Abstract
The adoption of cloud computing has created tremendous prospects and cost savings for a variety of organizations. Although increasing resources and effort have been devoted to fighting cyber-threats in cloud environments, cloud computing continues to be associated with a range of severe and complex security and privacy issues that may challenge the overall benefits that CSPs offer. While security protections in cloud computing has been widely discussed and comprehensive guidelines have been established, privacy protections in the cloud does not have the same level of focus or set of guideline or framework that has been established. In this paper, we present a systematic review of previous literature related to privacy issues in cloud computing, analyze multiple general privacy frameworks, policies, and principles to highlight the critical need for creating privacy protection criteria’s for cloud computing. Our research and review illustrates that privacy protections focused on cloud computing is deficient and it can serve as an initial guide towards building and improving privacy protections in order to meet cloud privacy requirements and ensure data protection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bashir, M., Di Giulio, C., Kamhoua, C.A.: Certifications past and future: a future model for assigning certifications that incorporate lessons learned from past practices. In: Campbell, R.H., Kamhoua, C.A., Kwiat, K.A. (eds.) Assured Cloud Computing, pp. 277–311. Wiley-IEEE Computer Society Press (2018)
Benlian, A., Kettinger, W.J., Sunyaev, A., Winkler, T.J., Guest Editors: The transformative value of cloud computing: a decoupling, platformization, and recombination theoretical framework. J. Manag. Inf. Syst. 35(3), 719–739 (2018)
Mell, P., Grance, T.: The NIST Definition of Cloud Computing (Draft): Recommendations of the National Institute of Standards and Technology. Special Publication 800–145 (draft), Gaithersburg, MD (2018). Published 28 September 2011, Updated 10 November 2018
Ellis, R., Mohan, V. (eds.): Rewired: Cybersecurity Governance. Wiley, Hoboken (2019)
Lamps, J., Palmer, I., Sprabery, R.: WinWizard: expanding Xen with a LibVMI intrusion detection tool. In: Proceedings of the 2014 IEEE 7th International Conference on Cloud Computing, pp. 849–856 (2014)
Guilloteau, S., Venkatesen, M.: Privacy in Cloud Computing. ITU-T Technology Watch Report March 2012 (2013)
Svantesson, D., Clarke, R.: Privacy and consumer risks in cloud computing. Comput. Law Secur. Rev. 26(4), 391–397 (2010)
Di Giulio, C., Sprabery, R., Kamhoua, C., Kwiat, K., Campbell, R.H., Bashir, M.N.: Cloud standards in comparison: are new security frameworks improving cloud security? In: Proceedings of the 2017 IEEE 10th International Conference on Cloud Computing (CLOUD), Honolulu, CA, pp. 50–57 (2017)
Di Giulio, C., Kamhoua, C., Campbell, R.H., Sprabery, R., Kwiat, K., Bashir, M.N.: IT security and privacy standards in comparison: improving FedRAMP authorization for cloud service providers. In: Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid 2017), pp. 1090–1099. IEEE Press, Piscataway, May 2017
Di Giulio, C., Sprabery, R., Kamhoua, C., Kwiat, K., Campbell, R.H., Bashir, M.N.: Cloud security certifications: a comparison to improve cloud service provider security. In: Proceedings of the 2nd International Conference on Internet of Things and Cloud Computing (ICC 2017). ACM, New York (2017). Article 120, 12 pages
McCallister, E., Grance, T., Scarfone, K.: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). NIST Special Publication SP 800-122, National Institute of Standards and Technology, U.S. Department of Commerce (2010). https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf
Sharma, T., Bambenek, J.C., Bashir, M.: Preserving Privacy in Cyber-physical-social Systems: An Anonymity and Access Control Approach (2020)
Force, J.T.: Security and Privacy Controls for Information Systems and Organizations (No. NIST Special Publication (SP) 800-53 Rev. 5 (Draft)). National Institute of Standards and Technology (2017)
Idrissi, H.K., Kartit, A., El Marram, M.: A taxonomy and survey of cloud computing. In: 2013 National Security Days (JNS3), pp. 1–5. IEEE, April 2013
Shaikh, R., Sasikumar, M.: Data classification for achieving security in cloud computing. Procedia Comput. Sci. 45(1C), 493–498 (2015)
Big Data Taxonomy. https://downloads.cloudsecurityalliance.org/. Accessed 16 Mar 2020
Cavoukian, A.: Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada, May 2009
IAPP - A Taxonomy of Privacy (Poster). https://iapp.org/. Accessed 16 Mar 2020
Zorzo, S.D., Botelho, R.P., de’Avila, P.M.: Taxonomy for privacy policies of social networks sites. Soc. Netw. (2013)
Antón, A.I., Earp, J.B.: A taxonomy for web site privacy requirements. North Carolina State University at Raleigh, Raleigh, NC (2001)
Miller, H.E.: Big-data in cloud computing: a taxonomy of risks (2013)
Sun, Y., Zhang, J., Xiong, Y., Zhu, G.: Data security and privacy in cloud computing. Int. J. Distrib. Sens. Netw. 10(7), 190903 (2014)
Kang, M., Kwon, H.Y.: A study on the needs for enhancement of personal information protection in cloud computing security certification system. In: 2019 International Conference on Platform Technology and Service (PlatCon), pp. 1–5. IEEE, January 2019
Abbas, A., Khan, S.U.: A review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE J. Biomed. Health Inform. 18(4), 1431–1441 (2014)
Lins, S., Grochol, P., Schneider, S., Sunyaev, A.: Dynamic certification of cloud services: trust, but verify! IEEE Secur. Priv. 14(2), 66–71 (2016)
Lansing, J., Schneider, S., Sunyaev, A.: Cloud service certifications: measuring consumers’ preferences for assurances. In: ECIS, p. 181, June 2013
Katzan Jr, H.: On the privacy of cloud computing. Int. J. Manag. Inf. Syst. (IJMIS) 14(2) (2010)
Abuhussein, A., Bedi, H., Shiva, S.: Evaluating security and privacy in cloud computing services: a stakeholder’s perspective. In: 2012 International Conference for Internet Technology and Secured Transactions, pp. 388–395. IEEE, December 2012
Sunyaev, A., Schneider, S.: Cloud services certification. Commun. ACM 56(2), 33–36 (2013)
Ion, I., Sachdeva, N., Kumaraguru, P., Čapkun, S.: Home is safer than the cloud! Privacy concerns for consumer cloud storage. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, pp. 1–20, July 2011
Karkouda, K., Nabli, A., Gargouri, F.: Privacy and availability in cloud data warehouse. In: Proceedings of the 10th International Conference on Education Technology and Computers, pp. 388–391, October 2018
Mowbray, M., Pearson, S.: A client-based privacy manager for cloud computing. In: Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and MiddlewaRE, pp. 1–8, June 2009
Grodzinsky, F.S., Tavani, H.T.: Privacy in “the cloud” applying Nissenbaum’s theory of contextual integrity. ACM SIGCAS Comput. Soc. 41(1), 38–47 (2011)
Pearson, S.: Taking account of privacy when designing cloud computing services. In: 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 44–52. IEEE, May 2009
Ghorbel, A., Ghorbel, M., Jmaiel, M.: Privacy in cloud computing environments: a survey and research challenges. J. Supercomput. 73(6), 2763–2800 (2017). https://doi.org/10.1007/s11227-016-1953-y
Zhou, M., Zhang, R., Xie, W., Qian, W., Zhou, A.: Security and privacy in cloud computing: a survey. In: 2010 Sixth International Conference on Semantics, Knowledge and Grids, pp. 105–112. IEEE, November 2010
Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: 2012 International Conference on Computer Science and Electronics Engineering, vol. 1, pp. 647–651. IEEE, March 2012
Wang, T., Zhou, J., Chen, X., Wang, G., Liu, A., Liu, Y.: A three-layer privacy preserving cloud storage scheme based on computational intelligence in fog computing. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 3–12 (2018)
Domingo-Ferrer, J., Farras, O., Ribes-González, J., Sánchez, D.: Privacy- preserving cloud computing on sensitive data: a survey of methods, products and challenges. Comput. Commun. 140, 38–60 (2019)
