Title: A model-based approach for multi-level privacy policies derivation for cloud services
Authors: Amal Ghorbel; Mahmoud Ghorbel; Mohamed Jmaiel
Addresses: ENIS, ReDCAD Laboratory, University of Sfax, B.P. 1173, 3038, Sfax, Tunisia ' ENIS, ReDCAD Laboratory, University of Sfax, B.P. 1173, 3038, Sfax, Tunisia ' Centre de Recherche en Numérique de Sfax, 3021, Sfax, Tunisia
Abstract: To benefit from the advantages offered by the cloud services, a data owner must move his private data to external servers to be accessed and handled by unknown parties. This brings about several concerns such as lack of user control, data leakage, improper access and use, unauthorised data storage location and retention, etc. Although extensive research efforts have been carried out to address data privacy issues in the cloud, this still requires many more efforts. Particularly, the privacy policy specification which presents the first step to ensure fine-grained data protection in such an untrusted environment. In this paper, we introduce a model-based approach that couples access, usage and storage policies specification in the context of cloud services. The approach stands on a high-level abstract model and a low-level concrete model to design the policies. Models refinement from top to bottom and automatic derivation of the final policies are introduced. The approach is demonstrated and evaluated through a case study.
Keywords: privacy policy specification; cloud services; PIM; PSM.
International Journal of Security and Networks, 2021 Vol.16 No.1, pp.12 - 27
Received: 11 Oct 2019
Accepted: 30 Oct 2019
Published online: 07 Feb 2021 *