Copy the page URI to the clipboard
Nhlabatsi, Armstrong; Tun, Thein; Khan, Niamul; Yu, Yijun; Bandara, Arosha; Khan, Khaled and Nuseibeh, Bashar (2014). Enriching Traceability with Context for Adaptive Information Security in the Cloud. Technical Report 2014/02; Department of Computing, The Open University.
DOI: https://doi.org/10.21954/ou.ro.000160c5
Abstract
Cloud applications enjoy a diverse community of users to store and process a variety of data in different conditions in their execution environment. We refer to the attributes that determine these conditions as context. Therefore these applications have a variety of security requirements, the satisfaction of which depends on the application adapting on the users’ context. We call such adaptation capability Adaptive Information Security. The paper argues that one of the key prerequisites for adaptive information security in the cloud is the use of traceability as a means to reasoning the relationship between security requirements and the policies that satisfy those requirements. However, current approaches to traceability do not provide support for taking into account contextual attributes. This makes it challenging to reason about satisfaction of the security requirement at runtime. We propose an approach to traceability that addresses this challenge by making context explicit. Our approach uses entailment relationships to capture and enrich traceability links with context. We use these links to diagnose the violation of security requirements. We applied our approach to an open-source cloud application (ownCloud) which we re-engineered for adaptive access control.