Skip to main content
SpringerLink
Log in

Privacy in cloud computing environments: a survey and research challenges

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Definitely, cloud computing represents a real evolution in the IT world that provides many advantages for both providers and users. This new paradigm includes several services that allow data storage and processing. However, outsourcing data to the cloud raises many issues related to privacy concerns. In fact, for some organizations and individuals, data privacy present a crucial aspect of their business. Indeed, their sensitive data (health, finance, personal information, etc.) have a very important value, and any infringement of privacy can cause great loss in terms of money and reputation. Therefore, without considering privacy issues, the adoption of cloud computing can be discarded by large spectra of users. In this paper, we provide a survey on privacy risks and challenges for public cloud computing. We present and evaluate the main existing solutions that have made great progress in this area. To better address privacy concerns, we point out considerations and guidelines while giving the remained open issues that require additional investigation efforts to fulfill preserving and enhancing privacy in public cloud.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Abbreviations

Acc:

Accountability

CSA:

Cloud Security Alliance

CSB:

Cloud Service Broker

DLP:

Data Leakage Prevention

FIP:

Fair Information Practices

IaaS:

Infrastructure as a Service

IDD:

Illegitimate Data Dissemination

IDH:

Illegitimate Data Handling

PaaS:

Platform as a Service

PC:

Privacy Compliance

PDP:

Policy Decision Point

PEP:

Policy Enforcement Point

PII:

Personally Identifiable Information

Re:

Retention

SaaS:

Software as a Service

SCI:

System Call Interception

TCG:

Trusted Computing Group

TPM:

Trusted Platform Module

TTPM:

Trusted Third Party Mediator

USU:

Unauthorized Secondary Usage

VM:

Virtual Machine

XACML:

eXtensible Access Control Markup Language

References

  1. Mell P, Grance T (2011) The NIST definition of cloud computing

  2. Sellami W, Kacem HH, Kacem AH (2014, December) Elastic multi-tenant business process based service pattern in cloud computing. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), pp 154–161

  3. Ali M, Khan SU, Vasilakos AV (2015) Security in cloud computing: opportunities and challenges. Inf Sci 305:357–383

    Article  MathSciNet  Google Scholar 

  4. US Privacy Protection Study Commission (1977) Personal Privacy in an Information Society-the Report of the Privacy Protection Study Commission

  5. Directive EU (1995) 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Off J EC 23(6)

  6. Act HIPAA (1996) Health insurance portability and accountability act of 1996. Public Law 104:191

    Google Scholar 

  7. Code US (1999) Gramm-Leach-Bliley Act. Gramm-Leach-Bliley Act/AHIMA, American Health Information Management Association

    Google Scholar 

  8. Pearson S (2009, May) Taking account of privacy when designing cloud computing services. In: Proceedings of the 2009 ICSE workshop on software engineering challenges of cloud computing. IEEE computer society, pp 44–52

  9. Mowbray M, Pearson S (2012, September) Protecting personal information in cloud computing. OTM Confederated International Conferences” On the Move to Meaningful Internet Systems”. Springer, Berlin, pp 475–491

  10. Shankarwar MU, Pawar AV (2015) Security and privacy in cloud computing: a survey. In: Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing: Theory and Applications (FICTA) 2014. Springer International Publishing, pp 1–11

  11. Xiao Z, Xiao Y (2013) Security and privacy in cloud computing. IEEE Commun Surv Tutor 15(2):843–859

    Article  Google Scholar 

  12. Alneyadi S, Sithirasenan E, Muthukkumarasamy V (2016) A survey on data leakage prevention systems. J Netw Comput Appl 62:137–152

  13. Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11

  14. Zhou M, Zhang R, Xie W, Qian W, Zhou A (2010) Security and privacy in cloud computing: a survey. In: IEEE 2010 Sixth International Conference on Semantics Knowledge and Grid (SKG), pp 105–112

  15. Jyothi P, Anuradha R, Vijayalata DY (2013) Minimizing internal data theft in cloud through disinformation attacks. Int J Adv Res Comput Commun Eng 2(9):

  16. Gholami A, Laure E (2016) Security and privacy of sensitive data in cloud computing: a survey of recent developments. arXiv:1601.01498

