Foundations for designing, defining, validating and executing access control policies in cloud environments

Abstract

By embracing cloud computing enterprises are able to boost their agility and productivity whilst realising significant cost savings. However, due to security and privacy concerns, many enterprises are reluctant to migrate their data and operations to the cloud. One way to alleviate these concerns is to devise access control policies that infuse suitable security controls into cloud services. Nevertheless, the complexity inherent in such policies, stemming from the dynamic nature of cloud environments, calls for a framework that provides assurances with respect to the effectiveness of the policies. In this respect, this work proposes a class of constraints, the so-called well-formedness constraints, that provide such assurances by empowering stakeholders to harness the attributes of the policies. Both the policies and the constraints are expressed ontologically hence enabling automated reasoning about the abidance of the policies with the constraints.