nach oben

The Journal of Supercomputing

Erschienen in:

23.01.2017

Privacy in cloud computing environments: a survey and research challenges

verfasst von: Amal Ghorbel, Mahmoud Ghorbel, Mohamed Jmaiel

Erschienen in: The Journal of Supercomputing | Ausgabe 6/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Definitely, cloud computing represents a real evolution in the IT world that provides many advantages for both providers and users. This new paradigm includes several services that allow data storage and processing. However, outsourcing data to the cloud raises many issues related to privacy concerns. In fact, for some organizations and individuals, data privacy present a crucial aspect of their business. Indeed, their sensitive data (health, finance, personal information, etc.) have a very important value, and any infringement of privacy can cause great loss in terms of money and reputation. Therefore, without considering privacy issues, the adoption of cloud computing can be discarded by large spectra of users. In this paper, we provide a survey on privacy risks and challenges for public cloud computing. We present and evaluate the main existing solutions that have made great progress in this area. To better address privacy concerns, we point out considerations and guidelines while giving the remained open issues that require additional investigation efforts to fulfill preserving and enhancing privacy in public cloud.

Vorheriger Artikel SLA-based task scheduling algorithms for heterogeneous multi-cloud environment

Nächster Artikel Efficient representation of higher-dimensional arrays by dimension transformations

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Mell P, Grance T (2011) The NIST definition of cloud computing

Sellami W, Kacem HH, Kacem AH (2014, December) Elastic multi-tenant business process based service pattern in cloud computing. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), pp 154–161

Ali M, Khan SU, Vasilakos AV (2015) Security in cloud computing: opportunities and challenges. Inf Sci 305:357–383MathSciNetCrossRef

US Privacy Protection Study Commission (1977) Personal Privacy in an Information Society-the Report of the Privacy Protection Study Commission

Directive EU (1995) 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Off J EC 23(6)

Act HIPAA (1996) Health insurance portability and accountability act of 1996. Public Law 104:191

Code US (1999) Gramm-Leach-Bliley Act. Gramm-Leach-Bliley Act/AHIMA, American Health Information Management Association

Pearson S (2009, May) Taking account of privacy when designing cloud computing services. In: Proceedings of the 2009 ICSE workshop on software engineering challenges of cloud computing. IEEE computer society, pp 44–52

Mowbray M, Pearson S (2012, September) Protecting personal information in cloud computing. OTM Confederated International Conferences” On the Move to Meaningful Internet Systems”. Springer, Berlin, pp 475–491

10.

Shankarwar MU, Pawar AV (2015) Security and privacy in cloud computing: a survey. In: Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing: Theory and Applications (FICTA) 2014. Springer International Publishing, pp 1–11

11.

Xiao Z, Xiao Y (2013) Security and privacy in cloud computing. IEEE Commun Surv Tutor 15(2):843–859CrossRef

12.

Alneyadi S, Sithirasenan E, Muthukkumarasamy V (2016) A survey on data leakage prevention systems. J Netw Comput Appl 62:137–152

13.

Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11

14.

Zhou M, Zhang R, Xie W, Qian W, Zhou A (2010) Security and privacy in cloud computing: a survey. In: IEEE 2010 Sixth International Conference on Semantics Knowledge and Grid (SKG), pp 105–112

15.

Jyothi P, Anuradha R, Vijayalata DY (2013) Minimizing internal data theft in cloud through disinformation attacks. Int J Adv Res Comput Commun Eng 2(9):

16.

Gholami A, Laure E (2016) Security and privacy of sensitive data in cloud computing: a survey of recent developments. arXiv:1601.01498

17.

Hussein NH, Khalid A (2016) A survey of cloud computing security challenges and solutions. Int J Comput Sci Inf Secur 14(1):52

18.

Khan MA (2016) A survey of security issues for cloud computing. J Netw Comput Appl 71:11–29CrossRef

19.

Warren SD, Brandeis LD (1890) The right to privacy. Harvard Law Review 4:193–220CrossRef

20.

Farlex INC (2009) The free dictionary. Retrieved 28 June 2012

21.

Dictionary B (2012) Business dictionary. Retrieved 17 April 2012

22.

American Institute of Certified Public Accountants/Canadian Institute of Chartered Accountants (AICPA/CICA) (2009) Generally Accepted Privacy Principles

23.

Swire PP, Bermann S (eds) (2007) Information Privacy: Official Reference for the Certified Information Privacy Professional (CIPP). International Association of Privacy Professionals

24.

Sweeney L (2002) k-anonymity: a model for protecting privacy. Int J Uncertain Fuzziness Knowl Based Syst 10(05):557–570MathSciNetCrossRefMATH

25.

McCarthy MT (2002) USA Patriot Act

26.

Ruiter J, Warnier M (2010) Privacy regulations for cloud computing. TU Delft, Delft

27.

Baase S (2008) A gift of fire: social, legal, and ethical issues for computing and the Internet. Prentice Hall, Upper Saddle River

28.

Regan PM (2004) Old issues, new context: privacy, information collection, and homeland security. Gov Inf Q 21(4):481–497CrossRef

29.

