Title: A model-based approach for multi-level privacy policies derivation for cloud services

Authors: Amal Ghorbel; Mahmoud Ghorbel; Mohamed Jmaiel

Addresses: ENIS, ReDCAD Laboratory, University of Sfax, B.P. 1173, 3038, Sfax, Tunisia ' ENIS, ReDCAD Laboratory, University of Sfax, B.P. 1173, 3038, Sfax, Tunisia ' Centre de Recherche en Numérique de Sfax, 3021, Sfax, Tunisia

Abstract: To benefit from the advantages offered by the cloud services, a data owner must move his private data to external servers to be accessed and handled by unknown parties. This brings about several concerns such as lack of user control, data leakage, improper access and use, unauthorised data storage location and retention, etc. Although extensive research efforts have been carried out to address data privacy issues in the cloud, this still requires many more efforts. Particularly, the privacy policy specification which presents the first step to ensure fine-grained data protection in such an untrusted environment. In this paper, we introduce a model-based approach that couples access, usage and storage policies specification in the context of cloud services. The approach stands on a high-level abstract model and a low-level concrete model to design the policies. Models refinement from top to bottom and automatic derivation of the final policies are introduced. The approach is demonstrated and evaluated through a case study.

Keywords: privacy policy specification; cloud services; PIM; PSM.

DOI: 10.1504/IJSN.2021.112836

International Journal of Security and Networks, 2021 Vol.16 No.1, pp.12 - 27

Received: 11 Oct 2019
Accepted: 30 Oct 2019

Published online: 07 Feb 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article