AUTOMATING COMPLIANCE FOR CLOUD COMPUTING SERVICES

Nick Papanikolaou, Siani Pearson, Marco Casassa Mont, Ryan Ko

Abstract

We present an integrated approach for automating service providers’ compliance with data protection laws and regulations, business and technical requirements in cloud computing. The techniques we propose in particular include: natural-language analysis (of legislative and regulatory texts, and corporate security rulebooks) and extraction of enforceable rules, use of sticky policies, automated policy enforcement and active monitoring of data, particularly in cloud environments. We discuss ongoing work on developing a software tool for natural-language processing of cloud terms of service and other related policy texts. We also identify opportunities for future software development in the area of cloud computing compliance.

References

  1. Mell, P., Grance, T. The NIST Definition of Cloud Computing: Recommendations of the National Institute of Standards and Technology. NIST Special Publication, 2011, 800-145.
  2. Bradshaw, S., Millard, C., Walden, I. 2010. Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services. Queen Mary University of London, School of Law Legal Studies Research Paper No. 63/2010.
  3. Breaux, T. D., Gordon, D. G. 2011 Regulatory Requirements as Open Systems: Structures, Patterns and Metrics for the Design of Formal Requirements Specifications. Technical Report CMU-ISR-11-100, Institute for Software Research, Carnegie-Mellon University.
  4. Breaux, T. D., Vail, M.W., and Antón, A.I. 2006. Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations. In Proceedings of 14th IEEE International Requirements Engineering Conference (RE'06), 2006.
  5. Cunningham, H., Maynard, D., Bontcheva, K., Tablan, V., Aswani, N., Roberts, I., Gorrell, G., Funk, A., Roberts, A., Damljanovic, D., Heitz, T., Greenwood, M.A., Saggion, H., Petrak, J., Li, Y., Peters, W. 2011. Text Processing with GATE (Version 6). Department of Computer Science, University of Sheffield.
  6. Cranor, L., Langheinrich, M., Marchiori, M., PreslerMarshall, M., Reagle, J. 2002. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Recommendation.
  7. May, M., Gunter, C., Lee, I., Zdancewic, S. 2009. Strong and Weak Policy Relations. In Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 7809). IEEE Computer Society, Washington, DC, USA, pp. 33-36, 2009.
  8. Papanikolaou, N., Creese, S., Goldsmith, M. Refinement checking for privacy policies. Science of Computer Programming. Article in Press, DOI:10.1016/ j.scico.2011.07.009.
  9. Casassa Mont, M., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N. A Conceptual Model for Privacy Policies with Consent and Revocation Requirements. In Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and Identity Management for Life, Lecture Notes in Computer Science, Springer (2010).
  10. Pearson, S. Toward Accountability in the Cloud. View from the Cloud, IEEE Internet Computing, IEEE Computer Society, July/August issue, vol. 15, no. 4, 2011.
  11. Pearson, S., Casassa Mont, M., Kounga, G. 2011. Enhancing Accountability in the Cloud via Sticky Policies. Secure and Trust Computing, Data Management and Applications, Communications in Computer and Information Science, vol. 187, Springer Verlag, Heidelberg, pp. 146-155.
  12. Mowbray, M., Pearson, S. and Shen, Y. 2010. Enhancing privacy in cloud computing via policy-based obfuscation. Journal of Supercomputing. DOI: 10.1007/s11227-010-0425-z.
  13. Ko, R. K. L, Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., Lee, B.S. 2011a. TrustCloud: A Framework for Accountability and Trust in Cloud Computing, 2nd IEEE Cloud Forum for Practitioners (ICFP), IEEE Computer Society, Washington DC, USA.
  14. Ko, R.K.L., Lee, B. S., Pearson, S. 2011b. Towards achieving accountability, auditability and trust in cloud computing. A. Abraham et al. (Eds.), ACC 2011, Part IV, CCIS 193, pp. 432-444, SpringerVerlag, Heidelberg.
Download


Paper Citation


in Harvard Style

Papanikolaou N., Pearson S., Mont M. and Ko R. (2012). AUTOMATING COMPLIANCE FOR CLOUD COMPUTING SERVICES . In Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CloudSecGov, (CLOSER 2012) ISBN 978-989-8565-05-1, pages 631-637. DOI: 10.5220/0003976906310637


in Bibtex Style

@conference{cloudsecgov12,
author={Nick Papanikolaou and Siani Pearson and Marco Casassa Mont and Ryan Ko},
title={AUTOMATING COMPLIANCE FOR CLOUD COMPUTING SERVICES},
booktitle={Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CloudSecGov, (CLOSER 2012)},
year={2012},
pages={631-637},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003976906310637},
isbn={978-989-8565-05-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CloudSecGov, (CLOSER 2012)
TI - AUTOMATING COMPLIANCE FOR CLOUD COMPUTING SERVICES
SN - 978-989-8565-05-1
AU - Papanikolaou N.
AU - Pearson S.
AU - Mont M.
AU - Ko R.
PY - 2012
SP - 631
EP - 637
DO - 10.5220/0003976906310637