Skip to main content
SpringerLink
Log in
Book cover

Trusted Cloud Computing pp 239–258Cite as

An Architecture for Trusted PaaS Cloud Computing for Personal Data

  • Chapter
  • First Online:

Abstract

Cloud computing (CC) has gained much popularity. Large amounts of data, many of them personal, are consumed by CC services. Yet, data security and, derived from that, privacy are topics that are not satisfyingly covered. Especially usage control and data leakage prevention are open problems. We propose the development of a trusted Platform as a Service CC architecture that addresses selected Data security and privacy threats (Data breaches, Insecure interfaces and APIs, Malicious insiders of service providers and Shared technology vulnerabilities). Services that consume personal data and are hosted in the proposed architecture are guaranteed to handle these data according to users’ requirements. Our proof of concept shows the feasibility of implementing the presented approach.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Achemlal, M., Gharout, S., Gaber, C.: Trusted platform module as an enabler for security in cloud computing. In: Network and Information Systems Security (SAR-SSI), 2011 Conference on, pp. 1–6. IEEE (2011)

    Google Scholar 

  2. Allard, T., Anciaux, N., Bouganim, L., Guo, Y., al. et: Secure personal data servers: a vision paper. Proceedings of the VLDB Endowment 3(1-2), 25–35 (2010)

    Google Scholar 

  3. Beato, F., Kohlweiss, M., Wouters, K.: Scramble! your social network data. In: Privacy Enhancing Technologies, pp. 211–225. Springer (2011)

    Google Scholar 

  4. Bertholon, B., Varrette, S., Bouvry, P.: Certicloud: a novel tpm-based approach to ensure cloud iaas security. In: Cloud Computing (CLOUD), 2011 IEEE International Conference on, pp. 121–130. IEEE (2011)

    Google Scholar 

  5. Brodie, B.C., Taylor, D.E., Cytron, R.K.: A scalable architecture for high-throughput regularexpression pattern matching. In: ACM SIGARCH Computer Architecture News, vol. 34, pp. 191–202. IEEE Computer Society (2006)

    Google Scholar 

  6. Brown, A., Chase, J.S.: Trusted platform-as-a-service: a foundation for trustworthy cloudhosted applications. In: Proceedings of the 3rd ACM workshop on Cloud computing security workshop, pp. 15–20. ACM (2011)

    Google Scholar 

  7. Chang, W., Streiff, B., Lin, C.: Efficient and extensible security enforcement using dynamic data flow analysis. In: Proceedings of the 15th ACM conference on Computer and communications security, pp. 39–50. ACM (2008)

    Google Scholar 

  8. Cheng, G., Ohoussou, A.: Sealed storage for trusted cloud computing. In: Computer Design and Applications (ICCDA), 2010 International Conference on, vol. 5, pp. V5–335. IEEE (2010)

    Google Scholar 

  9. Cloud Computer Alliance: The notorious nine cloud computing top threats in 2013 (2013)

    Google Scholar 

  10. Fritz, C.: Flowdroid: A precise and scalable data flow analysis for android. Master’s thesis, Technische universitat Darmstadt (2013)

    Google Scholar 

  11. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: ACM SIGOPS Operating Systems Review, vol. 37, pp. 193–206. ACM (2003)

    Google Scholar 

  12. Ghorbel, M., Aghasaryan, A., Betg´e-Brezetz, S., Dupont, M., Kamga, G., Piekarec, S.: Privacy data envelope: Concept and implementation. In: Privacy, Security and Trust (PST), 2011 Ninth Annual International Conference on, pp. 55–62. IEEE (2011)

    Google Scholar 

  13. Gonz´alez-Manzano, L., Gonz´alez-Tablas, A., de Fuentes, J., Ribagorda, A.: Security and Privacy Preserving in Social Networks, chap. User-Managed Access Control inWeb Based Social Networks. Springer (2013)

    Google Scholar 

  14. Kirkham, T., Winfield, S., Ravet, S., Kellomaki, S.: A personal data store for an internet of subjects. In: Information Society (i-Society), 2011 International Conference on, pp. 92–97. IEEE (2011)

    Google Scholar 

  15. Li, H., Sarathy, R., Xu, H.: Understanding situational online information disclosure as a privacy calculus. Journal of Computer Information Systems 51(1), 62 (2010)

    Google Scholar 

  16. Maniatis, P., Akhawe, D., Fall, K., Shi, E., McCamant, S., Song, D.: Do you know where your data are? secure data capsules for deployable data protection. In: Proc. 13th Usenix Conf. Hot Topics in Operating Systems (2011)

    Google Scholar 

  17. Mell, P., Grance, T.: The nist definition of cloud computing (draft). NIST special publication 800(145), 7 (2011)

    Google Scholar 

  18. Mont, M.C., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In: Database and Expert Systems Applications, 2003. Proceedings. 14th International Workshop on, pp. 377–382. IEEE (2003)

    Google Scholar 

  19. Papagiannis, I., Pietzuch, P.: Cloudfilter: practical control of sensitive data propagation to the cloud. In: Proceedings of the 2012 ACM Workshop on Cloud computing security workshop, pp. 97–102. ACM (2012)

    Google Scholar 

  20. Pearson, S.: Taking account of privacy when designing cloud computing services. In: Software Engineering Challenges of Cloud Computing, 2009. CLOUD’09. ICSEWorkshop on, pp. 44– 52. IEEE (2009)

    Google Scholar 

  21. Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 conference on Hot topics in cloud computing, pp. 3–3 (2009)

    Google Scholar 

  22. Santos, N., Rodrigues, R., Gummadi, K.P., Saroiu, S.: Policy-sealed data: A new abstraction for building trusted cloud services. In: Usenix Security (2012)

    Google Scholar 

  23. Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., McDaniel, P.: Seeding clouds with trust anchors. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop, pp. 43–46. ACM (2010)

    Google Scholar 

  24. Scowen, R.S.: Extended bnf-a generic base standard. Tech. rep., Technical report, ISO/IEC 14977. http://www.cl.cam.ac.uk/mgk25/iso-14977. pdf (1998)

  25. Shi, E., Perrig, A., Van Doorn, L.: Bind: A fine-grained attestation service for secure distributed systems. In: Security and Privacy, 2005 IEEE Symposium on, pp. 154–168. IEEE (2005)

    Google Scholar 

  26. Sirer, E.G., de Bruijn, W., Reynolds, P., Shieh, A., Walsh, K., Williams, D., Schneider, F.B.: Logical attestation: an authorization architecture for trustworthy computing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 249–264. ACM (2011)

    Google Scholar 

  27. Takabi, H., Joshi, J.B.: Semantic–based policy management for cloud computing environments. International Journal of Cloud Computing 1(2), 119–144 (2012)

    Article  Google Scholar 

  28. Velten, M., Stumpf, F.: Secure and privacy-aware multiplexing of hardware-protected tpm integrity measurements among virtual machines. In: Information Security and Cryptology–ICISC 2012, pp. 324–336. Springer (2013)

    Google Scholar 

  29. Xin, S., Zhao, Y., Li, Y.: Property-based remote attestation oriented to cloud computing. In: Computational Intelligence and Security (CIS), 2011 Seventh International Conference on, pp. 1028–1032. IEEE (2011)

    Google Scholar 

  30. Xu, G., Borcea, C., Iftode, L.: Satem: Trusted service code execution across transactions. In: Reliable Distributed Systems, 2006. SRDS’06. 25th IEEE Symposium on, pp. 321–336. IEEE (2006)

    Google Scholar 

  31. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM, 2010 Proceedings IEEE, pp. 1–9. IEEE (2010)

    Google Scholar 

  32. Yuan, E., Tong, J.: Attributed based access control (abac) for web services. In: Web Services, 2005. ICWS 2005. Proceedings. 2005 IEEE International Conference on. IEEE (2005)

    Google Scholar 

  33. Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 203–216. ACM (2011)

    Google Scholar 

  34. Zhu, D.Y., Jung, J., Song, D., Kohno, T., Wetherall, D.: Tainteraser: protecting sensitive data leaks using application-level taint tracking. ACM SIGOPS Operating Systems Review 45(1), 142–154 (2011)

    Article  Google Scholar 

  35. Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Generation Computer Systems 28(3), 583–592 (2012)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University Carlos III of Madrid, Leganés, Spain

    Lorena González-Manzano

  2. Fraunhofer Research Institution for Applied and Integrated Security, Garching Bei München, Germany

    Gerd Brost & Matthias Aumueller

Authors
  1. Lorena González-Manzano
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gerd Brost
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Matthias Aumueller
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lorena González-Manzano .

Editor information

Editors and Affiliations

  1. Technische Universität München, fortiss - An-Institut Technische Universität München, Munich, Germany

    Helmut Krcmar

  2. Karlsruhe Institute of Technology, FZI - Forschungszentrum Informatik am KIT, Karlsruhe, Germany

    Ralf Reussner

  3. RWTH Aachen, RIT - Rumpe Information Technologies, Aachen, Germany

    Bernhard Rumpe

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

González-Manzano, L., Brost, G., Aumueller, M. (2014). An Architecture for Trusted PaaS Cloud Computing for Personal Data. In: Krcmar, H., Reussner, R., Rumpe, B. (eds) Trusted Cloud Computing. Springer, Cham. https://doi.org/10.1007/978-3-319-12718-7_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12718-7_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12717-0

  • Online ISBN: 978-3-319-12718-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation