Zusammenfassung
Cloud-Computing hebt die Grenzen des Zugriffskontrollbereichs der IT-Systeme von Nutzern einer Cloud auf, da ihre Daten außerhalb ihrer IT-Systeme und innerhalb der Anwendungsumgebungen und virtuellen Laufzeitumgebungen von Dienstanbietern von Clouds für die Ausführung der Geschäftsprozesse der Cloud-Nutzer verarbeitet werden. Eine Anwendung von traditionellen Sicherheitspolitiken für die Durchsetzung der Vertraulichkeit von Daten der Cloud-Nutzer würde zu einem Konflikt mit der Verfügbarkeit der Cloud-Dienste führen: die Vertraulichkeit der Nutzerdaten wäre durchgesetzt, jedoch würde die Verfügbarkeit der Cloud-Dienste für alle Nutzer nicht gegeben sein. In Bezug auf die Vertraulichkeit der externen Datenverarbeitung durch Cloud-Dienste zeigt dieser State-of-the-Art-Beitrag die Analogie zu bekannten und angewendeten Mechanismen zum Schutz der Privatsphäre auf. Nachhaltigkeit in Cloud-Computing ist eine Frage des Schutzes der Privatsphäre, welche im Cloud-Computing als „Isolation“ bezeichnet wird.
Abstract
Cloud Computing lifts the borders between the access control domain of individuals’ and companies’ IT systems by processing their data within the application frameworks and virtualized runtime environments of Cloud service providers. A deployment of traditional security policies for enforcing confidentiality of Cloud users’ data would lead to a conflict with the availability of the Cloud’s software services: confidentiality of data would be assured but Cloud services would not be available for every user of a Cloud. This state-of-the-art contribution shows the analogy of the confidentiality of external data processing by Cloud services with mechanisms known and applied in privacy. Sustainability in Cloud is a matter of privacy, which in Cloud is called “isolation”.
This is a preview of subscription content, log in via an institution to check access.
Literatur
Accorsi A (2008) Automated privacy audits to complement the notion of control for identity management. In: Fischer-Hübner S, Tseng JC, Borking J (Hrsg) Proc of first IFIP conference on policies and research in identity management (IDMAN’07), Rotterdam
Alpern B, Schneider F (1985) Defining liveness. Inf Process Lett 21(4):181–185
Anderson JP (1972) Computer security technology planning study. Technical report ESD-TR-73-51, Electronic system division/AFSC, Bedford, MA
Armbrust M, Fox A, Griffith R, Joseph A, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I, Zaharia M (2010) A view of cloud computing. Commun ACM 53(4):50–58
Ashley P, Hada S, Karjoth G, Powers C, Schunter M (2003) Enterprise privacy authorization language (EPAL 1.2). http://www.w3.org/Submission/EPAL/. Abruf am 2011-02-10
Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: Symposium on security and privacy, Oakland
Bogetoft P, Christensen DL, Damgard I, Geisler M, Jakobsen T, Krogaard M, Nielsen JD, Nielsen JB, Nielsen K, Pagter J, Schwartzbach M, Toft T (2009) Secure multiparty computation goes live. In: Dingledine R, Golle P (Hrsg) Financial cryptography and data security, Barbados
Bundesverfassungsgericht (1983) Volkszählungsurteil. In: Entscheidungen des Bundesverfassungsgerichts. Urteil vom 1983-12-15.Az.: 1 BvR 209/83; NJW 84, 419
Buneman P, Khanna S, Tan WC (2001) Why and where: a characterization of data provenance. In: 8th int conf on database theory, London
Camenisch J, van Herreweghen E (2002) Design and implementation of the idemix anonymous credential system. In: Proc of the 9th ACM conf on computer and communications security, Washington, DC
Camenisch J, Shelat A, Sommer D, Fischer-Hübner S, Hansen M, Krasemann H, Lacoste G, Leenes R, Tseng J (2005) Privacy and identity management for everyone. In: Proc of the 2005 workshop on digital identity management, DIM 05, Fairfax, VA
Casassa MM, Pearson S (2005) An adaptive privacy management system for data repositories. In: Katsikas SK, Lopez J, Pernul G (Hrsg) TrustBus 2005, Copenhagen
Chaum D (1985) Security without identification: transaction systems to make big brother obsolete. Commun ACM 28(10):1030–1077
Cox IJ, Miller ML, Bloom JA, Fridrich J, Kalker T (2008) Digital watermarking and steganography. Morgan Kaufmann, Los Altos
Cranor L, Langheinrich M, Marchiori M, Presler-Marshall M, Reagle J (2002) The platform for privacy preferences 1.0 (P3P1.0) specification. http://www.w3.org/TR/P3P. Abruf am 2011-02-10
Ellison G (Hrsg) (2005) Liberty. ID-WSF security mechanisms version: 1.2. Liberty alliance project. http://www.projectliberty.org/specs/liberty-idwsf-security-mechanisms-v1.2.pdf. Abruf am 2011-02-10
Erdos M, Cantor S (2004) Shibboleth-Architecture DRAFT v05. http://shibboleth.internet2.edu/docs/draft-internet2-shibboleth-arch-v05.pdf. Abruf am 2011-02-10
Etalle S, Winsborough WH (2007) A posteriori compliance control. In: ACM SACMAT’07, Nice-Sophia Antipolis
European Commission (1995) Directive 95/46/EC of the European Parlament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities, L 281(395L0046):31-50
European Commission (2002) Directive 2002/58/EC of the European Parlament and of the council of 12 July 2002 concerning the protection of personal data and the protection of privacy in the electronic communications sector (directive on privacy and electronic communications). Official Journal of the European Commission L201:37–47
