Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2013 | Book

Privacy, Security and Trust in Cloud Computing Read chapter Read first chapter

Privacy and Security for Cloud Computing

Editors: Siani Pearson, George Yee

Publisher: Springer London

Book Series : Computer Communications and Networks

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

This book analyzes the latest advances in privacy, security and risk technologies within cloud environments. With contributions from leading experts, the text presents both a solid overview of the field and novel, cutting-edge research. A Glossary is also included at the end of the book. Topics and features: considers the various forensic challenges for legal access to data in a cloud computing environment; discusses privacy impact assessments for the cloud, and examines the use of cloud audits to attenuate cloud security problems; reviews conceptual issues, basic requirements and practical suggestions for provisioning dynamically configured access control services in the cloud; proposes scoped invariants as a primitive for analyzing a cloud server for its integrity properties; investigates the applicability of existing controls for mitigating information security risks to cloud computing environments; describes risk management for cloud computing from an enterprise perspective.

Table of Contents

Frontmatter

Introduction to the Issues

Frontmatter
Chapter 1. Privacy, Security and Trust in Cloud Computing
Abstract
Cloud computing refers to the underlying infrastructure for an emerging model of service provision that has the advantage of reducing cost by sharing computing and storage resources, combined with an on-demand provisioning mechanism relying on a pay-per-use business model. These new features have a direct impact on information technology (IT) budgeting but also affect traditional security, trust and privacy mechanisms. The advantages of cloud computing—its ability to scale rapidly, store data remotely and share services in a dynamic environment—can become disadvantages in maintaining a level of assurance sufficient to sustain confidence in potential customers. Some core traditional mechanisms for addressing privacy (such as model contracts) are no longer flexible or dynamic enough, so new approaches need to be developed to fit this new paradigm. In this chapter, we assess how security, trust and privacy issues occur in the context of cloud computing and discuss ways in which they may be addressed.
Siani Pearson

Law Enforcement and Audits

Frontmatter
Chapter 2. Accessing Data in the Cloud: The Long Arm of the Law Enforcement Agent
Abstract
When placing data in the cloud, users inevitably have concerns about unauthorised access to such data, exposing commercial secrets and breaching individual privacy. While such threats are primarily directed towards organised crime, access by law enforcement agencies in the course of an investigation has itself become a heightened privacy and security concern, particularly in relation to US authorities in a market where US-based cloud providers dominate. From a law enforcement perspective, the cloud represents the latest manifestation of a transnational environment within which they have to operate, presenting a multitude of conflicting laws. This chapter examines how rules, at a European and international level, attempt to balance the needs of law enforcement with the needs of users and providers of cloud services.
Ian Walden
Chapter 3. A Privacy Impact Assessment Tool for Cloud Computing
Abstract
In this chapter, we consider requirements for Privacy Impact Assessments (PIAs) carried out within a cloud computing environment and explain how a PIA support tool may be constructed. Privacy is an important consideration in cloud computing, as actual or perceived privacy weaknesses will impact legal compliance, data security, and user trust. A PIA is a systematic process for evaluating the possible future effects that a particular activity or proposal may have on an individual’s privacy. It focuses on understanding the system, initiative, or scheme; identifying and mitigating adverse privacy impacts; and informing decision-makers who must decide whether the project should proceed and in what form (Stewart B, Privacy impact assessments. PLPR 3(7):61–64, 1996. http://www.austrii.edu/au/journals/PLPR.html. Accessed 30 October 2011).
David Tancock, Siani Pearson, Andrew Charlesworth
Chapter 4. Understanding Cloud Audits
Abstract
Audits of IT infrastructures can mitigate security problems and establish trust in a provider’s infrastructure and processes. Cloud environments especially lack trust due to non-transparent architectures and missing security and privacy measures taken by a provider. But traditional audits do not cover cloud computing-specific security. To provide a secure and trustable cloud environment, audit tasks need to have knowledge about their environment and cloud-specific characteristics. Furthermore, they need to be automated whenever possible to be able to run on a regular basis and immediately if a certain infrastructure event takes place, like deployment of a new cloud instance. In this chapter, research about cloud-specific security problems and cloud audits gets presented. An analysis about how traditional audits need to change to address cloud-specific attributes is given. Additionally, the agent-based “Security Audit as a Service” architecture gets presented as a solution to the identified problems.
Frank Doelitzscher, Christoph Reich, Martin Knahl, Nathan Clarke

