"Why can't I do that?": Tracing Adaptive Security Decisions.

One of the challenges of any adaptive system is to ensure that users can understand how and why the behaviour of the system changes at runtime. This is particularly important for adaptive security behaviours which are essential for applications that are used in many different contexts, such as those hosted in the cloud. In this paper, we propose an approach for using traceability information, enriched with causality relations and contextual attributes of the deployment environment, when providing feedback to the users. We demonstrate, using a cloud storage-as-a-service environment, how our approach provides users of cloud applications better information, explanations and assurances about the security decisions made by the system. This enables the user to understand why a certain security adaptation has occurred, how the adaptation is related to current context of use of the application, and a guarantee that the application still satisfies its security requirements after an adaptation.