Ford W, Baum M (1997) Secure electronic commerce. Prentice-Hall, New York
Goldreich O, Micali S, Wigderson A (1987) How to play ANY mental game. In: Aho AV (Hrsg) Proc of the 19th annual ACM symposium on theory of computing (STOC’87), New York
Haas S, Wohlgemuth S, Echizen I, Sonehara N, Müller G (2010) Aspects of privacy for electronic health records. International Journal of Medical Informatics for its special issue on security. http://dx.doi.org/10.1016/j.ijmedinf.2010.10.001
Harrison MA, Ruzzo WL, Ullman JD (1976) Protection in operating systems. Commun ACM 19(8):461–471
Hilty M, Basin D, Pretschner A (2005) On obligations. In: European symp on research in computer security (ESORICS 2005), Milan
Karjoth G, Schunter M, Waidner M (2002) Privacy-enabled services for enterprises. In: 13th int workshop on database and expert systems applications, Aix-En-Provence
Karjoth G, Schunter M, Waidner M (2003) Platform for enterprise privacy practices: privacy-enabled management of customer data. In: 2nd workshop on privacy enhancing technologies (PET 2002), San Francisco
Kerschbaum F (2008) Building a privacy-preserving benchmarking enterprise system. Enterprise Information Systems 2(4):421–441
Namiri K, Stojanovic N (2007) Using control patterns in business processes compliance. In: Int conf on web information systems engineering (WISE). New York
Mather T, Kumaraswamy S, Latif S (2009) Cloud security and privacy: an enterprise perspective on risks and compliance. O’Reilly, Sebastopol
Müller G, Accorsi R, Höhn S, Sackmann S (2010) Sichere Nutzungskontrolle für mehr Transparenz in Finanzmärkten. Informatik-Spektrum 33(1):3–14
Organisation for Economic Co-operation and Development (1980) OECD guidelines on the protection of privacy and transborder flows of personal data. http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html. Abruf am 2011-02-10
Park J, Sandhu R (2004) The UCONABC usage control model. 24th ACM Transactions on Information and System Security 7(1):128–174
Povey D (1999) Optimistic security: a new access control paradigm. In: ACM new security paradigm workshop’99, Caledon Hills
Pretschner A, Hilty M, Basin D (2006) Distributed usage control. Commun ACM 49(9):39–44
Roßnagel A (2005) Modernisierung des Datenschutzrechts für eine Welt allgegenwärtiger Datenverarbeitung Multimedia und Recht 8(2)
Sackmann S, Strüker J, Accorsi R (2006) Personalization in privacy-aware highly dynamic systems. Commun ACM 49(9):32–38
Sackmann S (2007) Personalization and privacy in ubiquitous computing – resolving the conflict by legally binding commitments. In: IEEE conference on E-commerce technology (CEC’07), Tokyo
US Department of health & human services (1996) Health insurance portability and accountability act of 1996 privacy rule. http://www.cms.hhs.gov/HIPAAGenInfo. Abruf am 2011-02-10
Smith RE (1993) The law of privacy in a nutshell. Privacy Journal 19(6):50–51
Wason T (Hrsg) (2004) Liberty ID-FF architecture overview version: 1.2. Liberty alliance project. http://www.projectliberty.org/specs/liberty-idff-arch-overview-v1.2.pdf. Abruf am 2011-02-10
Westin A (1967) Privacy and freedom. Atheneum, New York
Wohlgemuth S (2008) Privatsphäre durch die Delegation von Rechten. Vieweg+Teubner, Wiesbaden
Wohlgemuth S, Jendricke U, Gerd tom Markotten D, Dorner F, Müller G (2004) Sicherheit und Benutzbarkeit durch Identitätsmanagement. In: Spath D, Haasis K (Hrsg) Tagungsband zum doIT Software-Forschungstag 2003, Stuttgart
Wohlgemuth S, Müller G, (2006) Privacy with delegation of rights by identity management. In: Emerging trends in information and communication security (ETRICS 2006), Freiburg i.Br.
Danksagung
Dieser State-of-the-Art-Beitrag ist innerhalb der Förderung des FIT-NII-Postdoktoranden-Programms des Deutschen Akademischen Austausch Dienstes (DAAD) entstanden. Er ist weiterhin ein Ergebnis des Japanese-European Institute for Security (JEISec), das am National Institute of Informatics (Japan) angesiedelt ist. Die Autoren bedanken sich sehr bei den Reviewern für ihre konstruktiven und wertvollen Kommentare, die diesen Beitrag verbessert haben.
Author information
Authors and Affiliations
Corresponding author
Additional information
Angenommen nach vier Überarbeitungen durch Prof. Dr. Buxmann.
This article is also available in English via http://www.springerlink.com and http://www.bise-journal.org: Sonehara N, Echizen I, Wohlgemuth S (2011) Isolation in Cloud Computing and Privacy-Enhancing Technologies. Suitability of Privacy-Enhancing Technologies for Separating Data Usage in Business Processes. Bus Inf Syst Eng. doi: 10.1007/s12599-011-0160-x.
Rights and permissions
About this article
Cite this article
Sonehara, N., Echizen, I. & Wohlgemuth, S. Isolation im Cloud-Computing und Mechanismen zum Schutz der Privatsphäre. WIRTSCHAFTSINFORMATIK 53, 151–158 (2011). https://doi.org/10.1007/s11576-011-0274-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11576-011-0274-2
Schlüsselwörter
- Cloud-Computing
- Weitergabe persönlicher Daten an Dritte
- Isolation
- Privatsphäre
- Nutzungskontrolle
- Delegation von Rechten