Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Selected Cloud Security Patterns to Improve End User Security and Privacy in Public Clouds

  • Conference paper
  • First Online:
Privacy Technologies and Policy (APF 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9857))

Included in the following conference series:

Abstract

Cloud computing has the potential to dramatically reduce the cost and complexity of provisioning information technology resources for end users. However, to make it secure and privacy-preserving for end users, additional technical safeguards must be added—the application of strong cryptography is such a safeguard. The Horizon 2020 project PRISMACLOUD surveys and advances several cryptographic protocols and primitives usable to cryptographically address common cloud security and privacy issues. The cryptographic functionality will entirely be encapsulated in five configurable tools, from which cloud services providing end-to-end security can be constructed. This approach relieves cloud service designers from dealing with the complex and error prone correct application of cryptographic functionality and shall spark the emergence of a multitude of privacy and security preserving cloud applications for the benefit of the end-users—who will no longer have to rely on contractual and legal instruments for ensuring, that privacy and security is enforced by cloud providers on their behalf. In order to support the privacy-by-design development of the tools, we developed several cloud security patterns for common critical situations in the cloud—in the three fields of data storage in the cloud, user privacy protection and data minimisation, and authentication of stored and processed data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The authors’ work is supported by the European Union Horizon 2020 research activity n\(\circ \) 644962 Prismacloud: “Privacy and security maintaining services in the cloud” [17]; duration 2/2015–7/2018; 16 partners; https://www.prismacloud.eu.

  2. 2.

    It is now, that cloud providers have started to host their data centers in multiple locations world-wide, including Asia, South America, and countries of the European Union (see e.g. Amazon: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html). Nevertheless, the headquarters and main installations of these businesses are certainly under U.S. American jurisdiction and it is at least possible that data, in whichever form and state of aggregation, might be consolidated with data residing in the U.S.A.

  3. 3.

    The other patterns can be studied in the public Prismacloud deliverable D2.2 “Domain independent generic security models”, available on the project web site www.prismacloud.eu.

  4. 4.

    The entire book, 1218 pages, can be downloaded as pdf from archive.org/details/ APatternLanguage.

  5. 5.

    https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/IPEN.

  6. 6.

    ibid.

  7. 7.

    www.munawarhafiz.com/securitypatterncatalog/index.php. Munawar Hafiz is also author of several papers on security patterns, e.g. [15], which presents “4 design patterns that can aid the decision making process for the designers of privacy protecting systems”.

  8. 8.

    www.pripareproject.eu.

  9. 9.

    For a more detailed description of all cloud security patterns we want to direct the attention to Prismacloud deliverable D2.2 “Domain independent generic security models”, available on the project web site www.prismacloud.eu.

  10. 10.

    Whenever the signature mathematically still depends on some removed data, like in hash trees, they cryptographically do not offer a sophisticated level of privacy [3].

References

  1. Alexander, C., Ishikawa, S., Silverstein, M.: A Pattern Language: Towns, Buildings, Construction. Oxford University Press, Oxford (1977)

    Google Scholar 

  2. Backes, M., Datta, A., Kate, A.: Asynchronous computational VSS with reduced communication complexity. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 259–276. Springer, Heidelberg (2013). http://dx.doi.org/10.1007/978-3-642-36095-4_17

    Chapter  Google Scholar 

  3. Brzuska, C., Pöhls, H.C., Samelin, K.: Non-interactive public accountability for sanitizable signatures. In: De Capitani di Vimercati, S., Mitchell, C. (eds.) EuroPKI 2012. LNCS, vol. 7868, pp. 178–193. Springer, Heidelberg (2013). http://dx.doi.org/10.1007/978-3-642-40012-4_12

    Chapter  Google Scholar 

  4. Buchmann, J., Demirel, D., Happe, A., Krenn, S., Lorünser, T., Traverso, G.: PRISMACLOUD D4.1: secret sharing protocols for various adversary models (2015). www.prismacloud.eu. H2020 project PRISMACLOUD deliverable

  5. Camenisch, J., Herreweghen, E.V.: Design and implementation of the idemix anonymous credential system. In: ACM CCS, pp. 21–30. ACM (2002). http://doi.acm.org/10.1145/586110.586114

  6. Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.H., Le Mtayer, D., Tirtea, R., Schiffner, S.: Privacy and data protection by design. Technical report, European Union Agency for Network and Information Security (ENISA) (2015)

    Google Scholar 

  7. Doty, N., Gupta, M.: Privacy design patterns and anti-patterns. In: Workshop “A Turn for the Worse: Trustbusters for User Interfaces Workshop” at SOUPS 2013 Newcastle, UK (2013)

    Google Scholar 

  8. ENISA European Union Agency for Network and Information Security: Cloud computing repository. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing. 31 Mar 2015

  9. ENISA European Union Agency for Network and Information Security: Cloud computing; Benefits, risks and recommendations for information security; Rev. B., December 2012. https://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport. 1 Mar 2016

  10. European Commission: Establishing Horizon 2020 - The Framework Programme for Research and Innovation (2012). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52011PC0809:EN:NOT. 1 June 2016

  11. European Commission: European Cloud Computing Strategy “Unleashing the Potential of Cloud Computing in Europe” (2012). http://ec.europa.eu/digital-agenda/en/european-cloud-computing-strategy. 31 Mar 2015

