Abstract
With the emergence of the cloud computing paradigm, the personal data usage has raised several privacy concerns like the lack of user control, the non-compliance with the user’s preferences and/or regulations, the difficulty of the data flow tracking, etc. In particular, one unsolved problem is to ensure that customers data usage policies are enforced, regardless of who accesses the data, how they are processed, where are the data stored, transferred and duplicated. This issue calls for two requirements to be satisfied. First, data should be handled in accordance with both owners’ preferences and regulations policies whenever it exists in the cloud and throughout its lifetime. Second, a consistent data flow tracking should be maintained to follow up the data derivation. Toward addressing these issues, we propose in this paper a hybrid approach to protect private data in the cloud. We propose the PriArmor data content for self-defending data when stored or transferred in the cloud and the PriArmor agent that acts as an armor for its privacy protection when processed by the cloud-based services. To facilitate the policy specification, we propose a novel privacy ontology model that drives the data owner to express his privacy requirements and to consider the regulations policies. Finally, we present the implementation details as well as a demonstration that shows flexibility and efficiency of our approach.
Keywords
This is a preview of subscription content, log in via an institution.
References
Hashem, I.A.T., Yaqoob, I., Anuar, N.B., Mokhtar, S., Gani, A., Khan, S.U.: The rise of “big data” on cloud computing: review and open research issues. Inf. Syst. 47, 98–115 (2015)
Ghorbel, A., Ghorbel, M., Jmaiel, M.: Privacy in cloud computing environments: a survey and research challenges. J. Supercomput. 1–38 (2017)
EU Directive: 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Offcial J. EC 23(6) (1995)
Moses, T.: Extensible access control markup language (XACML) version 2.0. Oasis Standard, 200502 (2005)
Trabelsi, S., Njeh, A., Bussard, L., Neven, G.: PPL engine: a symmetric architecture for privacy policy handling. In: W3C Workshop on Privacy and data usage control, vol. 4, no. 5, October 2010
Uszok, A., Bradshaw, J., Jeffers, R., Suri, N., Hayes, P., Breedy, M., Bunch, L., Johnson, M., Kulkarni, S., Lott, J.: KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement. In: Proceedings of the IEEE 4th International Workshop on Policies for Distributed Systems and Networks, POLICY 2003, pp. 93–96. IEEE, June 2003
Harvan, M., Pretschner, A.: State-based usage control enforcement with data flow tracking using system call interposition. In: Third International Conference on Network and System Security, NSS 2009, pp. 373–380. IEEE, October 2009
Chen, L., Mitchell, C.J., Martin, A. (eds.): Trust 2009. LNCS, vol. 5471. Springer, Heidelberg (2009)
McGuinness, D.L., Van Harmelen, F.: OWL web ontology language overview. W3C recommendation, vol. 10, 10 February 2004
Geambasu, R., Kohno, T., Levy, A.A., Levy, H.M.: Vanish: increasing data privacy with self-destructing data. In: USENIX Security Symposium, pp. 299–316, August 2009
Provos, N.: Improving host security with system call policies. In: Usenix Security, vol. 3, p. 19, August 2003
Rahmouni, H.B.: Ontology based privacy compliance for health data disclosure in Europe. Doctoral dissertation, University of the West of England, Bristol (2011)
Papanikolaou, N., Pearson, S., Mont, M.C., Ko, R.K.: A toolkit for automating compliance in cloud computing services. Int. J. Cloud Comput. 2 3(1), 45–68 (2014)
Squicciarini, A.C., Petracca, G., Bertino, E.: Adaptive data protection in distributed systems. In: Proceedings of the Third ACM Conference on Data and Application security and privacy pp. 365–376. ACM, February 2013
Angin, P., Bhargava, B., Ranchal, R., Singh, N., Linderman, M., Othmane, L.B., Lilien, L.: An entity-centric approach for privacy and identity management in cloud computing. In: 2010 29th IEEE Symposium on Reliable Distributed Systems, pp. 177–183. IEEE, October 2010
Betgé-Brezetz, S., Kamga, G.B., Dupont, M.P., Guesmi, A.: Privacy control in cloud VM file systems. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 2, pp. 276–280. IEEE, December 2013
Betgé-Brezetz, S., Kamga, G.B., Ghorbel, M., Dupont, M.P.: Privacy control in the cloud based on multilevel policy enforcement. In: 2012 IEEE 1st International Conference on Cloud Networking (CLOUDNET), pp. 167–169. IEEE, November 2012
Castiglione, A., Pizzolante, R., De Santis, A., Carpentieri, B., Castiglione, A., Palmieri, F.: Cloud-based adaptive compression and secure management services for 3D healthcare data. Future Gener. Comput. Syst. 43, 120–134 (2015)
Gosman, C., Cornea, T., Dobre, C., Pop, F., Castiglione, A.: Controlling and filtering users data in intelligent transportation system. Future Gener. Comput. Syst. (2016)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Ghorbel, A., Ghorbel, M., Jmaiel, M. (2017). A Hybrid Approach for Private Data Protection in the Cloud. In: Au, M., Castiglione, A., Choo, KK., Palmieri, F., Li, KC. (eds) Green, Pervasive, and Cloud Computing. GPC 2017. Lecture Notes in Computer Science(), vol 10232. Springer, Cham. https://doi.org/10.1007/978-3-319-57186-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-57186-7_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-57185-0
Online ISBN: 978-3-319-57186-7
eBook Packages: Computer ScienceComputer Science (R0)