D4.4. A proposal for secure enforcement of policies in the Cloud

Cloud systems are a great platform for collaboration and shared resource usage. However, such cloud systems can only be successful if they securely enforce policies in the cloud, as they otherwise put users’ data at risk. During the course of this deliverable we will present three contributions targeted at providing a better enforcement of cloud policies.
We present the implementation of the TREDISEC security primitive Access Control for Multi-tenancy that was outlined as part of deliverable D4.1. Multi-tenancy makes cloud systems attractive for both customers and providers due to the lower costs. However, such systems also require special care in terms of access control as tenants have to be securely separated from each other.
We also present a novel technique aimed at enhancing the collaboration on cloud storage for group members, e.g. a set of employees. Such members want to use collaboratively-accessible cloud storage, but due to data protection regulation they also need secure deletion in order to protect customer privacy and data security.
Finally, we outline a new instantiation of interaction for multiple distrusting parties that want to make shared access control decisions on a shared cloud repository. Our system prevents a single party from monopolizing the access control decisions, but in contrast provides an efficient way for collaborative access control decisions for cloud storage using blockchain technologies.