Skip to main content
SpringerLink
Log in

Designing Privacy-Aware Systems in the Cloud

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9264))

Included in the following conference series:

Abstract

Nowadays most Internet users use resources and services belonging to the cloud. Without a doubt elasticity of cloud environments offer a wide range of advantages to users and IT companies through a wide range of pay-as-you-go services, platforms and infrastructure facilities. However, Internet users express great concerns about the sufficient protection of their privacy when accessing cloud services and more specifically over public clouds. The structure of the cloud environment hinders new privacy issues that designers and developers need to consider when realising cloud services in order for the latter to be trusted by the prospective users. This paper presents a number of privacy-oriented technical concepts that analysts need to consider when designing and modeling privacy-aware systems in a cloud environment. Also it extends the PriS method by presenting a new conceptual model and a respective process for assisting in cloud services’ design and implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Rainie, L, Kiesler, S., Kang, R, Madden, M: Anonymity, Privacy and Security Online, Carnegie Mellon University. http://www.pewinternet.org/2013/09/05/anonymity-privacy-and-security-online/. Accessed 19 April 2015

  2. TRUSTe: US Consumer Confidence Privacy Report. http://www.truste.com/us-consumer-confidence-index-2014/. Accessed 19 April 2015

  3. Gritzalis, S.: Enhancing web privacy and anonymity in the digital era. Inf. Manage. Comput. Secur. 12(3), 255–288 (2004). Emerald Group Publishing Limited

    Google Scholar 

  4. Koorn, R., van Gils, H., Hart, J., Overbeek, P., Tellegen, R.: Privacy Enhancing Technologies, White paper for Decision Makers. Ministry of the Interior and Kingdom Relations, The Netherlands (2004)

    Google Scholar 

  5. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: The PriS method. Requirements Eng. J. 13(3), 241–255 (2008)

    Article  Google Scholar 

  6. Mouratidis, H., Kalloniatis, C., Islam, S., Huget, M.P., Gritzalis, S.: Aligning security and privacy to support the development of secure information systems. J. Univ. Comput. Sci. 18(12), 1608–1627 (2012)

    Google Scholar 

  7. Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management, white paper, v.0.34. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml. Accessed 19 April 2015

  8. Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4, 1–13 (2013)

    Article  Google Scholar 

  9. ITU Technology Watch: Privacy in Cloud Computing. International Telecommuni cations Union, Geneva, Switzerland (2012)

    Google Scholar 

  10. Manousakis, V., Kalloniatis, C., Kavakli, E., Gritzalis, S.: Privacy in the cloud: bridging the gap between design and implementation. In: Franch, X., Soffer, P. (eds.) CAiSE Workshops 2013. LNBIP, vol. 148, pp. 455–465. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  11. Kalloniatis, C., Manousakis, V., Mouratidis, H., Gritzalis, S.: Migrating into the cloud: identifying the major security and privacy concerns. In: Douligeris, C., Polemi, N., Karantjias, A., Lamersdorf, W. (eds.) Collaborative, Trusted and Privacy-Aware e/m-Services. IFIP AICT, vol. 399, pp. 73–87. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  12. CSA Threats: Top Threats to Cloud Computing Results update 2012, Cloud Se-curity Alliance, Seattle, WA, USA (2012)

    Google Scholar 

  13. Pearson, S.: Privacy, security and trust in cloud computing. In: Pearson, S., Yee, G. (eds.) Computer Communications and Networks. Springer-Verlag, London (2013)

    Google Scholar 

  14. Kalloniatis, C., Mouratidis, H., Manousakis, V., Islam, S., Gritzalis, S., Kavakli, E.: Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Comput. Stan. Interfaces 36, 759–775 (2014)

    Article  Google Scholar 

  15. EU Draft: EU Directive for Security issues in Cloud Computing. European Commission, Brussels, Belgium

    Google Scholar 

  16. Article 29 Data Protection Working Party, Opinion 05/2012 on Cloud Computing (2012). Accessed 09 December 2014

    Google Scholar 

  17. Microsoft Technical report: Privacy in the cloud computing era, a Microsoft perspective, Microsoft Corp, Redmond, USA, November 2009. Accessed 10 January 2015

    Google Scholar 

  18. Wei, J., Zhang, X., Ammons, G., Bala, V., Ning, P.: Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW 2009), pp. 91–96. ACM, New York (2009). doi: 10.1145/1655008.1655021 http://doi.acm.org/10.1145/1655008.1655021

