Abstract
In this paper, we describe a privacy manager for cloud computing that controls policy-based obfuscation and de-obfuscation of personal, sensitive, or confidential data within cloud service provision. By these means, cloud computing users may reduce the risk of their private data being stolen or misused, and in addition assistance may be given to cloud computing providers in helping them conform to privacy law. We describe different possible architectures for such privacy management in cloud computing, give an algebraic description of obfuscation features provided by the privacy manager, and describe how policies may be defined to control such obfuscation. Furthermore, we assess the performance and scalability of this approach and consider mechanisms to enhance usability. Several examples of how the privacy manager might be used are given, including protection of private metadata associated with online photos and of confidential information contained within share portfolios.
Similar content being viewed by others
References
Pearson S (ed) (2002) Trusted computing platforms. Prentice Hall, Upper Saddle River
UK Government (2000) Regulation of Investigatory Powers Act II:28
US Government (2001) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act V:505
Organization for Economic Co-operation and Development (OECD) (1980) Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data
European Union (1995) EU Data Protection Directive (95/46/EC)
Salmon J (2008) Clouded in uncertainty—the legal pitfalls of cloud computing. In: Computing. Incisive Media Ltd. http://www.computing.co.uk/computing/features/2226701/clouded-uncertainty-4229153. Accessed 4 Nov 2009
Mowbray M (2009) The fog over the grimpen mire: cloud computing and the law. SCRIPT—J Law Technol Soc 6(1):132–146
Wayner P (2002) Translucent databases. Flyzone Press, Baltimore
Bertino E, Ferrari E (2002) Secure and selective dissemination of XML documents. ACM Trans Inf Syst Secur 5(3):290–331
Miklau G, Suciu D (2003) Controlling access to published data using cryptography. In: Proc VLDB, VLDB Endowment, pp 898–909
Agrawal R, Kiernan J, Srikant R, Xu Y (2002) Hippocratic databases. In: Proc VLDB, VLDB Endowment, pp 143–154
IBM (2009): Tivoli Privacy Manager for e-business. http://www-01.ibm.com/software/tivoli/products/privacy-mgr-e-bus/. Accessed 4 Nov 2009
Casassa Mont M, Pearson S (2005) An adaptive privacy management system for data repositories. In: Proc TrustBus. LNCS, vol 3592. Springer, Heidelberg, pp 236–245
Yao AC (1986) How to generate and exchange secrets. In: 27th symposium on foundations of computer science (FoCS). IEEE Press, New York, pp 162–167
Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: 41st ACM symposium on theory of computing (STOC). ACM, New York, pp 169–178
Boneh D, Goh E-J, Nissim K (2005) Evaluating 2-DNF formulas on ciphertexts. In: TCC 2005. LNCS, vol 3378. Springer, Berlin, Heidelberg, pp 325–341
Lindell Y, Pinkas B (2002) Privacy preserving data mining. J Cryptol 15(3):151–222
Liu K (2006) Privacy preserving data mining bibliography. http://www.cs.umbc.edu/~kunliu1/research/privacy_review.html. Accessed 4 Nov 2009
Mowbray M, Pearson S (2009) A client-based privacy manager for cloud computing. In: COMSWARE ’09. ACM, New York
Dean J, Ghemawat S (2008) Map reduce: simplified data processing on large clusters. Commun ACM 51(1):107–113
Date CJ (1986) A guide to the SQL standard. Addison-Wesley Longman, Boston
Amazon Web Services LLC (2009) TC3 health. http://aws.amazon.com/solutions/case-studies/tc3-health/. Accessed 4 Nov 2009
Pearson S, Shen Y, Mowbray M (2009) A privacy manager for cloud computing. In: 1st International conference on cloud computing. LNCS, Beijing. Springer, Berlin
World Wide Web Consortium (W3C) (2007) Platform for Privacy Preferences (P3P) Project. http://www.w3.org/P3P. Accessed 4 Nov 2009
Cranor L (2002) Web privacy with P3P. O’Reilly & Associates
PRIME Project (2004–2009) PRIME—privacy and identity management for Europe. https://www.prime-project.eu/. Accessed 4 Nov 2009
Boneh D, Franklin M (2003) Identity-based encryption from the Weil Pairing. SIAM J Comput 32(2):586–615
