Compliance-Preserving Cloud Storage Federation Based on Data-Driven Usage Control

Abstract

Cloud storage federation improves service availability and reduces vendor lock-in risks of single-provider cloud storage solutions. Federation therefore distributes and replicates data among different cloud storage providers. Missing controls on data location and distribution however introduce security and compliance issues. This paper proposes a novel approach of using data-driven usage control to preserve compliance constraints in cloud storage federation. Based on common compliance regulations and laws we provide a brief categorization of compliance problems into spatial, temporal, and qualitative requirements. In addition, we show how usage control policies can be employed to constrain federation according to these categories. To demonstrate the feasibility of our approach we evaluate security and performance of our prototypical implementation.