Abstract
Cloud Computing lifts the borders between the access control domain of individuals’ and companies’ IT systems by processing their data within the application frameworks and virtualized runtime environments of Cloud service providers. A deployment of traditional security policies for enforcing confidentiality of Cloud users’ data would lead to a conflict with the availability of the Cloud’s software services: confidentiality of data would be assured but Cloud services would not be available for every user of a Cloud. This state-of-the-art contribution shows the analogy of the confidentiality of external data processing by Cloud services with mechanisms known and applied in privacy. Sustainability in Cloud is a matter of privacy, which in Cloud is called “isolation”.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Accorsi A (2008) Automated privacy audits to complement the notion of control for identity management. In: Fischer-Hübner S, Tseng JC, Borking J (eds) Proc of first IFIP conference on policies and research in identity management (IDMAN’07), Rotterdam
Alpern B, Schneider F (1985) Defining liveness. Inf Process Lett 21(4):181–185
Anderson JP (1972) Computer security technology planning study. Technical report ESD-TR-73-51, Electronic system division/AFSC, Bedford, MA
Armbrust M, Fox A, Griffith R, Joseph A, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I, Zaharia M (2010) A view of cloud computing. Commun ACM 53(4):50–58
Ashley P, Hada S, Karjoth G, Powers C, Schunter M (2003) Enterprise privacy authorization language (EPAL 1.2). http://www.w3.org/Submission/EPAL/. Accessed 2011-02-10
Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: Symposium on security and privacy, Oakland
Bogetoft P, Christensen DL, Damgard I, Geisler M, Jakobsen T, Krogaard M, Nielsen JD, Nielsen JB, Nielsen K, Pagter J, Schwartzbach M, Toft T (2009) Secure multiparty computation goes live. In: Dingledine R, Golle P (eds) Financial cryptography and data security, Barbados
Bundesverfassungsgericht (1983) Volkszählungsurteil. In: Entscheidungen des Bundesverfassungsgerichts. Urteil vom 1983-12-15.Az.: 1 BvR 209/83; NJW 84, 419
Buneman P, Khanna S, Tan WC (2001) Why and where: a characterization of data provenance. In: 8th int conf on database theory, London
Camenisch J, van Herreweghen E (2002) Design and implementation of the idemix anonymous credential system. In: Proc of the 9th ACM conf on computer and communications security, Washington, DC
Camenisch J, Shelat A, Sommer D, Fischer-Hübner S, Hansen M, Krasemann H, Lacoste G, Leenes R, Tseng J (2005) Privacy and identity management for everyone. In: Proc of the 2005 workshop on digital identity management, DIM 05, Fairfax, VA
Casassa MM, Pearson S (2005) An adaptive privacy management system for data repositories. In: Katsikas SK, Lopez J, Pernul G (eds) TrustBus 2005, Copenhagen
Chaum D (1985) Security without identification: transaction systems to make big brother obsolete. Commun ACM 28(10):1030–1077
Cox IJ, Miller ML, Bloom JA, Fridrich J, Kalker T (2008) Digital watermarking and steganography. Morgan Kaufmann, Los Altos
Cranor L, Langheinrich M, Marchiori M, Presler-Marshall M, Reagle J (2002) The platform for privacy preferences 1.0 (P3P1.0) specification. http://www.w3.org/TR/P3P. Accessed 2011-02-10
Ellison G (ed) (2005) Liberty. ID-WSF security mechanisms version: 1.2. Liberty alliance project. http://www.projectliberty.org/specs/liberty-idwsf-security-mechanisms-v1.2.pdf. Accessed 2011-02-10
Erdos M, Cantor S (2004) Shibboleth-Architecture DRAFT v05. http://shibboleth.internet2.edu/docs/draft-internet2-shibboleth-arch-v05.pdf. Accessed 2011-02-10
Etalle S, Winsborough WH (2007) A posteriori compliance control. In: ACM SACMAT’07, Nice-Sophia Antipolis
European Commission (1995) Directive 95/46/EC of the European parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities, L 281(395L0046):31–50
European Commission (2002) Directive 2002/58/EC of the European parliament and of the council of 12 July 2002 concerning the protection of personal data and the protection of privacy in the electronic communications sector (directive on privacy and electronic communications). Official Journal of the European Commission L201:37–47
Ford W, Baum M (1997) Secure electronic commerce. Prentice-Hall, New York
Goldreich O, Micali S, Wigderson A (1987) How to play ANY mental game. In: Aho AV (ed) Proc of the 19th annual ACM symposium on theory of computing (STOC’87), New York
