Achieving fine-grained access control in virtual organizations: Research Articles
Concurrency and Computation: Practice & Experience - Second International Workshop on Emerging Technologies for Next-generation GRID (ETNGRID 2005)
Overriding of Access Control in XACML
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Amazon S3 for science grids: a viable solution?
DADC '08 Proceedings of the 2008 international workshop on Data-aware distributed computing
Coordinating access control in grid services
Concurrency and Computation: Practice & Experience - Middleware for Grid Computing: Future Trends (MGC2006)
PERMIS: a modular authorization infrastructure
Concurrency and Computation: Practice & Experience - UK e-Science All Hands Meeting 2006
Adding support to XACML for multi-domain user to user dynamic delegation of authority
International Journal of Information Security
Taking account of privacy when designing cloud computing services
CLOUD '09 Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing
A client-based privacy manager for cloud computing
Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE
Accountability as a Way Forward for Privacy Protection in the Cloud
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
How to Securely Break into RBAC: The BTG-RBAC Model
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures
DASC '09 Proceedings of the 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing
Data protection models for service provisioning in the cloud
Proceedings of the 15th ACM symposium on Access control models and technologies
A flexible architecture for privacy-aware trust management
Journal of Theoretical and Applied Electronic Commerce Research
Using WebDAV for improved certificate revocation and publication
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Trends and research directions for privacy preserving approaches on the cloud
Proceedings of the 6th ACM India Computing Convention
The QoS-based MCDM system for SaaS ERP applications with Social Network
The Journal of Supercomputing
Privacy-preserving identity federations in the cloud: a proof of concept
International Journal of Security and Networks
Hi-index | 0.00 |
In this paper we describe a policy based authorisation infrastructure that a cloud provider can run as an infrastructure service for its users. It will protect the privacy of users@? data by allowing the users to set their own privacy policies, and then enforcing them so that no unauthorised access is allowed to their data. The infrastructure ensures that the users@? privacy policies are stuck to their data, so that access will always be controlled by the policies even if the data is transferred between cloud providers or services. This infrastructure also ensures the enforcement of privacy policies which may be written in different policy languages by multiple authorities such as: legal, data subject, data issuer and data controller. A conflict resolution strategy is presented which resolves conflicts among the decisions returned by the different policy decision points (PDPs). The performance figures are presented which show that the system performs well and that each additional PDP only imposes a small overhead.