Birnhack MD (2008) The EU data protection directive: an engine of a global regime. Comput Law Secur Rev 24(6):508–520CrossRef

30.

Hornung G (2012) A general data protection regulation for Europe. Light Shade Comm Draft 25:64–81

31.

Bull G (2001) Data protection safe harbor: transferring personal data to the USA. Comput Law Secur Rev 17(4):239–243MathSciNetCrossRef

32.

Weiss MA, Archick K (2016) US-EU data privacy: from safe harbor to privacy shield. Congr Res Serv

33.

De Hert P, Papakonstantinou VN, Kamara I (2014) The new cloud computing ISO/IEC 27018 standard through the lens of the EU legislation on data protection

34.

datalossdb (2015) Datalossltatistics. Retrievedfrom http://datalossdb.org

35.

Mega: secure cloud storage. https://mega.nz/

36.

Tresorit: End-to-End Encrypted Cloud Storage for Businesses. https://tresorit.com/

37.

Pearson S, Yee G (eds) (2012) Privacy and security for cloud computing. Springer, Berlin

38.

Jansen W, Grance T (2011) Guidelines on security and privacy in public cloud computing. NIST Spec Publ 800:144

39.

Pearson S (2011) Toward accountability in the cloud. IEEE Internet Comput 15(4):64CrossRef

40.

Sato M (2010) Personal data in the cloud: a global survey of consumer attitudes

41.

Habib SM, Hauke S, Ries S, Mhlhuser M (2012) Trust as a facilitator in cloud computing: a survey. J Cloud Comput Adv Syst Appl 1(1):1CrossRef

42.

Cavoukian A (2010) The 7 foundational principles: implementation and mapping of fair information practices

43.

Bessani A, Correia M, Quaresma B, Andr F, Sousa P (2013) DepSky: dependable and secure storage in a cloud-of-clouds. ACM Transactions on Storage 9(4):12CrossRef

44.

Song Y, Kim H, Mohaisen A (2014, September) A private walk in the clouds: Using end-to-end encryption between cloud applications in a personal domain. In: International Conference on Trust, Privacy and Security in Digital Business. Springer International Publishing, pp 72–82

45.

Han F, Qin J, Hu J (2016) Secure searches in the cloud: a survey. Future Gener Comput Syst 62:66–75CrossRef

46.

Yao A (1986, October) How to generate and exchange secrets. In: IEEE 27th Annual Symposium on Foundations of Computer Science, pp 162–167

47.

Gentry C (2009) May) Fully homomorphic encryption using ideal lattices. STOC 9:169–178MathSciNetCrossRefMATH

48.

Atayero AA, Feyisetan O (2011) Security issues in cloud computing: The potentials of homomorphic encryption. J Emerg Trends Comput Inf Sci 2(10):546–552

49.

Vishwakarma B, Gupta H, Manoria M (2016, March) A survey on privacy preserving mining implementing techniques. In: IEEE Symposium on Colossal Data Analysis and Networking (CDAN), pp. 1–5

50.

Goroff DL (2015) Balancing privacy versus accuracy in research protocols. Science 347(6221):479–480CrossRef

51.

Narayanan A, Shmatikov V (2008, May) Robust de-anonymization of large sparse datasets. In: 2008 IEEE Symposium on Security and Privacy (sp 2008), pp 111–125

52.

Mont MC, Pearson S, Bramhall P (2003, September) Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In: Proceedings of the 14th International Workshop on Database and Expert Systems Applications, pp 377–382

53.

Bezzi M, Trabelsi S (2011) Data usage control in the future internet cloud. Springer, BerlinCrossRef

54.

Chen L, Mitchell CJ, Martin A (eds) (2009) Trusted Computing: Second International Conference, Trust 2009 Oxford, UK, April 6–8, Proceedings, vol 5471. Springer

55.

Sadeghi AR, Schneider T, Winandy M (2010) Token-based cloud computing. Trust and trustworthy computing. Springer, Berlin, pp 417–429

56.

TCG Public Review. Trusted Platform Module Library. Part 1: Architecture. Family 2.0. March 13, 2014, Committee Draft, Level 00 Revision 01.07

57.

di Vimercati SDC, Erbacher RF, Foresti S, Jajodia S, Livraga G, Samarati P (2014) Encryption and fragmentation for data confidentiality in the cloud. In: Foundations of security analysis and design VII. Springer International Publishing, pp 212–243

58.

Aloqaily M, Kantarci B, Mouftah HT (2014, December) On the impact of quality of experience (QoE) in a vehicular cloud with various providers. In: 2014 11th Annual High Capacity Optical Networks and Emerging/Enabling Technologies (Photonics for Energy), pp 94–98

59.

Aloqaily M, Kantarci B, Mouftah HT (2015, December) An auction-driven multi-objective provisioning framework in a vehicular cloud. In: 2015 IEEE Globecom Workshops (GC Wkshps), pp 1–6

60.

Beiter M, Mont MC, Chen L, Pearson S (2014) End-to-end policy based encryption techniques for multi-party data management. Comput Stand Interfaces 36(4):689–703CrossRef

61.