Haas S, Wohlgemuth S, Echizen I, Sonehara N, Müller G (2010) Aspects of privacy for electronic health records. International Journal of Medical Informatics for its special issue on security. http://dx.doi.org/10.1016/j.ijmedinf.2010.10.001
Harrison MA, Ruzzo WL, Ullman JD (1976) Protection in operating systems. Commun ACM 19(8):461–471
Hilty M, Basin D, Pretschner A (2005) On obligations. In: European symp on research in computer security (ESORICS 2005), Milan
Karjoth G, Schunter M, Waidner M (2002) Privacy-enabled services for enterprises. In: 13th int workshop on database and expert systems applications, Aix-En-Provence
Karjoth G, Schunter M, Waidner M (2003) Platform for enterprise privacy practices: privacy-enabled management of customer data. In: 2nd workshop on privacy enhancing technologies (PET 2002), San Francisco
Kerschbaum F (2008) Building a privacy-preserving benchmarking enterprise system. Enterprise Information Systems 2(4):421–441
Namiri K, Stojanovic N (2007) Using control patterns in business processes compliance. In: Int conf on web information systems engineering (WISE), New York
Mather T, Kumaraswamy S, Latif S (2009) Cloud security and privacy: an enterprise perspective on risks and compliance. O’Reilly, Sebastopol
Müller G, Accorsi R, Höhn S, Sackmann S (2010) Sichere Nutzungskontrolle für mehr Transparenz in Finanzmärkten. Informatik-Spektrum 33(1):3–14
Organisation for Economic Co-operation and Development (1980) OECD guidelines on the protection of privacy and transborder flows of personal data. http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html. Accessed 2011-02-10
Park J, Sandhu R (2004) The UCONABC usage control model. 24th ACM Transactions on Information and System Security 7(1):128–174
Povey D (1999) Optimistic security: a new access control paradigm. In: ACM new security paradigm workshop’99, Caledon Hills
Pretschner A, Hilty M, Basin D (2006) Distributed usage control. Commun ACM 49(9):39–44
Roßnagel A (2005) Modernisierung des Datenschutzrechts für eine Welt allgegenwärtiger Datenverarbeitung Multimedia und Recht 8(2)
Sackmann S, Strüker J, Accorsi R (2006) Personalization in privacy-aware highly dynamic systems. Commun ACM 49(9):32–38
Sackmann S (2007) Personalization and privacy in ubiquitous computing – resolving the conflict by legally binding commitments. In: IEEE conference on E-commerce technology (CEC’07), Tokyo
US Department of health & human services (1996) Health insurance portability and accountability act of 1996 privacy rule. http://www.cms.hhs.gov/HIPAAGenInfo. Accessed 2011-02-10
Smith RE (1993) The law of privacy in a nutshell. Privacy Journal 19(6):50–51
Wason T (ed) (2004) Liberty ID-FF architecture overview version: 1.2. Liberty alliance project. http://www.projectliberty.org/specs/liberty-idff-arch-overview-v1.2.pdf. Accessed 2011-02-10
Westin A (1967) Privacy and freedom. Atheneum, New York
Wohlgemuth S (2008) Privatsphäre durch die Delegation von Rechten. Vieweg+Teubner, Wiesbaden
Wohlgemuth S, Jendricke U, Gerd tom Markotten D, Dorner F, Müller G (2004) Sicherheit und Benutzbarkeit durch Identitätsmanagement. In: Spath D, Haasis K (eds) Tagungsband zum doIT Software-Forschungstag 2003, Stuttgart
Wohlgemuth S, Müller G, (2006) Privacy with delegation of rights by identity management. In: Emerging trends in information and communication security (ETRICS 2006), Freiburg i.Br.
Acknowledgements
This work was funded by the FIT-NII-Postdoctoral-Program of the German Academic Exchange Service (DAAD) and is a result of the Japanese-European Institute for Security (JEISec) at the National Institute of Informatics (Japan). The authors also gratefully acknowledge the helpful comments and suggestions of the reviewers, which have improved the article.
Author information
Authors and Affiliations
Corresponding author
Additional information
Accepted after four revisions by Prof. Dr. Buxmann.
This article is also available in German in print and via http://www.wirtschaftsinformatik.de: Sonehara N, Echizen I, Wohlgemuth S (2011) Isolation in Cloud-Computing und Mechanismen zum Schutz der Privatsphäre. Eignung von Mechanismen zum Schutz der Privatsphäre für die Trennung der Datenverarbeitung in Geschäftsprozessen. WIRTSCHAFTSINFORMATIK. doi: 10.1007/s11576-011-0274-2.
Rights and permissions
About this article
Cite this article
Sonehara, N., Echizen, I. & Wohlgemuth, S. Isolation in Cloud Computing and Privacy-Enhancing Technologies. Bus Inf Syst Eng 3, 155–162 (2011). https://doi.org/10.1007/s12599-011-0160-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12599-011-0160-x