Abstract
In the age of cloud computing, IT infrastructure becomes virtualised and takes the form of services. This virtualisation results in an increasing de-perimeterisation, where the location of data and computation is irrelevant from a user’s point of view. This irrelevance means that private and institutional users no longer have a concept of where their data is stored, and whether they can trust in cloud providers to protect their data. In this chapter, we investigate methods for increasing customers’ trust into cloud providers, and suggest a public penetration-testing agency as an essential component in a trustworthy cloud infrastructure.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Abrams, Marshall D., and David Bailey. 1995. Abstraction and refinement of layered security policy . In Information security—An integrated collection of essays, ed. Abrams, Marshall D., S. Jajodia and H.J. Podell, 126–136. New York: IEEE Computer Society Press.
Balboni, Paolo. 2009. Trustmarks in e-commerce. The Hague: Cambridge University Press.
van Cleeff, André, Wolter Pieters, and Roel J. Wieringa. 2010. Benefits of location-based access control: A literature study. Proceedings of the 3rd IEEE/ACM International Conference on Cyber, Physical and Social Computing (CPSCom 2010). Hangzhou: IEEE Computer Society.
van Cleeff, André, and Roel J. Wieringa. 2009. Rethinking de-perimeterisation: Problem analysis and solutions. IADIS International Conference Information Systems, 105–112. Barcelon: IADIS.
Dimkov, Trajce, Wolter Pieters, and Pieter H. Hartel. 2010a. Portunes: representing attack scenarios spanning through the physical, digital and social domain. Proceedings of the Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (ARSPA-WITS’ 10). Revised Selected Papers, 112–129. Lecture Notes in Computer Science (6186). Springer Verlag.
Dimkov, Trajce, André van Cleeff, Wolter Pieters, and Pieter H. Hartel. 2010b. Two methodologies for physical penetration testing using social engineering. Proceedings of the Annual Computer Security Applications Conference (ACSAC), 06–10 Dec 2010, Austin, 399–408.
Edelman, Benjamin. 2011. Adverse selection in online “trust” certifications and search results. Journal Electronic Commerce Research and Applications 10, (1):17–25.
European Data Protection Directive. 1995. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281.
Flechais, Ivan, Jens Riegelsberger, and M. Angela Sasse. 2005. Divide and conquer: The role of trust and assurance in the design of secure socio-technical systems. Proceedings of the 2005 Workshop on New Security Paradigms, NSPW’ 05. New York: ACM.
Floridi, Luciano, and Matteo Turilli. 2011. Cloud computing and its ethical challenges. Paper presented at the Workshop on New Ethical Responsibilities of Internet Service Providers. Hatfield.
Hirsch, Dennis 2011. The law and policy of online privacy: Regulation, self-regulation, or co-regulation? Seattle University Law Review 34 (2). http://ssrn.com/abstract=1758078. Accessed 1 Sept 2011.
Hunker, Jeffrey, and Christian W. Probst. 2011. Insiders and insider threats, an overview of definitions and mitigation techniques. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2 (1): 3–25.
Jansen, Wayne, and Timothy Grance. 2011. Guidelines on security and privacy in public cloud computing, Draft NIST Special Publication, National Institute of Standards and Technology.
Jericho Forum. 2005. Jericho whitepaper. http://www.opengroup.org/projects/jericho/uploads/40/6809/vision_wp.pdf. Accessed 1 Sept 2011.
Mitra, Sramana, and Saurabh Mallik. 2010. Thought leaders in cloud computing: Interview with Mark White, CTO of Deloitte (Part8). www.sramanamitra.com. Accessed 1 Sept 2011.
Pearson, Siani, and Andrew Charlesworth. 2009. Accountability as a way forward for privacy protection in the cloud. Proceedings of the 1st International Conference on Cloud Computing, CloudCom’ 09. Berlin: Springer.
Pieters, Wolter. 2011a. Representing humans in system security models: An actor-network approach. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 2 (1): 75–92.
Pieters, Wolter. 2011b. Security and privacy in the clouds: A bird’s eye view. In Computers, privacy and data protection: An element of choice, ed. Serge Gutwirth, Yves Poullet, Paul De Hert and Ronald Leenes, 445–457. Dordrecht: Springer.
Probst, Christian W., Rene Rydhof Hansen, and Flemming Nielson. 2006. Where can an Insider attack. Proceedings of the 4th international conference on Formal aspects in security and trust, FAST’ 06. Springer.
Probst, Christian W., and Rene Rydhof Hansen. 2008. An extensible analysable system model. Information Security Technical Report, 13 (4): 235–246.
Probst, Christian W., and Jeffrey Hunker. 2010. The risk of risk analysis and its relation to the economics of insider threats. In Economics of information security and privacy, ed. Tyler Moore, David Pym and Christos Ioannidis, 279–299. Springer.
Riegelsberger, Jens, M. Angela Sasse, and John D. McCarthy. 2005. The mechanics of trust: A framework for research and design. International Journal of Human-Computer Studies (Elsevier) 62 (3): 381–422.
Robinson, Neil, Lorenzo Valeri, Jonathan Cave, Tony Starkey, Hans Graux, Sadie Creese, and Paul Hopkins. 2011. The cloud: Understanding the privacy and trust challenges, RAND Europe, Technical Report, 2011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Probst, C., Sasse, M., Pieters, W., Dimkov, T., Luysterborg, E., Arnaud, M. (2012). Privacy Penetration Testing: How to Establish Trust in Your Cloud Provider. In: Gutwirth, S., Leenes, R., De Hert, P., Poullet, Y. (eds) European Data Protection: In Good Health?. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2903-2_12
Download citation
DOI: https://doi.org/10.1007/978-94-007-2903-2_12
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-2902-5
Online ISBN: 978-94-007-2903-2
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)