Issue No. 04 - October-December (2011 vol. 4)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TSC.2010.53
Bryan Stephenson , Hewlett-Packard Laboratories, Palo Alto
Hamid R. Motahari-Nezhad , Hewlett-Packard Laboratories, Palo Alto
Sharad Singhal , Hewlett-Packard Laboratories, Palo Alto
Jun Li , Hewlett-Packard Laboratories, Palo Alto
Many cloud service providers offer outsourcing capabilities to businesses using the software-as-a-service delivery model. In this delivery model, sensitive business data need to be stored and processed outside the control of the business. The ability to manage data in compliance with regulatory and corporate policies, which we refer to as data assurance, is an essential success factor for this delivery model. There exist challenges to express service data assurance capabilities, capture customers' requirements, and enforce these policies inside service providers' environments. This paper addresses these challenges by proposing Global Enforcement Of Data Assurance Controls (GEODAC), a policy framework that enables the expression of both service providers' capabilities and customers' requirements, and enforcement of the agreed-upon data assurance policies in service providers' environments. High-level policy statements are backed in the service environment with a state machine-based representation of policies in which each state represents a data lifecycle stage. Data assurance policies that define requirements on data retention, data migration, data appropriateness for use, etc. can be described and enforced. The approach has been implemented in a prototype tool and evaluated in a services environment.
Security and privacy in services; security and privacy management in data collection, transformation and dissemination; service oriented computing; software as a service; services delivery platform and methodology.
Bryan Stephenson, Hamid R. Motahari-Nezhad, Sharad Singhal, Jun Li, "GEODAC: A Data Assurance Policy Specification and Enforcement Framework for Outsourced Services", IEEE Transactions on Services Computing, vol. 4, no. , pp. 340-354, October-December 2011, doi:10.1109/TSC.2010.53