  12. European Commission: Technology readiness levels (TRL) (2014). http://ec.europa.eu/research/participants/data/ref/h2020/wp/2014_2015/annexes/h2020-wp.1415-annex-g-trl_en.pdf. 1 June 2016

  13. Forbes magazine: Roundup of cloud computing forecasts and market estimates Q3 update (2015). http://www.forbes.com/sites/louiscolumbus/2015/09/27/roundup-of-cloud-computing-forecasts-and-market-estimates-q3-update-2015/#35e2a3576c7a. 1 Mar 2016

  14. Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Boston (1994). ISBN: 0-201-63361-2

    Google Scholar 

  15. Hafiz, M.: A collection of privacy design patterns. In: Proceedings of the 2006 Conference on Pattern Languages of Programs, PLoP 2006, pp. 7:1–7:13. ACM, New York (2006). http://doi.acm.org/10.1145/1415472.1415481

  16. Lorünser, T., Länger, T., Slamanig, D.: Cloud security and privacy by design. In: Katsikas, K.S., Sideridis, B.A. (eds.) E-Democracy 2015. CCIS, vol. 570, pp. 202–206. Springer, Heidelberg (2015). http://dx.doi.org/10.1007/978-3-319-27164-4_16

    Chapter  Google Scholar 

  17. Lorünser, T., et al.: Towards a new paradigm for privacy and security in cloud services. In: Cleary, F., Felici, M. (eds.) CSP Forum 2015. CCIS, vol. 530, pp. 14–25. Springer, Heidelberg (2015). doi:10.1007/978-3-319-25360-2_2

    Chapter  Google Scholar 

  18. Lorünser, T., Slamanig, D., Länger, T., Pöhls, H.C.: PRISMACLOUD tools: a cryptographic toolbox for increasing security in cloud services. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES 2016). IEEE (2016) (to be published Sept 2016)

    Google Scholar 

  19. Miyazaki, K., Hanaoka, G., Imai, H.: Digitally signed document sanitizing scheme based on bilinear maps. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2006, pp. 343–354. ACM, New York (2006). http://doi.acm.org/10.1145/1128817.1128868

  20. Müller-Quade, J., Unruh, D.: Long-term security and universal composability. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 41–60. Springer, Heidelberg (2007). http://dx.doi.org/10.1007/978-3-540-70936-7_3

    Chapter  Google Scholar 

  21. Pöhls, H.C., Höhne, F.: The role of data integrity in EU digital signature legislation — achieving statutory trust for sanitizable signature schemes. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 175–192. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Pöhls, H.C., Samelin, K.: On updatable redactable signatures. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 457–475. Springer, Heidelberg (2014)

    Google Scholar 

  23. PRWeb: A Cloud Computing Forecast Summary for 2013–2017 from IDC, Gartner and KPMG, citing a study by Accenture (2013). http://www.prweb.com/releases/2013/11/prweb11341594.htm. 31 Mar 2015

  24. RightScale Inc.: State of the Cloud Report (2015). http://assets.rightscale.com/uploads/pdfs/RightScale-2015-State-of-the-Cloud-Report.pdf. 31 Mar 2015

  25. Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns - Integrating Security and Systems Engineering. Wiley, West Sussex (2006)

    Google Scholar 

  26. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979). http://doi.acm.org/10.1145/359168.359176

    Article  MathSciNet  MATH  Google Scholar 

  27. The Economist Intelligence Unit: Mapping the cloud maturity curve, May 2015. http://www.economistinsights.com/analysis/mapping-cloud-maturity-curve. 31 Mar 2015

  28. Transparency Market Research: Cloud Computing Services Market - Global Industry Size, Share, Trends, Analysis and Forecasts 2012–2018 (2012). http://www.transparencymarketresearch.com/cloud-computing-services-market.html. 31 Mar 2015

  29. Van Geelkerken, F., Pöhls, H.C., Fischer-Hübner, S.: The legal status of malleable- and functional signatures in light of Regulation (EU) No. 910/2014. In: Proceedings of 3rd International Academic Conference of Young Scientists on Law & Psychology 2015 (LPS 2015), pp. 404–410. L’viv Polytechnic Publishing House, November 2015. https://drive.google.com/file/d/0B-Yu3Ni9z3PXM2lBajhCXzhoWk0/view

Download references

Author information

Authors and Affiliations

  1. Swiss Cybersecurity Advisory and Research Group (SCARG), Université de Lausanne, Lausanne, Switzerland

    Thomas Länger & Solange Ghernaouti

  2. Institute of IT-Security and Security Law (ISL), Universität Passau, Passau, Germany

    Henrich C. Pöhls

Authors
  1. Thomas Länger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Henrich C. Pöhls
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Solange Ghernaouti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Länger .

Editor information

Editors and Affiliations

  1. ENISA , Athens, Greece

    Stefan Schiffner

  2. Goethe University Frankfurt am Main , Frankfurt, Germany

    Jetzabel Serna

  3. ENISA , Athens, Greece

    Demosthenes Ikonomou

  4. Goethe University Frankfurt am Main , Frankfurt, Germany

    Kai Rannenberg

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Länger, T., Pöhls, H.C., Ghernaouti, S. (2016). Selected Cloud Security Patterns to Improve End User Security and Privacy in Public Clouds. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2016. Lecture Notes in Computer Science(), vol 9857. Springer, Cham. https://doi.org/10.1007/978-3-319-44760-5_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-44760-5_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-44759-9

  • Online ISBN: 978-3-319-44760-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation