Abstract
Pushed by recent legislation and smart disclosure initiatives, personal cloud solutions emerge and hold the promise of giving the control back to the individual on her data. However, this shift leaves the privacy and security issues in user’s hands, a role that few people can properly endorse. Considering the inadequacy of existing sharing models, we advocate the definition of a new sharing paradigm dedicated to the personal cloud context. This sharing paradigm, called SWYSWYK (Share What You See with Who You Know), allows to derive intuitive sharing rules from the personal cloud content, to self-administer the subjects and the sensitive permissions, and to visualize the net effects of the sharing policy on the user’s personal cloud. We then propose a reference architecture providing the users tangible guarantees about the enforcement of the SWYSWYK policies. An instance of this architecture has been implemented on top of an existing personal cloud platform to demonstrate the practicality of the approach.
Similar content being viewed by others
Notes
- 1.
- 2.
References
Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, 27 April 2016
Bertino, E., Ghinita, G., Kamra, A.: Access control for databases: concepts and systems. Found. Trends Databases 3(1-2), 1–148 (2011)
Brickley, D., Miller, L.: FOAF vocabulary specification 0.91. TR ILRT Bristol (2007)
Fang, L., LeFevre, K.: Privacy wizards for social networking sites. In: ACM WWW (2010)
Squicciarini, A.C., Sundareswaran, S., et al.: A3P: adaptive policy prediction for shared images over popular content sharing sites. In: ACM Hypertext and Hypermedia (HT) (2011)
Tootoonchian, A., Saroiu, S., Ganjali, Y., Wolman, A.: Lockr: better privacy for social networks. In: Conference Emerging Networking Experiments and Technologies (CoNEXT) (2009)
Van Kleek, M., Smith, D.A., Shadbolt, N., Schraefel, M.C.: A decentralized architecture for consolidating personal information ecosystems: the WebBox. In: PIM (2012)
Seong, S.-W., Seo, J., Nasielski, M., Sengupta, D., et al.: PrPl: a decentralized social networking infrastructure. In: ACM Mobile Cloud Computing & Services (MCS) (2010)
Ali, M., et al.: SeDaSC: secure data sharing in clouds. IEEE Syst. J. 11(2), 395–404 (2015)
Thilakanathan, D., Chen, S., Nepal, S., Calvo, R.A.: Secure data sharing in the cloud. In: Nepal, S., Pathan, M. (eds.) Security, Privacy and Trust in Cloud Systems, pp. 45–72. Springer, Heidelberg (2014). doi:10.1007/978-3-642-38586-5_2
Wang, F., et al.: Cryptographically enforced access control for user data in untrusted clouds. In: USENIX Symposium on Networked Systems Design and Implementation (NSDI) (2016)
Baden, R., Bender, A., Spring, N., et al.: Persona: an online social network with user-defined privacy. In: ACM SIGCOMM Computer Communication Review, vol. 39(4) (2009)
Guha, S., Tang, K., Francis, P.: NOYB: privacy in online social networks. In: ACM Workshop on Online Social Networks (2008)
Yuan, L., et al.: Privacy-preserving photo sharing based on a secure JPEG. In: CCC (2015)
Liu, Y., Gummadi, K.P., Krishnamurthy, B., Mislove, A.: Analyzing facebook privacy settings: user expectations vs. reality. In: ACM SIGCOMM (2011)
Mazurek, M.L., Liang, Y., et al.: Toward strong, usable access control for shared distributed data. In: USENIX Conference on File and Storage Technologies (FAST) (2014)
Wang, L., Wijesekera, D., Jajodia, S.: A Logic-based framework for attribute based access control. In: ACM Workshop on Formal Methods in Security Engineering (FMSE) (2004)
Geambasu, R., Balazinska, M., Gribble, S.D., Levy, H.M.: Homeviews: peer-to-peer middleware for personal data sharing applications. In: ACM SIGMOD (2007)
Carminati, B., Ferrari, E., Perego, A.: Rule-based access control for social networks. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006. LNCS, vol. 4278, pp. 1734–1744. Springer, Heidelberg (2006). doi:10.1007/11915072_80
Mori, J., Sugiyama, T., Matsuo, Y.: Real-world oriented information sharing using social networks. In: ACM SIGGROUP (GROUP) (2005)
Park, J., Sandhu, R.: The UCON ABC usage control model. ACM TISSEC 7(1), 128–174 (2004)
Anciaux, N., Bouganim, L., Pucheral, P., Guo, Y., Le Folgoc, L., Yin, S.: MILo-DB: a personal, secure and portable database machine. DAPD 32(1), 37–63 (2014)
Anciaux, N., Lallali, S., Popa, I.S., Pucheral, P.: A scalable search engine for mass storage smart objects. PVLDB 8(9), 910–921 (2015)
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive (2016)
Alves, T., Felton, D.: Trustzone: integrated hardware and software security. ARM White Pap. (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Tran-Van, P., Anciaux, N., Pucheral, P. (2017). A New Sharing Paradigm for the Personal Cloud. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science(), vol 10442. Springer, Cham. https://doi.org/10.1007/978-3-319-64483-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-64483-7_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64482-0
Online ISBN: 978-3-319-64483-7
eBook Packages: Computer ScienceComputer Science (R0)