  17. Hussein NH, Khalid A (2016) A survey of cloud computing security challenges and solutions. Int J Comput Sci Inf Secur 14(1):52

    Google Scholar 

  18. Khan MA (2016) A survey of security issues for cloud computing. J Netw Comput Appl 71:11–29

    Article  Google Scholar 

  19. Warren SD, Brandeis LD (1890) The right to privacy. Harvard Law Review 4:193–220

    Article  Google Scholar 

  20. Farlex INC (2009) The free dictionary. Retrieved 28 June 2012

  21. Dictionary B (2012) Business dictionary. Retrieved 17 April 2012

  22. American Institute of Certified Public Accountants/Canadian Institute of Chartered Accountants (AICPA/CICA) (2009) Generally Accepted Privacy Principles

  23. Swire PP, Bermann S (eds) (2007) Information Privacy: Official Reference for the Certified Information Privacy Professional (CIPP). International Association of Privacy Professionals

  24. Sweeney L (2002) k-anonymity: a model for protecting privacy. Int J Uncertain Fuzziness Knowl Based Syst 10(05):557–570

    Article  MathSciNet  MATH  Google Scholar 

  25. McCarthy MT (2002) USA Patriot Act

  26. Ruiter J, Warnier M (2010) Privacy regulations for cloud computing. TU Delft, Delft

    Google Scholar 

  27. Baase S (2008) A gift of fire: social, legal, and ethical issues for computing and the Internet. Prentice Hall, Upper Saddle River

    Google Scholar 

  28. Regan PM (2004) Old issues, new context: privacy, information collection, and homeland security. Gov Inf Q 21(4):481–497

    Article  Google Scholar 

  29. Birnhack MD (2008) The EU data protection directive: an engine of a global regime. Comput Law Secur Rev 24(6):508–520

    Article  Google Scholar 

  30. Hornung G (2012) A general data protection regulation for Europe. Light Shade Comm Draft 25:64–81

    Google Scholar 

  31. Bull G (2001) Data protection safe harbor: transferring personal data to the USA. Comput Law Secur Rev 17(4):239–243

    Article  MathSciNet  Google Scholar 

  32. Weiss MA, Archick K (2016) US-EU data privacy: from safe harbor to privacy shield. Congr Res Serv

  33. De Hert P, Papakonstantinou VN, Kamara I (2014) The new cloud computing ISO/IEC 27018 standard through the lens of the EU legislation on data protection

  34. datalossdb (2015) Datalossltatistics. Retrievedfrom http://datalossdb.org

  35. Mega: secure cloud storage. https://mega.nz/

  36. Tresorit: End-to-End Encrypted Cloud Storage for Businesses. https://tresorit.com/

  37. Pearson S, Yee G (eds) (2012) Privacy and security for cloud computing. Springer, Berlin

    Google Scholar 

  38. Jansen W, Grance T (2011) Guidelines on security and privacy in public cloud computing. NIST Spec Publ 800:144

    Google Scholar 

  39. Pearson S (2011) Toward accountability in the cloud. IEEE Internet Comput 15(4):64

    Article  Google Scholar 

  40. Sato M (2010) Personal data in the cloud: a global survey of consumer attitudes

  41. Habib SM, Hauke S, Ries S, Mhlhuser M (2012) Trust as a facilitator in cloud computing: a survey. J Cloud Comput Adv Syst Appl 1(1):1

    Article  Google Scholar 

  42. Cavoukian A (2010) The 7 foundational principles: implementation and mapping of fair information practices

  43. Bessani A, Correia M, Quaresma B, Andr F, Sousa P (2013) DepSky: dependable and secure storage in a cloud-of-clouds. ACM Transactions on Storage 9(4):12

    Article  Google Scholar 

  44. Song Y, Kim H, Mohaisen A (2014, September) A private walk in the clouds: Using end-to-end encryption between cloud applications in a personal domain. In: International Conference on Trust, Privacy and Security in Digital Business. Springer International Publishing, pp 72–82

