Trust and regulation conceptualisation: The foundation for user-defined cloud policies

Abstract

In the areas of secrecy or sensitive data management, the public cloud paradigm is not currently well accepted. The root of this problem arises from an inherent structural concept of restricted responsibilities and the lack of trust from the cloud users’ perspective. This work introduces a conceptual approach to user-centric policy management for cloud usage, combined with an underpinning holistic trust approach. Trust has to be established as a separate infrastructural concept determining the level of user adjustability. This approach outlines how provisioning cloud users’ policies is combined with agent-based trust establishment. An ontology-driven regulation concept enables formal policy definitions and trustworthy real-time reasoning about current trust levels, policy states, and pending security risks.