Interoperable, dynamic and privacy-preserving access control for cloud data storage when integrating heterogeneous organizations

Cloud computing is extensively used as an integration means in varies application domains, spanning from the healthcare to the manufacturing, aiming at achieving an easy-to-access and elastic data storage and exchange among heterogeneous and geographically sparse organizations. This cloud-based integration poses crucial security issues related to the data protection from unauthorized access to the outsourced data, which calls for a proper access control solution. However, the heterogeneity among the organizations exacerbates this problem, demanding an interoperable authorization scheme, where multiple access control models must co-exist. The current literature is rich of academic solutions and standards to have an interoperable exchange of security policies and definition of authorization rules, but lacks an effective support to let different access control models to fully coexist. Moreover, the possibility of stealing authentication credentials and authorization claims paves the way to conducting masquerading attacks that cannot be treated by traditional static authorization solutions, but more dynamic approaches are needed. Last but not least, the continuous interaction of users with the cloud over the time has the vulnerability of exposing personal information to malicious adversaries and to let them trace the user activities. In this work, we propose to solve these three issues by having an ontology-based access control solution, to encompass trust within the authorization process and to use pseudonyms to preserve the user privacy.