Multi-cloud policy enforcement through semantic modeling and mapping

In today´s cloud service market, different providers have very different low-level mechanisms to accommodate various types of policies from their users. Enforcement of policies over multiple cloud provider domains is an intrinsically complex problem for both sides. In reality, cloud providers have to either manually update enforcement mechanisms or negotiate adjusted policies with their users for enforcement. To save these high-cost and error-prone manual updates or adjustments, an automatic and flexible solution is desired. This paper proposes a semantic modeling and mapping based approach to help enforce high-level user policies across cloud domain boundaries when applications or IT operations have to span over multiple cloud domains. This approach creates policy models and maps these models across cloud domain boundaries automatically or semi-automatically. Policy rules following these mappings can be tied to multiple enforcement mechanisms in different cloud domains. If a rule cannot be mapped, a manual adjustment solution will be suggested. A case study is also included to demonstrate the efficiency and accuracy of this approach.