A Runtime Model Approach for Data Geo-location Checks of Cloud Services

Abstract: Organizations have to comply with geo-location policies that prescribe geographical locations at which personal data may be stored or processed. When using cloud services, checking data geo-location policies during design-time is no longer possible -data geo-location policies need to be checked during run-time. Cloud elasticity mechanisms dynamically replicate and migrate virtual machines and services among data centers, thereby affecting the geo-location of data. Due to the dynamic nature of such replications… Show more

“…[19]): Interactions of directly connected components, access of components to locally stored files, meta-information of stored or processed data, information on component deployments on virtual machines, geo-location information of virtual machines, and explicit or implicit information on transitive data transfers.…”

“…personal data) and a set of geo-locations, i.e. data of these classes must not be processed or stored at the specified locations (see [19]). …”

“…To facilitate efficient model checks of large and complex applications, we propose in [19] to specify the check as st-connectivity problem. If a path from locations to data classifications (both specified in p) exist in G, then this path indicates a potential privacy violation.…”

“…In [19], we address this gap by proposing a privacy checking approach that covers cloud elasticity and data transfers among components. These privacy checks build on the utilization of runtime models that reflect application components, their interactions, and deployments.…”

“…The updating part injectively maps the heartbeat information to graph transformation rules. The proposed runtime model together with the privacy check [19] constitute the R-PRIS approach (Runtime model-based PRIvacy checkS) that performs efficient privacy checks of up-to-date architectural models. The prototypical evaluation of the runtime model shows that it accurately reflects changes imposed by elasticity.…”

Architectural Runtime Models for Privacy Checks of Cloud Applications

“…[19]): Interactions of directly connected components, access of components to locally stored files, meta-information of stored or processed data, information on component deployments on virtual machines, geo-location information of virtual machines, and explicit or implicit information on transitive data transfers.…”

“…personal data) and a set of geo-locations, i.e. data of these classes must not be processed or stored at the specified locations (see [19]). …”

“…To facilitate efficient model checks of large and complex applications, we propose in [19] to specify the check as st-connectivity problem. If a path from locations to data classifications (both specified in p) exist in G, then this path indicates a potential privacy violation.…”

“…In [19], we address this gap by proposing a privacy checking approach that covers cloud elasticity and data transfers among components. These privacy checks build on the utilization of runtime models that reflect application components, their interactions, and deployments.…”

“…The updating part injectively maps the heartbeat information to graph transformation rules. The proposed runtime model together with the privacy check [19] constitute the R-PRIS approach (Runtime model-based PRIvacy checkS) that performs efficient privacy checks of up-to-date architectural models. The prototypical evaluation of the runtime model shows that it accurately reflects changes imposed by elasticity.…”

Architectural Runtime Models for Privacy Checks of Cloud Applications

Monitoring and Checking Privacy Policies of Cloud Services Based on Models

Using Risk Patterns to Identify Violations of Data Protection Policies in Cloud Systems