Aloraini, A., Hammoudeh, M.: A survey on data confidentiality and privacy in cloud computing. In: Proceedings of the International Conference on Future Networks and Distributed Systems, pp. 1–7, July 2017
Kumar, S.N., Vajpayee, A.: A survey on secure cloud: security and privacy in cloud computing. Am. J. Syst. Softw. 4(1), 14–26 (2016)
Werner, J., Westphall, C.M., Westphall, C.B.: Cloud identity management: a survey on privacy strategies. Comput. Netw. 122, 29–42 (2017)
Lar, S.U., Liao, X., Abbas, S.A.: Cloud computing privacy security global issues, challenges, mechanisms. In: 2011 6th International ICST Conference on Communications and Networking in China (CHINACOM), pp. 1240–1245. IEEE, August 2011
Sharma, T., Bashir, M.: Privacy apps for smartphones: an assessment of users’ preferences and limitations. In: Moallem, A. (ed.) HCII 2020. LNCS, vol. 12210, pp. 533–546. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50309-3_35
Tsai, J.: U.S. Patent Application No. 14/984,830 (2017)
Lachaud, E.: The general data protection regulation and the rise of certification as a regulatory instrument. Comput. Law Secur. Rev. 34(2), 244–256 (2018)
Easton, C.R.: Information systems for crisis response and management: The EU data protection regulation, privacy by design and certification (2016)
Anisetti, M., Ardagna, C.A., Damiani, E., El Ioini, N., Gaudenzi, F.: Modeling time, probability, and configuration constraints for continuous cloud service certification. Comput. Secur. 72, 234–254 (2018)
Ardagna, C.A., Asal, R., Damiani, E., Dimitrakos, T., El Ioini, N., Pahl, C.: Certification-based cloud adaptation. IEEE Trans. Serv. Comput. (2018)
Teigeler, H., Lins, S., Sunyaev, A.: Drivers vs. inhibitors-what clinches continuous service certification adoption by cloud service providers? In: Proceedings of the 51st Hawaii International Conference on System Sciences, January 2018
FedRAMP Security Assessment Framework. https://www.fedramp.gov/assets/resources/. Accessed 17 Mar 2020
GDPR, General Provision. https://gdpr-info.eu/chapter-1/. Accessed 17 Mar 2020
NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, 16 January 2020. https://www.nist.gov/privacy-framework
Privacy Policy Guidance Memorandum 2008-01, The Fair Information Practice Principles, 29 December 2008. https://www.dhs.gov/publication/privacy-policy-guidance-memorandum-2008-01-fair-information-practice-principles
General Data Protection Regulation (GDPR): Off. J. Eur. Union (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
Cloud Controls Matrix v3.0.1: Cloud Security Alliance, 3 August 2019. https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v3-0-1/
Solove, D.J.: Understanding Privacy. Harvard University Press, Cambridge (2008)
Solove, D.J.: A taxonomy of privacy. Univ. Pa. Law. Rev. 154, 477 (2005)
Privacy Act of 1974. The United States Department of Justice, 15 January 2020. https://www.justice.gov/opcl/privacy-act-1974
Sharma, T., Bashir, M.: Use of apps in the COVID-19 responses and the loss of privacy protection. Nat. Med. 26, 1165–1167 (2020)
Almtrf, A., Alagrash, Y., Zohdy, M.: Framework modeling for user privacy in cloud computing. In: 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pp. 0819–0826. IEEE, January 2019
Acknowledgement
This work has been supported by Cisco. This study is a part of the project on Privacy Standards Evaluation for the cloud: A proposal for Cisco, University of Illinois at Urbana-Champaign. We want to acknowledge and thank all of those who have contributed to this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Sharma, T., Wang, T., Di Giulio, C., Bashir, M. (2020). Towards Inclusive Privacy Protections in the Cloud. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2020. Lecture Notes in Computer Science(), vol 12418. Springer, Cham. https://doi.org/10.1007/978-3-030-61638-0_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-61638-0_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61637-3
Online ISBN: 978-3-030-61638-0
eBook Packages: Computer ScienceComputer Science (R0)