Cloud infrastructures rely on virtualization abstracting the physical hardware. Multiple tenants can share physical hardware, and a single virtual resource may span multiple physical resources. The uncertainty about location and context of virtual resources is a potential security threat. For instance, tenants may want to prevent their data from migrating to undesirable jurisdictions (e.g. outside the European Union) and to ensure that certain virtual resources share (or expressly do not share) a common physical resource. Cloud users demand fine-grained control of collection, processing and storage of their data. For secure and resilient cloud application management, we suggest a usage control framework for cloud environments for enforcing user-definable, context-aware usage control policies.
In cloud environments, usage control may serve as an enabler. It provides not only fine-grained control over data flow and data usage, but also context-aware control decisions in virtual cloud environments that otherwise remain rather intransparent for cloud users, preventing them from putting their critical business assets into the cloud. For example, in critical infrastructures such as smart energy management, different stakeholder need to exchange all kinds of business-related data for trading energy and managing the energy grid, and each stakeholder has specific business interests to share (or not to share) data with collaboration partners or competitors. From a provider’s perspective, usage control is an added value that may convince more users to opt for cloud deployment. Thus, usage control allows different stakeholders to enforce their individual security demands with respect to their data and functionality.
The value of data is more and more appreciated, and data-centric business models are gaining popularity in the age of »big data« applications. However, to facilitate large-scale data business across organizational boundaries—especially in cloud environments—, we need to reconcile two conflicting goals: the free exchange of data assets on the one hand, and the protection of intellectual property, trade secrets, and privacy on the other hand. Even in a cloud environment with cross-organizations business transactions, the users should keep full control over the collection, processing and storage of their data and application assets. Unfortunately, the virtual resources of cloud infrastructures lack transparency, which is a major obstacle for trusted cloud deployment. Ideally, users would like to share their data according to well-defined, technically enforced usage policies, and they would like to adapt these policies at any time depending on their specific business needs to express exactly who may use their data and services under which conditions and for which purposes. Providing a suitable usage control infrastructure within the cloud would foster trust among business partners, thus facilitating new types of data-centric business models while limiting the risks of privacy violations, intellectual property theft, or license infringement. Apart from restricting the use of data in its original form, data usage control (a generalization of access control spanning the whole lifecycle of data even after initial access has been granted) can also enforce data transformations to adapt the data to the intended usage scenario. For example, a usage control policy may require to remove person-identifiable data attributes (or to anonymize them) before granting access to a business partner. Moreover, usage control policies may take application context and cloud context into account, for example, to enforce data processing at restricted geo-locations or to grant processing only if suitable audit trails are recorded. Data usage control mechanisms can be integrated into several system layers (e.g., cloud infrastructure and cloud service layer) in order to allow comprehensive usage control. These types of accompanying control measures pave the way for new business opportunities what would otherwise fail due to security or privacy concerns of companies or customers. At Fraunhofer IESE in Kaiserslautern, we are exploring the potential of usage control for several years in various contexts, such as mobile applications, the Internet of Things, or cloud computing. We are exploring a data usage control framework that aims to offer a rich policy language, support for user-friendly policy specifications, context-awareness capabilities, and policy decision and enforcement components for distributed usage control. We already showed the applicability of usage control in the context of secure cloud computing within the EU research project SECCRIT (FP7). In RESCUER (FP7) we analyzed the application of data usage control for a privacy-preserving emergency management platform.