Security and Integrity

Frontmatter
Chapter 5. Security Infrastructure for Dynamically Provisioned Cloud Infrastructure Services
Abstract
This chapter discusses conceptual issues, basic requirements and practical suggestions for designing dynamically configured security infrastructure provisioned on demand as part of the cloud-based infrastructure. This chapter describes general use cases for provisioning cloud infrastructure services and the proposed architectural framework that provides a basis for defining the security infrastructure requirements. The proposed security services lifecycle management (SSLM) model addresses specific on-demand infrastructure service provisioning security problems that can be solved by introducing special security mechanisms to allow security services synchronisation and their binding to the virtualisation platforms’ run-time environment. This chapter describes the proposed dynamically provisioned access control infrastructure (DACI) architecture and defines the necessary security mechanisms to ensure consistent security services operation in the provisioned virtual infrastructure. In particular, this chapter discusses the design and use of a security token service for federated access control and security context management in the generically multi-domain and multi-provider cloud environment.
Yuri Demchenko, Canh Ngo, Cees de Laat, Diego R. Lopez, Antonio Morales, Joan A. García-Espín
Chapter 6. Modeling the Runtime Integrity of Cloud Servers: A Scoped Invariant Perspective
Abstract
One of the underpinnings of cloud computing security is the trustworthiness of individual cloud servers. Due to the ongoing discovery of runtime software vulnerabilities like buffer overflows, it is critical to be able to guage the trustworthiness of a cloud server as it operates. The purpose of this chapter is to discuss trust-enhancing technologies in cloud computing, specifically remote attestation of cloud servers. We will discuss how remote attestation can provide higher assurance that cloud providers can be trusted to properly handle a customer’s computation and/or data. Then we will focus on the modeling of the runtime integrity of a cloud server, which determines the level of assurance that remote attestation can offer. Specifically, we propose scoped invariants as a primitive for analyzing the software system for its integrity properties. We report our experience with the modeling and detection of scoped invariants for the Xen virtual machine manager.
Jinpeng Wei, Calton Pu, Carlos V. Rozas, Anand Rajan, Feng Zhu

Risk Considerations

Frontmatter
Chapter 7. Inadequacies of Current Risk Controls for the Cloud
Abstract
In this chapter, we describe where current best practice in information security risk controls is likely to be inadequate for use in the cloud. In particular, we focus on public cloud ecosystems where cloud users will need to be mobile within the marketplace in order to achieve maximum benefits, as we believe these environments to be particularly challenging to the security control model. Our analysis is with reference to those risk controls defined by the ISO27001/27002 standards and the NIST Recommended Security Controls for Federal Information Systems and Organizations Special Publication 800–53 Revision 3. We highlight here only those we consider not to easily scale into such cloud environments, and by implication those not referred to, we believe, will transfer with relative ease.
Sadie Creese, Michael Goldsmith, Paul Hopkins
Chapter 8. Enterprise Information Risk Management: Dealing with Cloud Computing
Abstract
Managing information risk is a complex task that must continually adapt to business and technology changes. We argue that cloud computing presents a more significant step change and so implies a bigger change for the enterprise risk and security management lifecycle. Specifically, the economies of scale that large providers can achieve are creating an ecosystem of service providers in which the marketplace (rather than consuming enterprises) determines security standards and properties. Moreover, the ability to consume high-level services from different environments is changing the nature of one-size-fits-all security policies. At HP Labs, we are doing research on developing trusted infrastructure that will exploit and improve security management in the emerging cloud architectures. We are developing and using economic and mathematical modelling techniques to help cloud stakeholders make better risk decisions, and we are pulling these strands together to establish principles and mechanisms that will improve and enable federated assurance for the cloud.
Adrian Baldwin, David Pym, Simon Shiu
Backmatter
Metadata
Title
Privacy and Security for Cloud Computing
Editors
Siani Pearson
George Yee
Copyright Year
2013
Publisher
Springer London
Electronic ISBN
978-1-4471-4189-1
Print ISBN
978-1-4471-4188-4
DOI
https://doi.org/10.1007/978-1-4471-4189-1

Premium Partner

    Image Credits