Abstract
Nowadays most Internet users use resources and services belonging to the cloud. Without a doubt elasticity of cloud environments offer a wide range of advantages to users and IT companies through a wide range of pay-as-you-go services, platforms and infrastructure facilities. However, Internet users express great concerns about the sufficient protection of their privacy when accessing cloud services and more specifically over public clouds. The structure of the cloud environment hinders new privacy issues that designers and developers need to consider when realising cloud services in order for the latter to be trusted by the prospective users. This paper presents a number of privacy-oriented technical concepts that analysts need to consider when designing and modeling privacy-aware systems in a cloud environment. Also it extends the PriS method by presenting a new conceptual model and a respective process for assisting in cloud services’ design and implementation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rainie, L, Kiesler, S., Kang, R, Madden, M: Anonymity, Privacy and Security Online, Carnegie Mellon University. http://www.pewinternet.org/2013/09/05/anonymity-privacy-and-security-online/. Accessed 19 April 2015
TRUSTe: US Consumer Confidence Privacy Report. http://www.truste.com/us-consumer-confidence-index-2014/. Accessed 19 April 2015
Gritzalis, S.: Enhancing web privacy and anonymity in the digital era. Inf. Manage. Comput. Secur. 12(3), 255–288 (2004). Emerald Group Publishing Limited
Koorn, R., van Gils, H., Hart, J., Overbeek, P., Tellegen, R.: Privacy Enhancing Technologies, White paper for Decision Makers. Ministry of the Interior and Kingdom Relations, The Netherlands (2004)
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: The PriS method. Requirements Eng. J. 13(3), 241–255 (2008)
Mouratidis, H., Kalloniatis, C., Islam, S., Huget, M.P., Gritzalis, S.: Aligning security and privacy to support the development of secure information systems. J. Univ. Comput. Sci. 18(12), 1608–1627 (2012)
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management, white paper, v.0.34. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml. Accessed 19 April 2015
Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4, 1–13 (2013)
ITU Technology Watch: Privacy in Cloud Computing. International Telecommuni cations Union, Geneva, Switzerland (2012)
Manousakis, V., Kalloniatis, C., Kavakli, E., Gritzalis, S.: Privacy in the cloud: bridging the gap between design and implementation. In: Franch, X., Soffer, P. (eds.) CAiSE Workshops 2013. LNBIP, vol. 148, pp. 455–465. Springer, Heidelberg (2013)
Kalloniatis, C., Manousakis, V., Mouratidis, H., Gritzalis, S.: Migrating into the cloud: identifying the major security and privacy concerns. In: Douligeris, C., Polemi, N., Karantjias, A., Lamersdorf, W. (eds.) Collaborative, Trusted and Privacy-Aware e/m-Services. IFIP AICT, vol. 399, pp. 73–87. Springer, Heidelberg (2013)
CSA Threats: Top Threats to Cloud Computing Results update 2012, Cloud Se-curity Alliance, Seattle, WA, USA (2012)
Pearson, S.: Privacy, security and trust in cloud computing. In: Pearson, S., Yee, G. (eds.) Computer Communications and Networks. Springer-Verlag, London (2013)
Kalloniatis, C., Mouratidis, H., Manousakis, V., Islam, S., Gritzalis, S., Kavakli, E.: Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Comput. Stan. Interfaces 36, 759–775 (2014)
EU Draft: EU Directive for Security issues in Cloud Computing. European Commission, Brussels, Belgium
Article 29 Data Protection Working Party, Opinion 05/2012 on Cloud Computing (2012). Accessed 09 December 2014
Microsoft Technical report: Privacy in the cloud computing era, a Microsoft perspective, Microsoft Corp, Redmond, USA, November 2009. Accessed 10 January 2015
Wei, J., Zhang, X., Ammons, G., Bala, V., Ning, P.: Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW 2009), pp. 91–96. ACM, New York (2009). doi: 10.1145/1655008.1655021 http://doi.acm.org/10.1145/1655008.1655021
Cannon, J.C.: Privacy: What Developers and IT Professionals Should Know. Addison-Wesley, Reading (2004)
Fischer-HĂĽbner, S.: IT-Security and Privacy: Design and Use of Privacy Enhancing Security Mechanisms. LNCS, vol. 1958. Springer, Heidelberg (2001)
Kalloniatis, C., Kavakli, E., Kontellis, E.: PriS tool: a case tool for privacy-oriented RE. In: Doukidis, G., et al. (eds.) Proceedings of the MCIS 2009 4th Mediterranean Conference on Information Systems, Athens, Greece, pp. 913–925 (e-version), September 2009
Kalloniatis, C., Kavakli, E., Gritzalis, S.: PriS Methodology: incorporating privacy requirements into the system design process. In: Mylopoulos, J., Spafford, G. (eds.) Proceedings of the 13th IEEE International Requirements Engineering Conference – SREIS 2005 Symposium on Requirements Engineering for Information Security, Paris, France. IEEE CPS Conference Publishing Services, August 2005
Mouratidis, H., Giorgini, G.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Software Eng. Knowl. Eng. 17, 285–309 (2007)
Houmb, S.H., Islam, S., Knauss, E., Jürjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: an integration of common criteria, heuristics, and UMLsec. Requirements Eng. J. 15, 63–93 (2010)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. J. 10, 34–44 (2005)
Romanosky, S., Acquisti, A., Hong, J., Cranor, L.F., Friedman, B.: Privacy patterns for online interactions. In: Proceedings of the 2006 Conference on Pattern Languages of Programs (PloP 2006), Portland, Oregon, pp. 12:1–12:9. ACM, New York, 21–23 October 2006
Hafiz, M.: A Pattern Language for Developing Privacy Enhancing Technologies. Software Practice and Experience. 43, 769–787 (2013)
Islam, S., Mouratidis, H., Wagner, S.: Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In: Wieringa, R., Persson, A. (eds.) REFSQ 2010. LNCS, vol. 6182, pp. 255–261. Springer, Heidelberg (2010)
Massey, A.K., Otto, P.N., Hayward, L.J., Antón, A.I.: Evaluating existing secu-rity and privacy requirements for legal compliance. Requirements Eng. J. 15, 119–137 (2010)
Mulazzani, M., Schrittwieser, S., Leithner, M., Huber, M., Weippl, E.: Dark clouds on the horizon: using cloud storage as attack vector and online slack space. In: Proceedings of the 20th USENIX Conference on Security, San Fransisco, CA, p. 5. USENIX Association, Berkeley, 8–12 August 2011
Gong, C., Liu, J., Zhang, Q., Chen, H., Gong, Z.: The characteristics of cloud computing. In: Proceedings of the 2010 39th International Conference on Parallel Processing Workshop, San Diego, CA, pp. 275–279. IEEE Computer Society, Washington, DC, 13-16 September 2010
Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: Proceedings of the 2nd IEEE International Conference on Cloud Computing Technology and Science, Indianapolis, Indiana, USA, pp. 693 – 702. IEEE Computer Society, UK, 30 November–3 December 2010
Islam, S., Mouratidis, H., Weippl, E.: A goal-driven risk management approach to support security and privacy analysis of cloud-based system. In: Security Engineering for Cloud Computing: Approaches and Tools. IGI global publication (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Kalloniatis, C. (2015). Designing Privacy-Aware Systems in the Cloud. In: Fischer-HĂĽbner, S., Lambrinoudakis, C., LĂłpez, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-22906-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22905-8
Online ISBN: 978-3-319-22906-5
eBook Packages: Computer ScienceComputer Science (R0)