A privacy preserving authorisation system for the cloud

详细信息	查看全文 | 推荐本文 |

• 作者：David W. Chadwick ; ^{d.w.chadwick@kent.ac.uk} ; Kaniz Fatema ^{kf66@kent.ac.uk}
• 关键词：Policy decision point ; Privacy policies ; Sticky policies ; Credential validation service ; Obligations ; Cloud security
• 刊名：Journal of Computer and System Sciences
• 出版年：2012
• 期刊代码：186_00220000
• 类别：et
• 出版时间：September, 2012
• 卷：78
• 期：5
• 页码：1359-1373
• 文件大小：335 K

摘要

In this paper we describe a policy based authorisation infrastructure that a cloud provider can run as an infrastructure service for its users. It will protect the privacy of users始 data by allowing the users to set their own privacy policies, and then enforcing them so that no unauthorised access is allowed to their data. The infrastructure ensures that the users始 privacy policies are stuck to their data, so that access will always be controlled by the policies even if the data is transferred between cloud providers or services. This infrastructure also ensures the enforcement of privacy policies which may be written in different policy languages by multiple authorities such as: legal, data subject, data issuer and data controller. A conflict resolution strategy is presented which resolves conflicts among the decisions returned by the different policy decision points (PDPs). The performance figures are presented which show that the system performs well and that each additional PDP only imposes a small overhead.