RADAR: Data Protection in Cloud-Based Computer Systems at Run Time

The protection of confidential data (e.g., personal data) is a concern of increasing importance. Data processing applications are often deployed in cloud or fog/edge computing systems. Such cloud-based systems may change dynamically during operations, for example because of changes in the users, in the deployed software services, or in the infrastructure. As a result, both the threats to data protection and the availability of data protection mechanisms may change at run time, making efficient data protection very challenging. This paper presents RADAR (Run-time Adaptations for DAta pRotection), an approach for ensuring data protection in dynamically changing cloud-based systems. RADAR analyzes the configuration of the cloud-based system automatically at run time, to detect changes in the threats to data protection or in the availability of data protection mechanisms. If needed, RADAR automatically adapts the cloud-based system to ensure the continued satisfaction of data protection requirements. From multiple possible adaptations that lead to the satisfaction of data protection requirements, RADAR chooses an adaptation that has the lowest negative implication on other goals, like costs and the availability of functionality. RADAR is a comprehensive approach that combines pattern-based detection of problematic system configurations with model-based automatic run-time adaptations and a search algorithm for finding the best adaptation. RADAR is validated using two case studies from the cloud and fog computing domains, and the scalability of the approach is evaluated using a set of controlled experiments.