An Ontology-based Guidance for Privacy Enforcement in a Multi-Authority Cloud Environment

Despite its attractive benefits, cloud adoption is challenged by some criteria of security and privacy. Access Control is one of the traditional and essential security tools of data protection. The decision to grant access to a resource must ensure secure management with a specific attention to privacy and data protection regulations. In particular, the challenge is more important with public clouds as many governing authorities could be involved in one cloud scenario. This implies a difficulty to work out which regulation should be applicable in case of conflict. In recent years, many access control models were proposed. Despite increasing legislative pressure, few of these propositions take care of privacy requirements in their security policies specification and enforcement. In this paper, we propose to enforce privacy compliance in access control policies for the context of public cloud. Throughout the use of ontology tools, we propose an approach for checking privacy enforcement with access control conditions. We also suggest the use of privacy safeguards notification where the threat to privacy protection is related to the secondary usage of personal data more than just the data access itself.