  19. Cannon, J.C.: Privacy: What Developers and IT Professionals Should Know. Addison-Wesley, Reading (2004)

    Google Scholar 

  20. Fischer-HĂĽbner, S.: IT-Security and Privacy: Design and Use of Privacy Enhancing Security Mechanisms. LNCS, vol. 1958. Springer, Heidelberg (2001)

    Google Scholar 

  21. Kalloniatis, C., Kavakli, E., Kontellis, E.: PriS tool: a case tool for privacy-oriented RE. In: Doukidis, G., et al. (eds.) Proceedings of the MCIS 2009 4th Mediterranean Conference on Information Systems, Athens, Greece, pp. 913–925 (e-version), September 2009

    Google Scholar 

  22. Kalloniatis, C., Kavakli, E., Gritzalis, S.: PriS Methodology: incorporating privacy requirements into the system design process. In: Mylopoulos, J., Spafford, G. (eds.) Proceedings of the 13th IEEE International Requirements Engineering Conference – SREIS 2005 Symposium on Requirements Engineering for Information Security, Paris, France. IEEE CPS Conference Publishing Services, August 2005

    Google Scholar 

  23. Mouratidis, H., Giorgini, G.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Software Eng. Knowl. Eng. 17, 285–309 (2007)

    Article  Google Scholar 

  24. Houmb, S.H., Islam, S., Knauss, E., Jürjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: an integration of common criteria, heuristics, and UMLsec. Requirements Eng. J. 15, 63–93 (2010)

    Article  Google Scholar 

  25. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. J. 10, 34–44 (2005)

    Article  Google Scholar 

  26. Romanosky, S., Acquisti, A., Hong, J., Cranor, L.F., Friedman, B.: Privacy patterns for online interactions. In: Proceedings of the 2006 Conference on Pattern Languages of Programs (PloP 2006), Portland, Oregon, pp. 12:1–12:9. ACM, New York, 21–23 October 2006

    Google Scholar 

  27. Hafiz, M.: A Pattern Language for Developing Privacy Enhancing Technologies. Software Practice and Experience. 43, 769–787 (2013)

    Article  Google Scholar 

  28. Islam, S., Mouratidis, H., Wagner, S.: Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In: Wieringa, R., Persson, A. (eds.) REFSQ 2010. LNCS, vol. 6182, pp. 255–261. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  29. Massey, A.K., Otto, P.N., Hayward, L.J., Antón, A.I.: Evaluating existing secu-rity and privacy requirements for legal compliance. Requirements Eng. J. 15, 119–137 (2010)

    Article  Google Scholar 

  30. Mulazzani, M., Schrittwieser, S., Leithner, M., Huber, M., Weippl, E.: Dark clouds on the horizon: using cloud storage as attack vector and online slack space. In: Proceedings of the 20th USENIX Conference on Security, San Fransisco, CA, p. 5. USENIX Association, Berkeley, 8–12 August 2011

    Google Scholar 

  31. Gong, C., Liu, J., Zhang, Q., Chen, H., Gong, Z.: The characteristics of cloud computing. In: Proceedings of the 2010 39th International Conference on Parallel Processing Workshop, San Diego, CA, pp. 275–279. IEEE Computer Society, Washington, DC, 13-16 September 2010

    Google Scholar 

  32. Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: Proceedings of the 2nd IEEE International Conference on Cloud Computing Technology and Science, Indianapolis, Indiana, USA, pp. 693 – 702. IEEE Computer Society, UK, 30 November–3 December 2010

    Google Scholar 

  33. Islam, S., Mouratidis, H., Weippl, E.: A goal-driven risk management approach to support security and privacy analysis of cloud-based system. In: Security Engineering for Cloud Computing: Approaches and Tools. IGI global publication (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cultural Informatics Laboratory, Department of Cultural Technology and Communication, University of the Aegean, Aegean, Greece

    Christos Kalloniatis

Authors
  1. Christos Kalloniatis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christos Kalloniatis .

Editor information

Editors and Affiliations

  1. Karlstad University, Karlstad, Sweden

    Simone Fischer-HĂĽbner

  2. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  3. University of Malaga, Málaga, Spain

    Javier LĂłpez

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Kalloniatis, C. (2015). Designing Privacy-Aware Systems in the Cloud. In: Fischer-HĂĽbner, S., Lambrinoudakis, C., LĂłpez, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22906-5_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22905-8

  • Online ISBN: 978-3-319-22906-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation