Skip to main content
SpringerLink
Log in

Towards Inclusive Privacy Protections in the Cloud

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12418))

Included in the following conference series:

Abstract

The adoption of cloud computing has created tremendous prospects and cost savings for a variety of organizations. Although increasing resources and effort have been devoted to fighting cyber-threats in cloud environments, cloud computing continues to be associated with a range of severe and complex security and privacy issues that may challenge the overall benefits that CSPs offer. While security protections in cloud computing has been widely discussed and comprehensive guidelines have been established, privacy protections in the cloud does not have the same level of focus or set of guideline or framework that has been established. In this paper, we present a systematic review of previous literature related to privacy issues in cloud computing, analyze multiple general privacy frameworks, policies, and principles to highlight the critical need for creating privacy protection criteria’s for cloud computing. Our research and review illustrates that privacy protections focused on cloud computing is deficient and it can serve as an initial guide towards building and improving privacy protections in order to meet cloud privacy requirements and ensure data protection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bashir, M., Di Giulio, C., Kamhoua, C.A.: Certifications past and future: a future model for assigning certifications that incorporate lessons learned from past practices. In: Campbell, R.H., Kamhoua, C.A., Kwiat, K.A. (eds.) Assured Cloud Computing, pp. 277–311. Wiley-IEEE Computer Society Press (2018)

    Google Scholar 

  2. Benlian, A., Kettinger, W.J., Sunyaev, A., Winkler, T.J., Guest Editors: The transformative value of cloud computing: a decoupling, platformization, and recombination theoretical framework. J. Manag. Inf. Syst. 35(3), 719–739 (2018)

    Article  Google Scholar 

  3. Mell, P., Grance, T.: The NIST Definition of Cloud Computing (Draft): Recommendations of the National Institute of Standards and Technology. Special Publication 800–145 (draft), Gaithersburg, MD (2018). Published 28 September 2011, Updated 10 November 2018

    Google Scholar 

  4. Ellis, R., Mohan, V. (eds.): Rewired: Cybersecurity Governance. Wiley, Hoboken (2019)

    Google Scholar 

  5. Lamps, J., Palmer, I., Sprabery, R.: WinWizard: expanding Xen with a LibVMI intrusion detection tool. In: Proceedings of the 2014 IEEE 7th International Conference on Cloud Computing, pp. 849–856 (2014)

    Google Scholar 

  6. Guilloteau, S., Venkatesen, M.: Privacy in Cloud Computing. ITU-T Technology Watch Report March 2012 (2013)

    Google Scholar 

  7. Svantesson, D., Clarke, R.: Privacy and consumer risks in cloud computing. Comput. Law Secur. Rev. 26(4), 391–397 (2010)

    Article  Google Scholar 

  8. Di Giulio, C., Sprabery, R., Kamhoua, C., Kwiat, K., Campbell, R.H., Bashir, M.N.: Cloud standards in comparison: are new security frameworks improving cloud security? In: Proceedings of the 2017 IEEE 10th International Conference on Cloud Computing (CLOUD), Honolulu, CA, pp. 50–57 (2017)

    Google Scholar 

  9. Di Giulio, C., Kamhoua, C., Campbell, R.H., Sprabery, R., Kwiat, K., Bashir, M.N.: IT security and privacy standards in comparison: improving FedRAMP authorization for cloud service providers. In: Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid 2017), pp. 1090–1099. IEEE Press, Piscataway, May 2017

    Google Scholar 

  10. Di Giulio, C., Sprabery, R., Kamhoua, C., Kwiat, K., Campbell, R.H., Bashir, M.N.: Cloud security certifications: a comparison to improve cloud service provider security. In: Proceedings of the 2nd International Conference on Internet of Things and Cloud Computing (ICC 2017). ACM, New York (2017). Article 120, 12 pages

    Google Scholar 

  11. McCallister, E., Grance, T., Scarfone, K.: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). NIST Special Publication SP 800-122, National Institute of Standards and Technology, U.S. Department of Commerce (2010). https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf

  12. Sharma, T., Bambenek, J.C., Bashir, M.: Preserving Privacy in Cyber-physical-social Systems: An Anonymity and Access Control Approach (2020)

    Google Scholar 

  13. Force, J.T.: Security and Privacy Controls for Information Systems and Organizations (No. NIST Special Publication (SP) 800-53 Rev. 5 (Draft)). National Institute of Standards and Technology (2017)

    Google Scholar 

  14. Idrissi, H.K., Kartit, A., El Marram, M.: A taxonomy and survey of cloud computing. In: 2013 National Security Days (JNS3), pp. 1–5. IEEE, April 2013

    Google Scholar 

  15. Shaikh, R., Sasikumar, M.: Data classification for achieving security in cloud computing. Procedia Comput. Sci. 45(1C), 493–498 (2015)

    Article  Google Scholar 

  16. Big Data Taxonomy. https://downloads.cloudsecurityalliance.org/. Accessed 16 Mar 2020

  17. Cavoukian, A.: Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada, May 2009

    Google Scholar 

  18. IAPP - A Taxonomy of Privacy (Poster). https://iapp.org/. Accessed 16 Mar 2020

  19. Zorzo, S.D., Botelho, R.P., de’Avila, P.M.: Taxonomy for privacy policies of social networks sites. Soc. Netw. (2013)

    Google Scholar 

  20. Antón, A.I., Earp, J.B.: A taxonomy for web site privacy requirements. North Carolina State University at Raleigh, Raleigh, NC (2001)

    Google Scholar 

  21. Miller, H.E.: Big-data in cloud computing: a taxonomy of risks (2013)

    Google Scholar 

  22. Sun, Y., Zhang, J., Xiong, Y., Zhu, G.: Data security and privacy in cloud computing. Int. J. Distrib. Sens. Netw. 10(7), 190903 (2014)

    Article  Google Scholar 

  23. Kang, M., Kwon, H.Y.: A study on the needs for enhancement of personal information protection in cloud computing security certification system. In: 2019 International Conference on Platform Technology and Service (PlatCon), pp. 1–5. IEEE, January 2019

    Google Scholar 

  24. Abbas, A., Khan, S.U.: A review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE J. Biomed. Health Inform. 18(4), 1431–1441 (2014)

    Article  Google Scholar 

  25. Lins, S., Grochol, P., Schneider, S., Sunyaev, A.: Dynamic certification of cloud services: trust, but verify! IEEE Secur. Priv. 14(2), 66–71 (2016)

    Article  Google Scholar 

  26. Lansing, J., Schneider, S., Sunyaev, A.: Cloud service certifications: measuring consumers’ preferences for assurances. In: ECIS, p. 181, June 2013

    Google Scholar 

  27. Katzan Jr, H.: On the privacy of cloud computing. Int. J. Manag. Inf. Syst. (IJMIS) 14(2) (2010)

    Google Scholar 

  28. Abuhussein, A., Bedi, H., Shiva, S.: Evaluating security and privacy in cloud computing services: a stakeholder’s perspective. In: 2012 International Conference for Internet Technology and Secured Transactions, pp. 388–395. IEEE, December 2012

    Google Scholar 

  29. Sunyaev, A., Schneider, S.: Cloud services certification. Commun. ACM 56(2), 33–36 (2013)

    Article  Google Scholar 

  30. Ion, I., Sachdeva, N., Kumaraguru, P., Čapkun, S.: Home is safer than the cloud! Privacy concerns for consumer cloud storage. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, pp. 1–20, July 2011

    Google Scholar 

  31. Karkouda, K., Nabli, A., Gargouri, F.: Privacy and availability in cloud data warehouse. In: Proceedings of the 10th International Conference on Education Technology and Computers, pp. 388–391, October 2018

    Google Scholar 

  32. Mowbray, M., Pearson, S.: A client-based privacy manager for cloud computing. In: Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and MiddlewaRE, pp. 1–8, June 2009

    Google Scholar 

  33. Grodzinsky, F.S., Tavani, H.T.: Privacy in “the cloud” applying Nissenbaum’s theory of contextual integrity. ACM SIGCAS Comput. Soc. 41(1), 38–47 (2011)

    Article  Google Scholar 

  34. Pearson, S.: Taking account of privacy when designing cloud computing services. In: 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 44–52. IEEE, May 2009

    Google Scholar 

  35. Ghorbel, A., Ghorbel, M., Jmaiel, M.: Privacy in cloud computing environments: a survey and research challenges. J. Supercomput. 73(6), 2763–2800 (2017). https://doi.org/10.1007/s11227-016-1953-y

    Article  Google Scholar 

  36. Zhou, M., Zhang, R., Xie, W., Qian, W., Zhou, A.: Security and privacy in cloud computing: a survey. In: 2010 Sixth International Conference on Semantics, Knowledge and Grids, pp. 105–112. IEEE, November 2010

    Google Scholar 

  37. Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: 2012 International Conference on Computer Science and Electronics Engineering, vol. 1, pp. 647–651. IEEE, March 2012

    Google Scholar 

  38. Wang, T., Zhou, J., Chen, X., Wang, G., Liu, A., Liu, Y.: A three-layer privacy preserving cloud storage scheme based on computational intelligence in fog computing. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 3–12 (2018)

    Article  Google Scholar 

  39. Domingo-Ferrer, J., Farras, O., Ribes-González, J., Sánchez, D.: Privacy- preserving cloud computing on sensitive data: a survey of methods, products and challenges. Comput. Commun. 140, 38–60 (2019)

    Article  Google Scholar 

  40. Aloraini, A., Hammoudeh, M.: A survey on data confidentiality and privacy in cloud computing. In: Proceedings of the International Conference on Future Networks and Distributed Systems, pp. 1–7, July 2017

    Google Scholar 

  41. Kumar, S.N., Vajpayee, A.: A survey on secure cloud: security and privacy in cloud computing. Am. J. Syst. Softw. 4(1), 14–26 (2016)

    Google Scholar 

  42. Werner, J., Westphall, C.M., Westphall, C.B.: Cloud identity management: a survey on privacy strategies. Comput. Netw. 122, 29–42 (2017)

    Article  Google Scholar 

  43. Lar, S.U., Liao, X., Abbas, S.A.: Cloud computing privacy security global issues, challenges, mechanisms. In: 2011 6th International ICST Conference on Communications and Networking in China (CHINACOM), pp. 1240–1245. IEEE, August 2011

    Google Scholar 

  44. Sharma, T., Bashir, M.: Privacy apps for smartphones: an assessment of users’ preferences and limitations. In: Moallem, A. (ed.) HCII 2020. LNCS, vol. 12210, pp. 533–546. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50309-3_35

    Chapter  Google Scholar 

  45. Tsai, J.: U.S. Patent Application No. 14/984,830 (2017)

    Google Scholar 

  46. Lachaud, E.: The general data protection regulation and the rise of certification as a regulatory instrument. Comput. Law Secur. Rev. 34(2), 244–256 (2018)

    Article  Google Scholar 

  47. Easton, C.R.: Information systems for crisis response and management: The EU data protection regulation, privacy by design and certification (2016)

    Google Scholar 

  48. Anisetti, M., Ardagna, C.A., Damiani, E., El Ioini, N., Gaudenzi, F.: Modeling time, probability, and configuration constraints for continuous cloud service certification. Comput. Secur. 72, 234–254 (2018)

    Article  Google Scholar 

  49. Ardagna, C.A., Asal, R., Damiani, E., Dimitrakos, T., El Ioini, N., Pahl, C.: Certification-based cloud adaptation. IEEE Trans. Serv. Comput. (2018)

