Abstract
We describe a privacy manager for cloud computing, which reduces the risk to the cloud computing user of their private data being stolen or misused, and also assists the cloud computing provider to conform to privacy law. We describe different possible architectures for privacy management in cloud computing; give an algebraic description of obfuscation, one of the features of the privacy manager; and describe how the privacy manager might be used to protect private metadata of online photos.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Regulation of Investigatory Powers Act, Part II, s 28, UK (2000)
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act, Title V, s 505 (2001)
Organization for Economic Co-operation and Development (OECD): Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data. OECD, Geneva (1980)
EU Data Protection Directive (95/46/EC) (1995)
Salmon, J.: Clouded in uncertainty – the legal pitfalls of cloud computing. Computing magazine, September 24 (2008), http://www.computing.co.uk/computing/features/2226701/clouded-uncertainty-4229153
Mowbray, M.: The Fog over the Grimpen Mire: Cloud Computing and the Law. Scripted Journal of Law, Technology and Society 6(1) (April 2009)
Pearson, S. (ed.): Trusted Computing Platforms. Prentice-Hall, Englewood Cliffs (2002)
World Wide Web Consortium (W3C): Platform for Privacy Preferences (P3P) Project, http://www.w3.org/P3P
PRIME, Privacy and Identity Management for Europe, https://www.prime-project.eu/
Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Goos, G., Hartmanis, J., van Leeuwen, J. (eds.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. In: IEEE Workshop on Data and Expert Systems Applications, pp. 377–382. IEEE Computer Society Press, Washington (2003)
Casassa Mont, M., Thyne, R.: A systemic approach to automate privacy policy enforcement in enterprises. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 118–134. Springer, Heidelberg (2006)
Mowbray, M., Pearson, S.: A client-based privacy manager for cloud computing. In: COMSWARE 2009. ACM, New York (2009)
Trusted Computing Group: Trusted Platform Module (TPM) Specifications (2009), https://www.trustedcomputinggroup.org/specs/TPM/
Pearson, S.: Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 305–320. Springer, Heidelberg (2005)
Dalton, C., Plaquin, D., Weidner, W., Kuhlmann, D., Balacheff, B., Brown, R.: Trusted virtual platforms: a key enabler for converged client devices. In: ACM SIGOPS Operating Systems Review, vol. 43(1), pp. 36–43. ACM, New York (2009)
Gritzalis, D., Moulinos, K., Kostis, K.: A privacy-enhancing e-business model based on infomediaries. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 72–83. Springer, Heidelberg (2001)
Otemba project: The Reasons for Otemba’s Existence, http://sourceforge.net/apps/trac/otemba/wiki/Reasons%20for%20existence
Yao, A.C.: How to Generate and Exchange Secrets. In: 27th Symposium of Foundations of Computer Science (FoCS), pp. 162–167. IEEE Press, New York (1986)
Gentry, C.: Fully Homomorphic Encryption Using Ideal Lattices. In: 41st ACM Symposium on Theory of Computing, Bethesda, Maryland, USA, May 31-June 2 (2009), pp. 169–178 (2009)
Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)
Lindell, Y., Pinkas, B.: Privacy Preserving Data Mining. J. Cryptology 15(3), 151–222 (2002)
Liu, K.: Privacy Preserving Data Mining Bibliography, http://www.cs.umbc.edu/~kunliu1/research/privacy_review.html
Dean, J., Ghemawat, S.: Map Reduce: Simplified data processing on large clusters. Communications of the ACM 51(1) (2008)
Date, C.J.: A guide to the SQL standard. Addison-Wesley Longman Publishing Co., Boston (1986)
Narayanan, A., Shmatikov, V.: Obfuscated Databases and Group Privacy. In: Proceedings of the 12th ACM conference on Computer and Communications Security, pp. 102–111
Rivest, R., Adelman, L., Dertouzos, M.L.: On data banks and privacy homomorphisms. In: DeMillo, R.A., et al. (eds.) Foundations of Secure Computation, pp. 168–179. Academic Press, New York (1978)
Amazon Web Services LLC: Case Studies: TC3 Health, http://aws.amazon.com/solutions/case-studies/tc3-health/
Wayner, P.: Translucent Databases, Flyzone Press (2002)
Bertino, E., Ferrari, E.: Secure and Selective Dissemination of XML Documents. In: Proc. TISSEC, pp. 290–331. ACM, New York (2002)
Miklau, G., Suciu, D.: Controlling Access to Published Data Using Cryptography. In: VLDB, VLDB Endowment (2003)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proc. VLDB, VLDB Endowment, pp. 143-154 (2002)
IBM: IBM Tivoli Privacy Manager for e-Business (2009), http://www-01.ibm.com/software/tivoli/products/privacy-mgr-e-bus/
Casassa Mont, M., Pearson, S.: An Adaptive Privacy Management System for Data Repositories. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LMXS, vol. 3592, pp. 236–245. Springer, Heidelberg (2005)
Salesforce.com, Inc.: Sales Force Automation, http://www.salesforce.com/products/sales-force-automation/
Haimes, Y.Y.: Risk Modeling, Assessment, and Management. Systems, Man, and Cybernetics, Part C: Applications and Reviews 29(2), 315 (1999)
Despotovic, Z., Aberer, K.: P2P reputation management: Probabilistic estimation vs. social networks. Management in Peer-to-Peer Systems, Computer Networks 50(4), 485–500 (2006)
EnCoRe: EnCoRe: Ensuring Consent and Revocation, http://www.encore-project.info
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pearson, S., Shen, Y., Mowbray, M. (2009). A Privacy Manager for Cloud Computing. In: Jaatun, M.G., Zhao, G., Rong, C. (eds) Cloud Computing. CloudCom 2009. Lecture Notes in Computer Science, vol 5931. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10665-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-10665-1_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10664-4
Online ISBN: 978-3-642-10665-1
eBook Packages: Computer ScienceComputer Science (R0)