PRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS

www.openi-ict.eu Open-Source, Web-Based, Framework for Integrating Applications with Social Media Services and Personal Cloudlets PRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS Open-Source, Web-Based, Framework for Integrating Applications with Cloud-based Services

OPENi Project The OPENi research project aims to inspire innovation in the mobile applications industry through the development of an open-source platform for consumer-centric mobile cloud applications.

Architecture

Mobile Client Library To provide convenient access to the API, security, and Personal Cloudlet frameworks, OPENi provides the following mobile client libraries. A cross-platform HTML/JavaScript library for use in HTML5 and Apache Cordova mobile web-apps A native Android client library.

Security framework The security framework is responsible for access control functionality and is tightly coupled with the Cloudlet Framework. It provides users more control over their personal data and the cloud-based services that they interact with.

API framework An open framework that is capable of interoperating with a variety of cloud-based services. Promotes innovation by offering application developers a framework that will enable them to design and build complex applications involving the combinations of independent cloud-based services.

Personal Cloudlet Framework Provides application consumers with a single location to store and control their personal data. In conjunction with the security framework, empowers application consumers to remain in control of their data. Consumers are assured their data is not being used without their consent.

Personal Cloudlet Objectives 1. To build key technological enablers to ensure the practical applicability and efficient use of the OPENi platform. 2. To deliver an open source platform that will allow application consumers to create, deploy and manage their personal space in the cloud (Personal Cloudlet). Each Personal Cloudlet constitutes an entity that will be linked to its user's identity.

Personal Cloudlet Objectives 3. To provide and promote a novel, user-centric application experience of cloud-based services not only across different devices but also inherently across different applications. 4. To ensure the OPENi platform maintains a low barrier to entry for application developers and service providers.

How should a secure and privacy concerned web based framework be developed in order to provide user-centric management to dynamic data and APIs, while providing the developer with the ability to access the data in a privacy concerning manner?

Personal Cloudlet Framework

Data Storage Component Capable of storing user, app-specific, and internal cloudlet data. Data may be in various forms such as text, graphical, audio etc. therefore the data storage component of the cloudlet framework is capable of accommodating binary files as well as structured JSON data.

Notification This component is responsible for communicating with the platforms users. Current message transport mechanisms supported are: email SMS REST call Server Side Events (SSEs) Google Cloud Messaging(GCM)

Authentication, Authorisation, and Accounting Authentication and authorisation mechanisms are handled by the security framework, however accounting and auditing is handled in the cloudlet framework. The details of all access requests, subsequent actions and cloudlet responses is monitored and logged by the accounting component. These logs are available in the cloudlet GUI for the cloudlet owner to inspect.

Data Access All data is accessed via a set of APIs, namely Data API and Type API. They ensure a consistent access point for all services such as apps, the API framework, and 3rd party services. In conjunction with the Authentication, Authorisation, Accounting component and permissions, the cloudlet owner is in full control of who and what can access each piece of data in their Personal Cloudlet.

Cloudlet GUIs To empower Cloudlet owners in the management of their cloudlets they have a standalone GUI, separate to the on app interface. GUI features include: access logs viewing preference editing permissions editing.

Data Aggregator The data aggregation component will offer 3rd parties the ability to view aggregated user data from multiple cloudlets while concealing the individual cloudlet owner s identity.

User Centric & Privacy Preserving Features JSON Web Tokens Base64 encoded JSON objects Enable REST based frameworks manage sessions and claims In OPENi used to apply context to 3 rd party access to personal cloudlets Provide an OAuth 2.0 compliant workflow

User Centric & Privacy Preserving Features Data Reusability; App Interoperability Data persisted in a NoSQL document store Cloudlet is composed of a set of JSON Objects All objects (user data) adhere to a predefined OPENi Type All types are public and can be reused by developers across applications

User Centric & Privacy Preserving Features Fine Grained Access Control Cloudlet objects have an associated permissions object Permissions objects provide information on which apps are allowed access the object App developer can request access by object or type Requests can be be scoped by type or app Cloudlet owner can edit permissions based on type, app etc

User Centric & Privacy Preserving Features User Dashboard Data Browsing View data categorised by type or app Auditing A view of access request/response Permissions View and edit permissions Notifications Set notifications for data access requests

Open Source GitHub: https://github.com/openi-ict/ Cloudlet deployment script: https://github.com/openi-ict/openi-deploy-script https://github.com/openi-ict/openi-docker Source, Web-Based,

Thank You