End-to-end privacy policy enforcement in cloud infrastructure

Privacy in the cloud is still a strong issue for the large adoption of cloud technologies by enterprises which fear to actually put their sensitive data in the cloud. There is indeed a need to have an efficient access control on the data stored and processed in the cloud infrastructure allowing to support the various business and country-based regulation constraints (e.g., on data location and co-location, data retention duration, data processing, node security level, tracing and audit). In this perspective, this paper presents a novel approach of end-to-end privacy policy enforcement over the cloud infrastructure and based on the sticky policy paradigm (a policy being bound to each sensitive data). In our approach the data protection is performed within the cloud nodes (e.g., within the internal file system of a VM or its attached volume) and is completely transparent for the applications (no need to modify the applications). This paper describes the concept and the proposed end-to-end architecture (from the client to the cloud nodes) as well as an implementation based on the FUSE (Filesystem in Userspace) technology. This implementation is executed on a scenario of data access and transfer control, and is also used to achieve performance evaluations. These evaluations show that, with a reasonable additional computation cost, this approach offers a flexible and transparent way to enforce various privacy constraints within the cloud infrastructure.