Addressing security compatibility for multi-tenant cloud services

Abstract

This paper addresses the issue of compatibility checking between the security requirements of service clients and the security assurances provided by multi-tenant cloud services. To allow early detection of security mismatches, our proposed framework provides a security ontology to support flexible specification of security policies and to allow semantic matching and run-time reasoning about the compatibility between security requirements and assurances of the interacting systems in multi-tenant service-oriented systems. The paper also defines various compositional models of a client based on the requirements of specific use context and users' profile of the client for a service. 2013 Inderscience Enterprises Ltd.