Representing Multicloud Security and Privacy Policies and Detecting Potential Problems

As more organizations adopt cloud computing, they are increasingly moving towards a mixture of public, private, and hybrid cloud services and infrastructure. These organizations turn to multicloud, which involves the use of two or more public clouds, to avoid vendor lock-in, overcome latency, mitigate risks, and control costs. The use of multicloud does have some advantages, such as flexibility and redundancy, but comes with some management, security, and privacy challenges as well. To overcome some of the security challenges, organizations would have to capture and analyze security and privacy policies across multiple clouds to ensure the policies are free from errors and enforce them at runtime independent of the cloud provider. In this paper, we present CERBERUS, a framework for representing multicloud security and privacy policies and detecting potential problems in the policies. CERBERUS adopts an object-oriented approach and consists of an ontology and notation, policies, guidelines and rules, and a tool for capturing and detecting policy errors. Using CERBERUS, policies can be analyzed for potential problems, including policy conflicts, inconsistencies, ambiguities, and incompleteness. An application of CERBERUS shows that it indeed helps discover policy errors, that would otherwise go undetected, or in many cases would be detected a posteriori at runtime.