I published an HPL Technical Report discussing an approach to enable safer information sharing in the cloud, leveraging data sharing agreements and policy enforcement mechanism:
HPL 2012-22 Marco Casassa Mont, Ilaria Matteucci, Marinella Petrocchi, Marco Luca Sbodio Enabling Data Sharing in the Cloud, HPL-2012-22
The HPL TR abstract follows:
“Web interactions usually require the exchange of personal and confidential information for a variety of purposes, including enabling business transactions and the provisioning of services. A key issue affecting these interactions is the lack of trust and control on how data is going to be used and processed by the entities that receive this data. In the traditional world, this issue is addressed by using contractual agreements that are signed by the involved parties. This could be done electronically as well but there is currently a major gap between the definition of legal contracts, regulating the sharing of data and the software infrastructure required to support and enforce them. How to ensure that legal contracts can be actually enforced by the underlying IT infrastructure? How to ensure that a potentially enforceable version of the contract corresponds to the legal version of the contract? This article describes our work to address this gap through the usage of electronic Data Sharing Agreements (e-DSA). e-DSAs can be formally defined and analysed to identify inconsistencies and contradictory policies/constraints; they can then be deployed within the IT infrastructure and enforced. We specifically show how this can be achieved in a cloud scenario, where e-DSAs are enforced via policy enforcement capabilities developed in the UK EnCoRe [6] collaborative project. “
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment