Balancing Utility and Security: Securing Cloud Federations of Public Entities

Bojan Suzic, Bernd Prünster, Dominik Ziegler, Alexander Marsalek, Andreas Reiter

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.

In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.
Original languageEnglish
Title of host publicationOTM Confederated International Conferences
Subtitle of host publicationOn the Move to Meaningful Internet Systems
PublisherSpringer International Publishing AG
Pages943 - 961
Number of pages18
ISBN (Electronic)978-3-319-48472-3
ISBN (Print)978-3-319-48471-6
Publication statusPublished - 2016

Publication series

NameLecture Notes in Computer Science (LNCS)
PublisherSpringer International Publishing


  • authorization
  • cloud security
  • cloud federation
  • api security
  • data masking
  • data security policy
  • policy language
  • xacml

ASJC Scopus subject areas

  • Information Systems

Cite this