TY - JOUR
T1 - A privacy preserving authorization system for the cloud
AU - Chadwick, David
AU - Fatema, Kaniz
PY - 2012/9
Y1 - 2012/9
N2 - In this paper we describe a policy based authorisation infrastructure that a cloud provider can run as an infrastructure service for its users. It will protect the privacy of usersʼ data by allowing the users to set their own privacy policies, and then enforcing them so that no unauthorised access is allowed to their data. The infrastructure ensures that the usersʼ privacy policies are stuck to their data, so that access will always be controlled by the policies even if the data is transferred between cloud providers or services. This infrastructure also ensures the enforcement of privacy policies which may be written in different policy languages by multiple authorities such as: legal, data subject, data issuer and data controller. A conflict resolution strategy is presented which resolves conflicts among the decisions returned by the different policy decision points (PDPs). The performance figures are presented which show that the system performs well and that each additional PDP only imposes a small overhead.
AB - In this paper we describe a policy based authorisation infrastructure that a cloud provider can run as an infrastructure service for its users. It will protect the privacy of usersʼ data by allowing the users to set their own privacy policies, and then enforcing them so that no unauthorised access is allowed to their data. The infrastructure ensures that the usersʼ privacy policies are stuck to their data, so that access will always be controlled by the policies even if the data is transferred between cloud providers or services. This infrastructure also ensures the enforcement of privacy policies which may be written in different policy languages by multiple authorities such as: legal, data subject, data issuer and data controller. A conflict resolution strategy is presented which resolves conflicts among the decisions returned by the different policy decision points (PDPs). The performance figures are presented which show that the system performs well and that each additional PDP only imposes a small overhead.
UR - https://www.sciencedirect.com/science/article/pii/S0022000011001644
U2 - 10.1016/j.jcss.2011.12.019
DO - 10.1016/j.jcss.2011.12.019
M3 - Article
SN - 0022-0000
VL - 78
SP - 1359
EP - 1373
JO - Journal of Computer and System Sciences
JF - Journal of Computer and System Sciences
IS - 5
ER -