  45. Han F, Qin J, Hu J (2016) Secure searches in the cloud: a survey. Future Gener Comput Syst 62:66–75

    Article  Google Scholar 

  46. Yao A (1986, October) How to generate and exchange secrets. In: IEEE 27th Annual Symposium on Foundations of Computer Science, pp 162–167

  47. Gentry C (2009) May) Fully homomorphic encryption using ideal lattices. STOC 9:169–178

    Article  MathSciNet  MATH  Google Scholar 

  48. Atayero AA, Feyisetan O (2011) Security issues in cloud computing: The potentials of homomorphic encryption. J Emerg Trends Comput Inf Sci 2(10):546–552

    Google Scholar 

  49. Vishwakarma B, Gupta H, Manoria M (2016, March) A survey on privacy preserving mining implementing techniques. In: IEEE Symposium on Colossal Data Analysis and Networking (CDAN), pp. 1–5

  50. Goroff DL (2015) Balancing privacy versus accuracy in research protocols. Science 347(6221):479–480

    Article  Google Scholar 

  51. Narayanan A, Shmatikov V (2008, May) Robust de-anonymization of large sparse datasets. In: 2008 IEEE Symposium on Security and Privacy (sp 2008), pp 111–125

  52. Mont MC, Pearson S, Bramhall P (2003, September) Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In: Proceedings of the 14th International Workshop on Database and Expert Systems Applications, pp 377–382

  53. Bezzi M, Trabelsi S (2011) Data usage control in the future internet cloud. Springer, Berlin

    Book  Google Scholar 

  54. Chen L, Mitchell CJ, Martin A (eds) (2009) Trusted Computing: Second International Conference, Trust 2009 Oxford, UK, April 6–8, Proceedings, vol 5471. Springer

  55. Sadeghi AR, Schneider T, Winandy M (2010) Token-based cloud computing. Trust and trustworthy computing. Springer, Berlin, pp 417–429

    Google Scholar 

  56. TCG Public Review. Trusted Platform Module Library. Part 1: Architecture. Family 2.0. March 13, 2014, Committee Draft, Level 00 Revision 01.07

  57. di Vimercati SDC, Erbacher RF, Foresti S, Jajodia S, Livraga G, Samarati P (2014) Encryption and fragmentation for data confidentiality in the cloud. In: Foundations of security analysis and design VII. Springer International Publishing, pp 212–243

  58. Aloqaily M, Kantarci B, Mouftah HT (2014, December) On the impact of quality of experience (QoE) in a vehicular cloud with various providers. In: 2014 11th Annual High Capacity Optical Networks and Emerging/Enabling Technologies (Photonics for Energy), pp 94–98

  59. Aloqaily M, Kantarci B, Mouftah HT (2015, December) An auction-driven multi-objective provisioning framework in a vehicular cloud. In: 2015 IEEE Globecom Workshops (GC Wkshps), pp 1–6

  60. Beiter M, Mont MC, Chen L, Pearson S (2014) End-to-end policy based encryption techniques for multi-party data management. Comput Stand Interfaces 36(4):689–703

    Article  Google Scholar 

  61. Li Y, Gai K, Qiu L, Qiu M, Zhao H (2016) Intelligent cryptography approach for secure distributed big data storage in cloud computing. Inf Sci

  62. Wang C, Cao N, Ren K, Lou W (2012) Enabling secure and efficient ranked keyword search over outsourced cloud data. IEEE Trans Parallel Distrib Syst 23(8):1467–1479

    Article  Google Scholar 

  63. Song W, Wang B, Wang Q, Peng Z, Lou W, Cui Y (2016) A privacy-preserved full-text retrieval algorithm over encrypted data for cloud storage applications. J Parallel Distr Comput

  64. Erway CC, Kp A, Papamanthou C, Tamassia R (2015) Dynamic provable data possession. ACM Trans Inf Syst Secur 17(4):15

    Article  Google Scholar 

  65. Betge-Brezetz S, Kamga GB, Dupont MP, Guesmi A (2013, November) End-to-end privacy policy enforcement in cloud infrastructure. In: 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet), pp 25–32

  66. Chang V, Kuo YH, Ramachandran M (2016) Cloud computing adoption framework: a security framework for business clouds. Future Gener Comput Syst 57:24–41