    Google Scholar 

  50. Teigeler, H., Lins, S., Sunyaev, A.: Drivers vs. inhibitors-what clinches continuous service certification adoption by cloud service providers? In: Proceedings of the 51st Hawaii International Conference on System Sciences, January 2018

    Google Scholar 

  51. FedRAMP Security Assessment Framework. https://www.fedramp.gov/assets/resources/. Accessed 17 Mar 2020

  52. GDPR, General Provision. https://gdpr-info.eu/chapter-1/. Accessed 17 Mar 2020

  53. NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, 16 January 2020. https://www.nist.gov/privacy-framework

  54. Privacy Policy Guidance Memorandum 2008-01, The Fair Information Practice Principles, 29 December 2008. https://www.dhs.gov/publication/privacy-policy-guidance-memorandum-2008-01-fair-information-practice-principles

  55. General Data Protection Regulation (GDPR): Off. J. Eur. Union (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

  56. Cloud Controls Matrix v3.0.1: Cloud Security Alliance, 3 August 2019. https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v3-0-1/

  57. Solove, D.J.: Understanding Privacy. Harvard University Press, Cambridge (2008)

    Google Scholar 

  58. Solove, D.J.: A taxonomy of privacy. Univ. Pa. Law. Rev. 154, 477 (2005)

    Article  Google Scholar 

  59. Privacy Act of 1974. The United States Department of Justice, 15 January 2020. https://www.justice.gov/opcl/privacy-act-1974

  60. Sharma, T., Bashir, M.: Use of apps in the COVID-19 responses and the loss of privacy protection. Nat. Med. 26, 1165–1167 (2020)

    Article  Google Scholar 

  61. Almtrf, A., Alagrash, Y., Zohdy, M.: Framework modeling for user privacy in cloud computing. In: 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pp. 0819–0826. IEEE, January 2019

    Google Scholar 

Download references

Acknowledgement

This work has been supported by Cisco. This study is a part of the project on Privacy Standards Evaluation for the cloud: A proposal for Cisco, University of Illinois at Urbana-Champaign. We want to acknowledge and thank all of those who have contributed to this work.

Author information

Authors and Affiliations

  1. University of Illinois at Urbana-Champaign, Champaign, IL, 61820, USA

    Tanusree Sharma, Tian Wang, Carlo Di Giulio & Masooda Bashir

Authors
  1. Tanusree Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Carlo Di Giulio
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Masooda Bashir
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Masooda Bashir .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. University of Padua, Padua, Italy

    Mauro Conti

  3. Singapore University of Technology and Design, Singapore, Singapore

    Chuadhry Mujeeb Ahmed

  4. The University of Hong Kong, Hong Kong, Hong Kong

    Man Ho Au

  5. ICIS, Radboud University Nijmegen, Nijmegen, The Netherlands

    Lejla Batina

  6. University of California, Irvine, CA, USA

    Zhou Li

  7. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  8. University of Padua, Padua, Italy

    Eleonora Losiouk

  9. University of Kansas, Lawrence, KS, USA

    Bo Luo

  10. CIISE, Concordia University, Montréal, QC, Canada

    Suryadipta Majumdar

  11. Technical University of Denmark, Lyngby, Denmark

    Weizhi Meng

  12. AppGate Inc., Bogotá, Colombia

    Martín Ochoa

  13. Delft University of Technology, Delft, The Netherlands

    Stjepan Picek

  14. Stevens Institute of Technology, Hoboken, NJ, USA

    Georgios Portokalidis

  15. City University of Hong Kong, Hong Kong, China

    Cong Wang

  16. Chinese University of Hong Kong, Shatin, Hong Kong

    Kehuan Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sharma, T., Wang, T., Di Giulio, C., Bashir, M. (2020). Towards Inclusive Privacy Protections in the Cloud. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2020. Lecture Notes in Computer Science(), vol 12418. Springer, Cham. https://doi.org/10.1007/978-3-030-61638-0_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-61638-0_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-61637-3

  • Online ISBN: 978-3-030-61638-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation