000134591 001__ 134591
000134591 005__ 20260217205502.0
000134591 0247_ $$2doi$$a10.7717/peerj-cs.1898
000134591 0248_ $$2sideral$$a138275
000134591 037__ $$aART-2024-138275
000134591 041__ $$aeng
000134591 100__ $$aCambronero, M. Emilia
000134591 245__ $$aTowards a GDPR-compliant cloud architecture with data privacy controlled through sticky policies
000134591 260__ $$c2024
000134591 5060_ $$aAccess copy available to the general public$$fUnrestricted
000134591 5203_ $$aData privacy is one of the biggest challenges facing system architects at the system design stage. Especially when certain laws, such as the General Data Protection Regulation (GDPR), have to be complied with by cloud environments. In this article, we want to help cloud providers comply with the GDPR by proposing a GDPR-compliant cloud architecture. To do this, we use model-driven engineering techniques to design cloud architecture and analyze cloud interactions. In particular, we develop a complete framework, called MDCT, which includes a Unified Modeling Language profile that allows us to define specific cloud scenarios and profile validation to ensure that certain required properties are met. The validation process is implemented through the Object Constraint Language (OCL) rules, which allow us to describe the constraints in these models. To comply with many GDPR articles, the proposed cloud architecture considers data privacy and data tracking, enabling safe and secure data management and tracking in the context of the cloud. For this purpose, sticky policies associated with the data are incorporated to define permission for third parties to access the data and track instances of data access. As a result, a cloud architecture designed with MDCT contains a set of OCL rules to validate it as a GDPR-compliant cloud architecture. Our tool models key GDPR points such as user consent/withdrawal, the purpose of access, and data transparency and auditing, and considers data privacy and data tracking with the help of sticky policies.
000134591 536__ $$9info:eu-repo/grantAgreement/ES/DGA/T21-23R$$9info:eu-repo/grantAgreement/ES/MICINN-AEI-FEDER/PID2021-PID2021-122215NB-C32
000134591 540__ $$9info:eu-repo/semantics/openAccess$$aby$$uhttps://creativecommons.org/licenses/by/4.0/deed.es
000134591 590__ $$a2.5$$b2024
000134591 592__ $$a0.719$$b2024
000134591 591__ $$aCOMPUTER SCIENCE, THEORY & METHODS$$b56 / 147 = 0.381$$c2024$$dQ2$$eT2
000134591 593__ $$aComputer Science (miscellaneous)$$c2024$$dQ1
000134591 591__ $$aCOMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE$$b116 / 204 = 0.569$$c2024$$dQ3$$eT2
000134591 591__ $$aCOMPUTER SCIENCE, INFORMATION SYSTEMS$$b142 / 258 = 0.55$$c2024$$dQ3$$eT2
000134591 594__ $$a7.1$$b2024
000134591 655_4 $$ainfo:eu-repo/semantics/article$$vinfo:eu-repo/semantics/publishedVersion
000134591 700__ $$aMartínez, Miguel A.
000134591 700__ $$aLlana, Luis
000134591 700__ $$0(orcid)0000-0001-7982-0359$$aRodríguez, Ricardo J.$$uUniversidad de Zaragoza
000134591 700__ $$aRusso, Alejandro
000134591 7102_ $$15007$$2570$$aUniversidad de Zaragoza$$bDpto. Informát.Ingenie.Sistms.$$cÁrea Lenguajes y Sistemas Inf.
000134591 773__ $$g10 (2024), e1898 [44 pp.]$$tPeerJ Computer Science$$x2376-5992
000134591 8564_ $$s3451254$$uhttps://zaguan.unizar.es/record/134591/files/texto_completo.pdf$$yVersión publicada
000134591 8564_ $$s2584770$$uhttps://zaguan.unizar.es/record/134591/files/texto_completo.jpg?subformat=icon$$xicon$$yVersión publicada
000134591 909CO $$ooai:zaguan.unizar.es:134591$$particulos$$pdriver
000134591 951__ $$a2026-02-17-20:22:19
000134591 980__ $$aARTICLE