Li Y, Gai K, Qiu L, Qiu M, Zhao H (2016) Intelligent cryptography approach for secure distributed big data storage in cloud computing. Inf Sci

62.

Wang C, Cao N, Ren K, Lou W (2012) Enabling secure and efficient ranked keyword search over outsourced cloud data. IEEE Trans Parallel Distrib Syst 23(8):1467–1479CrossRef

63.

Song W, Wang B, Wang Q, Peng Z, Lou W, Cui Y (2016) A privacy-preserved full-text retrieval algorithm over encrypted data for cloud storage applications. J Parallel Distr Comput

64.

Erway CC, Kp A, Papamanthou C, Tamassia R (2015) Dynamic provable data possession. ACM Trans Inf Syst Secur 17(4):15CrossRef

65.

Betge-Brezetz S, Kamga GB, Dupont MP, Guesmi A (2013, November) End-to-end privacy policy enforcement in cloud infrastructure. In: 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet), pp 25–32

66.

Chang V, Kuo YH, Ramachandran M (2016) Cloud computing adoption framework: a security framework for business clouds. Future Gener Comput Syst 57:24–41CrossRef

67.

Wang C, Chow SS, Wang Q, Ren K, Lou W (2013) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375MathSciNetCrossRef

68.

Mowbray M, Pearson S, Shen Y (2012) Enhancing privacy in cloud computing via policy-based obfuscation. J Supercomput 61(2):267–291CrossRef

69.

Squicciarini AC, Petracca G, Bertino E (2013, February) Adaptive data protection in distributed systems. In: Proceedings of the third ACM conference on Data and application security and privacy. ACM, pp 365–376

70.

Chen S, Thilakanathan D, Xu D, Nepal S, Calvo R (2015, May) Self protecting data sharing using generic policies. In: 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp 1197–1200

71.

Thilakanathan D, Chen S, Nepal S, Calvo R (2016) SafeProtect: controlled data sharing with user-defined policies in cloud-based collaborative environment

72.

Papanikolaou N, Pearson S, Mont MC, Ko RK (2014) A toolkit for automating compliance in cloud computing services. Int J Cloud Comput 23(1):45–68CrossRef

73.

EnCoRe 2011. The EnCoRe project. http://www.encore-project.info/

74.

Rahmouni HB (2011) Ontology based privacy compliance for health data disclosure in Europe. Doctoral dissertation, University of the West of England, Bristol

75.

Bahrami M, Singhal M (2016, February) CloudPDB: A light-weight data privacy schema for cloud-based databases. In: 2016 International Conference on Computing, Networking and Communications (ICNC), pp 1–5

76.

Yau SS, An HG (2010, November) Protection of users’ data confidentiality in cloud computing. In: Proceedings of the second Asia-Pacific symposium on internetware. ACM, p 11

77.

Itani W, Kayssi A, Chehab A (2009, December) Privacy as a service: Privacy-aware data storage and processing in cloud computing architectures. In: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC’09, pp 711–716

78.

Ghorbel M, Aghasaryan A, Betg-Brezetz S, Dupont MP, Kamga GB, Piekarec S (2011, July) Privacy data envelope: concept and implementation. In: IEEE 2011 Ninth Annual International Conference on Privacy, Security and Trust (PST), pp 55–62

79.

Trabelsi S, Sendor J (2012, July) Sticky policies for data control in the cloud. In: IEEE 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pp 75–80

80.

Brown J, Blough DM (2015, August) Distributed enforcement of sticky policies with flexible trust. In: 2015 IEEE 17th International Conference on High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), pp 1202–1209

81.

Brandic I, Dustdar S, Anstett T, Schumm D, Leymann F, Konrad R (2010, July) Compliant cloud computing (c3): Architecture and language support for user-driven compliance management in clouds. In: 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD), pp 244–251

82.

Wchner T, Pretschner A (2012, November) Data loss prevention based on data-driven usage control. In: 2012 IEEE 23rd International Symposium on Software Reliability Engineering, pp 151–160

83.

Kelbert F, Pretschner A (2013, February) Data usage control enforcement in distributed systems. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy. ACM, pp. 71–82

84.

Kelbert F, Pretschner A (2015, June) A fully decentralized data usage control enforcement infrastructure. In: International Conference on Applied Cryptography and Network Security. Springer International Publishing, pp. 409–430

85.

Chen YY, Jamkhedkar PA, Lee RB (2012, October) A software-hardware architecture for self-protecting data. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, pp 14–27

Titel: Privacy in cloud computing environments: a survey and research challenges
verfasst von: Amal Ghorbel
Mahmoud Ghorbel
Mohamed Jmaiel
Publikationsdatum: 23.01.2017
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 6/2017
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-016-1953-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 6/2017

Development of a hybrid parallel MCV-based high-order global shallow-water model

A low-overhead soft–hard fault-tolerant architecture, design and management scheme for reliable high-performance many-core 3D-NoC systems

Identifying fake feedback in cloud trust management systems using feedback evaluation component and Bayesian game model

Efficient representation of higher-dimensional arrays by dimension transformations

SLA-based task scheduling algorithms for heterogeneous multi-cloud environment

Estimating the processing time of a model of cloud computing

Premium Partner