Casassa Mont M, Pearson S, Bramhall P (2003) Towards accountable management of identity and privacy: sticky policies and enforceable tracing services. In: IEEE workshop on data and expert systems applications. IEEE Computer Society Press, Washington, pp 377–382
Casassa Mont M, Thyne R (2006) A systemic approach to automate privacy policy enforcement in enterprises. In: PET’06. LNCS, vol 4258. Springer, Berlin, Heidelberg, pp 118–134
Patrick S, Kenny S (2003) From privacy legislation to interface design: implementing information privacy in human-computer interactions. In: Dingledine R (ed) PET’03. LNCS, vol 2760. Springer, Berlin, Heidelberg, pp 107–124
Brodorik P, Jutla D, Wang M (2008) Consistent privacy preferences (CPP): model, semantics, and properties. In: SAC’08. ACM, Fortaleza, Ceará, Brazil
Ehsan Elahi T, Pearson S (2007) Privacy assurance: bridging the gap between preference and practice. In: Lambrinoudakis C, Pernul G, Tjoa A (eds) LNCS, vol 4657. Springer, Berlin, Heidelberg, pp 65–74
World Wide Web Consortium (W3C) (2002) A P3P Preference Exchange Language 1.0 (APPEL 1.0). In: Langheinrich M (ed). http://www.w3.org/TR/P3P-preferences/. Accessed 4 Nov 2009
Agrawal R, Kiernan J, Srikant R, Xu Y (2005) XPref: a preference language for P3P. Comput Netw 48(5):809–827
Cranor L, Guduru P, Arjula M (2006) User interfaces for privacy agents. In: ACM Trans Computer-Human Interact 13(2):135–178
Irwin K, Yu T (2005) Determining user privacy preferences by asking the right questions: an automated approach. In: WPES’05. ACM, Alexandria, Virginia, USA
Kelley P, Bresee J, Cranor L, Reeder R (2009) A “nutrition label” for privacy. In: 5th Symposium on usable privacy and security, SOUPS ’09. ACM, New York
Pettersson J, Fischer-Hübner S, Danielsson N, Nilsson J, Bergmann M, Clauss S, Kriegelstein T, Krasemann H (2005) Making PRIME usable. In: SOUPS. ACM, New York
EU PrimeLife project (2009) Privacy and identity management in Europe for life. http://www.primelife.eu. Accessed 4 Nov 2009
Trusted Computing Group (2009) TPM Main Specification. http://www.trustedcomputinggroup.org/resources/tpm_main_specification. Accessed 4 Nov 2009
Pearson S (2005) Trusted computing: strengths, weaknesses and further opportunities for enhancing privacy. In: Trust Management. LNCS, vol 3477. Springer, Heidelberg, pp 305–320
Dalton C, Plaquin D, Weidner W, Kuhlmann D, Balacheff B, Brown R (2009) Trusted virtual platforms: a key enabler for converged client devices. ACM SIGOPS Oper Syst Rev 43(1):36–43
Gritzalis D, Moulinos K, Kostis K (2001) A privacy-enhancing e-business model based on infomediaries. In: Goos G, Hartmanis J, van Leeuwen J (eds) Information assurance in computer networks. LNCS, vol 2052. Springer, Heidelberg, pp 72–93
SourceForge, Inc (2009) The Reasons for Otemba’s Existence. http://sourceforge.net/apps/trac/otemba/wiki/Reasons%20for%20existence. Accessed 4 Nov 2009
Zou D, Dou S, Zheng W, Jin H (2009) Building automated trust negotiation architecture in virtual computing environment. J Supercomput. doi:10.1007/s11227-009-0358-6
ENISA (2009) Cloud Computing: Benefits, risks and recommendations for information security. Catteddu D, Hogben G (eds). Available http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/
Pearson S, Casassa Mont M, Novoa M (2008) Securing information transfer within distributed computing environments. IEEE Secur Priv Mag 6(1):34–42
NMEA standard (2010) Available at http://www.nmea.org/content/nmea_standards/nmea_083_v_400.asp
Narayanan A, Shmatikov V (2005) Obfuscated databases and group privacy. In: 12th ACM conference on computer and communications security. ACM, New York, pp 102–111
Salesforce.com, Inc (2000–2009) Sales Cloud. http://www.salesforce.com/products/sales-force-automation/. Accessed 4 Nov 2009
Haimes YY (1999) Risk modeling, assessment, and management. Syst Man Cybern C 29(2):315
Despotovic Z, Aberer K (2006) P2P reputation management: probabilistic estimation vs. social networks. Comput Netw 50(4):485–500
The EnCoRe Project (2008) EnCoRe: ensuring consent and revocation. http://www.encore-project.info. Accessed 4 Nov 2009
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mowbray, M., Pearson, S. & Shen, Y. Enhancing privacy in cloud computing via policy-based obfuscation. J Supercomput 61, 267–291 (2012). https://doi.org/10.1007/s11227-010-0425-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-010-0425-z