Privacy-aware cloud service selection approach based on P-Spec policy models and privacy sensitivities

Abstract

In cloud computing era, massive free and function-powerful cloud services can be selected by consumers at any time. However, owing to lacking of privacy policy transparency mechanism and privacy policy comparison mechanism, it is difficult for service consumers to distinguish what is a trusted service and what is a malicious service. To solve these problems, we conceive a comprehensive framework whose primary goal is to set up a policy matching engine as a service mediator to assist service consumers to select out a group privacy trusted services whose privacy policy can comply with consumer’s privacy preferences. Accordingly, we propose a formal policy specification language named P-Spec, which can be utilized to describe the service’s privacy policies and consumer’s privacy preferences explicitly. We further propose a privacy-aware service selection approach, which consists of a group of P-Spec policy models, introduced privacy metrics and a specific policy matching algorithm based on privacy sensitivities. To verify the effectiveness and feasibility of our approach, we implement a proof-of-concept prototype to carry out the relevant experimental studies. The experimental results illustrate our approach can still work well with increasing the scale of policy models. We further utilize the relevant linear fit theories to predict the execution performance of our approach in real cloud, the final predicted results illustrate its performance is permitted and can be improved in real. Lastly, we compare our P-Spec language with some other policy languages and evaluate the comparative results.