Runtime Model-Based Privacy Checks of Big Data Cloud Services

Cloud services have to comply with privacy policies when storing or processing data. As cloud services become increasingly data-intensive, e.g., in the case of big data analytics, data privacy concerns become more critical and challenging to address. In particular, data may only be processed at certain geo-locations. However, the actual geo-locations of the many storage and compute nodes involved in big data processing is dynamically selected during runtime. In addition, the execution of concrete data processing tasks may change data classifications from, e.g., personal to anonymized data. Thus, privacy policy checks for big data cloud services have to consider information about the actual nodes and data processing tasks at runtime. The proposed approach R-PRIS monitors cloud services to derive and maintain typed runtime models providing the aforementioned information. R-PRIS checks the typed runtime models against privacy policies by employing a data-classification-aware search. The evaluation of R-PRIS, performed on Amazon Web Services (including Hadoop), indicates that the approach may efficiently and timely detect privacy violations in big data cloud services.

[1]  Klaus Pohl,et al.  Architectural Runtime Models for Privacy Checks of Cloud Applications , 2015, 2015 IEEE/ACM 7th International Workshop on Principles of Engineering Service-Oriented and Cloud Systems.

[2]  Samuel Kounev,et al.  Automated extraction of architecture-level performance models of distributed component-based systems , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[3]  Klaus Pohl,et al.  A Runtime Model Approach for Data Geo-location Checks of Cloud Services , 2014, ICSOC.

[4]  Muhammad Awais Shibli,et al.  Comparative Analysis of Access Control Systems on Cloud , 2012, 2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[5]  Andreas Metzger,et al.  Preventing Performance Violations of Service Compositions Using Assumption-Based Run-Time Verification , 2011, ServiceWave.

[6]  Shahar Maoz,et al.  Using Model-Based Traces as Runtime Models , 2009, Computer.

[7]  Dragan Ivanovic,et al.  Constraint-Based Runtime Prediction of SLA Violations in Service Orchestrations , 2011, ICSOC.

[8]  Samuel Kounev,et al.  Modeling dynamic virtualized resource landscapes , 2012, QoSA '12.

[9]  Uwe Zdun,et al.  Systematic literature review of the objectives, techniques, kinds, and architectures of models at runtime , 2016, Software & Systems Modeling.

[10]  Ming Mao,et al.  A Performance Study on the VM Startup Time in the Cloud , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[11]  Hartmut Ehrig,et al.  Fundamentals of Algebraic Graph Transformation (Monographs in Theoretical Computer Science. An EATCS Series) , 1992 .

[12]  Zachary N. J. Peterson,et al.  Geolocation of data in the cloud , 2013, CODASPY.

[13]  Carlo Ghezzi,et al.  Model evolution by run-time parameter adaptation , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[14]  Soon Myoung Chung,et al.  Privacy-Preserving Attribute Distribution Mechanism for Access Control in a Grid , 2009, 2009 21st IEEE International Conference on Tools with Artificial Intelligence.

[15]  Antonio Pescapè,et al.  Cloud monitoring: A survey , 2013, Comput. Networks.

[16]  Ari Juels,et al.  New approaches to security and availability for cloud data , 2013, CACM.

[17]  Veda C. Storey,et al.  Business Intelligence and Analytics: From Big Data to Big Impact , 2012, MIS Q..