Despite its attractive benefits, cloud adoption is challenged by some criteria of security and privacy. Access Control is one of the traditional and essential security tools of data protection. The decision to grant access to a resource must
ensure secure management with a specific attention to privacy
and data protection regulations. In particular, the challenge is more important with public clouds as many governing
authorities could be involved in one cloud scenario. This implies a difficulty to work out which regulation should be applicable in case of conflict. In recent years, many access control models were proposed. Despite increasing legislative pressure, few of these propositions take care of privacy requirements in their security policies specification and enforcement. In this paper, we propose to enforce privacy compliance in access control policies for the context of public cloud. Throughout the use of ontology tools, we propose an approach for checking privacy enforcement with access control conditions. We also suggest the use of privacy safeguards notification where the threat to privacy protection is
related to the secondary usage of personal data more than just
the data access itself.
Rahmouni Boussi, H. An ontology-based guidance for privacy enforcement in a multi-authority cloud environment. Paper presented at 2015 International Conference on Cloud Technologies and Applications (CloudTech)