Design of a Security Gateway for iKaaS Platform Seira Hidano 1 , Shinsaku Kiyomoto 1 Yosuke Murakami 2 , Panagiotis Vlacheas 3 , and Klaus Moessner 4 1 KDDI R&D Laboratories 2-1-15 Ohara, Fujimino-shi, Saitama 356-8502, Japan se-hidano@kddilabs.jp 2 KDDI Research Institute, Tokyo, Japan 3 WINGS ICT Solutions, Athens, Greece 4 University of Surrey, Surrey, UK Abstract. The iKaaS (intelligent Knowledge-as-a-Service) platform in- tegrates the data on multiple local clouds organically and provides the data to various types of applications as knowledge while taking secu- rity and privacy fully into account. However, access control on the iKaaS platform is not without complications because the application may access personal data in different countries from the one where the application exists. We thus design a security gateway that is set at the entrance of each local cloud and can control access while interpreting the differences in regulations and guidelines between countries. Key words: access control, security policy, privacy certificate 1 Introduction The Internet of Things (IoT) paradigm is rapidly gaining momentum in mod- ern wireless telecommunications. IoT devices, such as smart sensors designed to monitor temperature, pressure and other environmental conditions and wear- able devices to measure an individual’s state of health, generate vast amounts of time sequence data. These data are accumulated on clouds and analyzed for useful information like personal preferences and to predict the environmental conditions surrounding people and the next actions that people may take. The impact will increase if the heterogeneous data stored on multiple clouds can be organically integrated. However, vast quantities of potentially correlated data have not yet been analyzed in correlated contexts for a number of reasons. As the data obtained from IoT devices are mostly sensitive information related to an individual, anxiety concerning security and privacy is an obstacle to the par- ticipation of users. A universal data model is also required for the analysis of the heterogeneous big data obtained from various types of sensors. Furthermore, there are legal considerations that complicate matters further. The compatibility of regulations related to personal data should be clearly dealt with. It is expected that with increasing trust, decentralized multi-cloud environments are about to unlock great potential for future data analysis [3, 4]. The iKaaS (intelligent Knowledge-as-a-Service) platform thus has been pro- posed as a way to resolve these problems [6]. On this platform, a global cloud is hierarchically built atop multiple local clouds that are set up in different countries. It integrates the data stored on the local clouds organically, and the