Miranda Mowbray
ABSTRACT
A significant barrier to the adoption of cloud services is that users fear data leakage and loss of privacy if their sensitive data is processed in the cloud. In this paper, we describe a client-based privacy manager that helps reduce this risk, and that provides additional privacy-related benefits. We assess its usage within a variety of cloud computing scenarios. We have built a proof-of-concept demo that shows how privacy may be protected via reducing the amount of sensitive information sent to the cloud.
- Amazon Web Services LLC. 2009. Case Studies: TC3 Health. Web page, http://aws.amazon.com/solutions/case-studies/tc3-health/Google Scholar
- Boneh, D. and Franklin, M. 2001. Identity-based Encryption from the Weil Pairing. In Advantages in Cryptology -- CRYPTO 2001, G. Goos, J. Hartmanis and J. van Leeuwen, Eds. Springer LNCS Series 2139. Springer, Berlin/Heidelberg, 213--229. DOI= http://dx.doi.org/10.1007/3-540-44647-8_13 Google ScholarDigital Library
- Casassa Mont, M., Pearson, S. and Bramhall, P. 2003. Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. In Proceedings of the IEEE Workshop on Data and Expert Systems Applications (Prague, Czech Republic, September 1--5, 2003). DEXA'03. IEEE Computer Society, Washington DC, USA, 377--382. DOI= http://dx.doi.org/10.1109/DEXA.2003.1232051 Google ScholarDigital Library
- Casassa Mont, M. and Thyne, R. 2006. A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises. In Proceedings of the 6th Workshop on Privacy Enhancing Technologies (Cambridge, UK, June 28--30, 2006). PET'06. Springer LNCS series 4258, Springer Berlin/Heidelberg, 118--134. DOI= http://dx.doi.org/10.1007/11957454_7Google ScholarDigital Library
- EnCoRe. EnCoRe: Ensuring Consent and Revocation. Project web site. http://www.encore-project.infoGoogle Scholar
- Fischer-Hübner, S. 2001. IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Springer LNCS series 1958, Springer Berlin/Heidelberg. DOI= http://dx.doi.org/10.1007/3-540-45150-1Google Scholar
- Greenberg, A. 2008. Cloud Computing's Stormy Side. Forbes Magazine (19 Feb 2008).Google Scholar
- Horrigan, J. B. 2008. Use of cloud computing applications and services. Pew Internet&American Life project memo (Sept 2008).Google Scholar
- Information Commissioner's Office, UK, 2007. Privacy enhancing techologies (PETs). Data protection guidance note (29 March 2007).Google Scholar
- Lindell, Y. and Pinkas, B. 2008. Privacy Preserving Data Mining. J. Cryptology 15 (3) (2002), 151--222. DOI= http://dx.doi.org/10.1007/s00145-001-0019-2Google Scholar
- Liu, K. 2006. Privacy Preserving Data Mining Bibliography. Web site. http://www.cs.umbc.edu/~kunliu1/research/privacy_review.htmlGoogle Scholar
- Mather, T. 2008. More Cloud Computing. RSA Conference 365 blog (26 Sept 2008). https://365.rsaconference.com/blogs/tim_mather/2008/09/26/more-cloud-computingGoogle Scholar
- Organization for Economic Co-operation and Development (OECD). 1980. Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data (1980). OECD, Geneva.Google Scholar
- Patrick, A. and Kenny, S. 2003. From Privacy Legislation to Interface Design: Implementing Information Privacy. In Human-Computer Interactions, R. Dingledine (ed.), PET 2003, LNCS 2760, Springer-Verlag Berlin, pp. 107--124.Google Scholar
- PRIME, Privacy and Identity Management for Europe. 2008. Project web page. https://www.prime-project.eu/Google Scholar
- RSA Security. 2008. Data Loss Prevention (DLP) Suite. Web page. http://www.rsa.com/node.aspx?id=3426Google Scholar
- Salesforce.com, Inc. 2000--2009. Sales Force Automation. Web page. http://www.salesforce.com/products/sales-force-automation/Google Scholar
- Salmon, J. 2008. Clouded in uncertainty -- the legal pitfalls of cloud computing. Computing magazine (24 Sept 2008). http://www.computing.co.uk/computing/features/2226701/clouded-uncertainty-4229153Google Scholar
- Sobirey, M., Fischer-Hűbner, S. and Rannenberg, K. 1997. Pseudonymous Audit for Privacy Enhanced Intrusion Detection. Elsevier Computers and Security 16 (3), p. 207. DOI= http://dx.doi.org/10.1016/S0167-4048(97)84519-1Google ScholarCross Ref
- Voltage Security, 2009. Format-Preserving Encryption. Web page. http://www.voltage.com/technology/Technology_FormatPreservingEncryption.htmGoogle Scholar
- World Wide Web Consortium (W3C). Platform for Privacy Preferences (P3P) Project web site. http://www.w3.org/P3PGoogle Scholar
- Yao, A. C. 1986. How to Generate and Exchange Secrets. Proceedings of the 27th Symposium of Foundations of Computer Science (FoCS), IEEE, pp. 162--167. Google ScholarDigital Library
Index Terms
- A client-based privacy manager for cloud computing
Recommendations
A Privacy Manager for Cloud Computing
CloudCom '09: Proceedings of the 1st International Conference on Cloud ComputingWe describe a privacy manager for cloud computing, which reduces the risk to the cloud computing user of their private data being stolen or misused, and also assists the cloud computing provider to conform to privacy law. We describe different possible ...
Privacy-preserving data sharing in cloud computing
Storing and sharing databases in the cloud of computers raise serious concern of individual privacy. We consider two kinds of privacy risk: presence leakage, by which the attackers can explicitly identify individuals in (or not in) the database, and ...
Privacy in cloud computing environments: a survey and research challenges
Definitely, cloud computing represents a real evolution in the IT world that provides many advantages for both providers and users. This new paradigm includes several services that allow data storage and processing. However, outsourcing data to the ...
Comments