Enriching Traceability with Context for Adaptive Information Security in the Cloud

Nhlabatsi, Armstrong; Tun, Thein; Khan, Niamul; Yu, Yijun; Bandara, Arosha; Khan, Khaled and Nuseibeh, Bashar (2014). Enriching Traceability with Context for Adaptive Information Security in the Cloud. Technical Report 2014/02; Department of Computing, The Open University.

DOI: https://doi.org/10.21954/ou.ro.000160c5

Abstract

Cloud applications enjoy a diverse community of users to store and process a variety of data in different conditions in their execution environment. We refer to the attributes that determine these conditions as context. Therefore these applications have a variety of security requirements, the satisfaction of which depends on the application adapting on the users’ context. We call such adaptation capability Adaptive Information Security. The paper argues that one of the key prerequisites for adaptive information security in the cloud is the use of traceability as a means to reasoning the relationship between security requirements and the policies that satisfy those requirements. However, current approaches to traceability do not provide support for taking into account contextual attributes. This makes it challenging to reason about satisfaction of the security requirement at runtime. We propose an approach to traceability that addresses this challenge by making context explicit. Our approach uses entailment relationships to capture and enrich traceability links with context. We use these links to diagnose the violation of security requirements. We applied our approach to an open-source cloud application (ownCloud) which we re-engineered for adaptive access control.

Viewing alternatives

Download history

Metrics

Public Attention

Altmetrics from Altmetric

Number of Citations

Citations from Dimensions

Item Actions

Export

About