    Article  Google Scholar 

  67. Wang C, Chow SS, Wang Q, Ren K, Lou W (2013) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375

    Article  MathSciNet  Google Scholar 

  68. Mowbray M, Pearson S, Shen Y (2012) Enhancing privacy in cloud computing via policy-based obfuscation. J Supercomput 61(2):267–291

    Article  Google Scholar 

  69. Squicciarini AC, Petracca G, Bertino E (2013, February) Adaptive data protection in distributed systems. In: Proceedings of the third ACM conference on Data and application security and privacy. ACM, pp 365–376

  70. Chen S, Thilakanathan D, Xu D, Nepal S, Calvo R (2015, May) Self protecting data sharing using generic policies. In: 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp 1197–1200

  71. Thilakanathan D, Chen S, Nepal S, Calvo R (2016) SafeProtect: controlled data sharing with user-defined policies in cloud-based collaborative environment

  72. Papanikolaou N, Pearson S, Mont MC, Ko RK (2014) A toolkit for automating compliance in cloud computing services. Int J Cloud Comput 23(1):45–68

    Article  Google Scholar 

  73. EnCoRe 2011. The EnCoRe project. http://www.encore-project.info/

  74. Rahmouni HB (2011) Ontology based privacy compliance for health data disclosure in Europe. Doctoral dissertation, University of the West of England, Bristol

  75. Bahrami M, Singhal M (2016, February) CloudPDB: A light-weight data privacy schema for cloud-based databases. In: 2016 International Conference on Computing, Networking and Communications (ICNC), pp 1–5

  76. Yau SS, An HG (2010, November) Protection of users’ data confidentiality in cloud computing. In: Proceedings of the second Asia-Pacific symposium on internetware. ACM, p 11

  77. Itani W, Kayssi A, Chehab A (2009, December) Privacy as a service: Privacy-aware data storage and processing in cloud computing architectures. In: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC’09, pp 711–716

  78. Ghorbel M, Aghasaryan A, Betg-Brezetz S, Dupont MP, Kamga GB, Piekarec S (2011, July) Privacy data envelope: concept and implementation. In: IEEE 2011 Ninth Annual International Conference on Privacy, Security and Trust (PST), pp 55–62

  79. Trabelsi S, Sendor J (2012, July) Sticky policies for data control in the cloud. In: IEEE 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pp 75–80

  80. Brown J, Blough DM (2015, August) Distributed enforcement of sticky policies with flexible trust. In: 2015 IEEE 17th International Conference on High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), pp 1202–1209

  81. Brandic I, Dustdar S, Anstett T, Schumm D, Leymann F, Konrad R (2010, July) Compliant cloud computing (c3): Architecture and language support for user-driven compliance management in clouds. In: 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD), pp 244–251

  82. Wchner T, Pretschner A (2012, November) Data loss prevention based on data-driven usage control. In: 2012 IEEE 23rd International Symposium on Software Reliability Engineering, pp 151–160

  83. Kelbert F, Pretschner A (2013, February) Data usage control enforcement in distributed systems. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy. ACM, pp. 71–82

  84. Kelbert F, Pretschner A (2015, June) A fully decentralized data usage control enforcement infrastructure. In: International Conference on Applied Cryptography and Network Security. Springer International Publishing, pp. 409–430

  85. Chen YY, Jamkhedkar PA, Lee RB (2012, October) A software-hardware architecture for self-protecting data. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, pp 14–27

Download references

Author information

Authors and Affiliations

  1. ReDCAD Laboratory, ENIS, University of Sfax, B.P. 1173, 3038, Sfax, Tunisia

    Amal Ghorbel & Mahmoud Ghorbel

  2. Digital Research Center of Sfax, B.P. 275, Sakiet Ezzit, 3021, Sfax, Tunisia

    Mohamed Jmaiel

Authors
  1. Amal Ghorbel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mahmoud Ghorbel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohamed Jmaiel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amal Ghorbel.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ghorbel, A., Ghorbel, M. & Jmaiel, M. Privacy in cloud computing environments: a survey and research challenges. J Supercomput 73, 2763–2800 (2017). https://doi.org/10.1007/s11227-016-1953-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-016-1953-y

Keywords

Search

Navigation