A Data Location Control Model for Cloud Service Deployments

Kaniz Fatema, Philip D. Healy, Vincent C. Emeakaroha, John P. Morrison, Theo Lynn

    Research output: Chapter in Book/Published conference outputConference publication

    Abstract

    A data location control model for Cloud services is presented. The model is intended for use by Cloud SaaS providers that collect personal data that can potentially be stored and processed at multiple geographic locations. It incorporates users’ location preferences into authorization decisions by converting them into XACML policies that are consulted before data transfer operations. The model also ensures that the users have visibility into the location of their data and are informed when the location of their data changes. A prototype of the model has been implemented and was used to perform validation tests in various Cloud setups. These scenarios serve to demonstrate how location control can be integrated on top of existing public and private Cloud platforms. A sketch is also provided of an architecture that embeds location control functionality directly into the OpenStack Cloud platform. We further propose an enhancement to the model that alters its behaviour from being restrictive to prescriptive so that Cloud providers can copy data to a non-preferred locations in case of emergency. Under this approach, the number of authorized vs unauthorized transfers can be made publicly available by the provider as an assurance measure for consumers.
    Original languageEnglish
    Title of host publicationCloud Computing and Services Sciences. CLOSER 2014
    PublisherSpringer
    Chapter8
    Pages117-133
    ISBN (Electronic)978-3-319-25414-2
    ISBN (Print)978-3-319-25413-5
    DOIs
    Publication statusPublished - 30 Dec 2015

    Publication series

    NameCloud Computing and Services Sciences
    Volume512
    ISSN (Print)1865-0929
    ISSN (Electronic)1865-0937

    Fingerprint

    Dive into the research topics of 'A Data Location Control Model for Cloud Service Deployments'. Together they form a unique fingerprint.

    Cite this