1007/978-3-319-25414-2_9

M3 - Conference contribution

AN - SCOPUS:84955312946

SN - 9783319254135

T3 - Communications in Computer and Information Science

SP - 134

EP - 150

BT - Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers

A2 - Helfert, Markus

A2 - Desprez, Frédéric

A2 - Ferguson, Donald

A2 - Leymann, Frank

A2 - Muñoz, Víctor Méndez

PB - Springer Verlag

T2 - International Conference in Cloud Computing and Services Sciences, CLOSER 2014

Y2 - 3 April 2014 through 5 April 2014

ER -

Benghabrit W, Grall H, Royer JC, Sellami M, Azraoui M, Elkhiyaoui K et al. From regulatory obligations to enforceable accountability policies in the cloud. In Helfert M, Desprez F, Ferguson D, Leymann F, Muñoz VM, editors, Cloud Computing and Services Sciences - International Conference in Cloud Computing and Services Sciences, CLOSER 2014, Revised Selected Papers. Springer Verlag. 2015. p. 134-150. (Communications in Computer and Information Science). doi: 10.1007/978-3-319-25414-2_9

From regulatory obligations to enforceable accountability policies in the cloud

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this