skip to main content
10.1145/1809842.1809872acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

Data protection models for service provisioning in the cloud

Published: 11 June 2010 Publication History

Abstract

Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. While cloud computing is expanding rapidly and used by many individuals and organizations internationally, data protection issues in the cloud have not been carefully addressed at current stage. In the cloud, users' data is usually processed remotely in unknown machines that users do not own or operate. Hence, users' fear of confidential data (particularly financial and health data) leakage and loss of privacy in the cloud becomes a significant barrier to the wide adoption of cloud services. To allay users' concerns of their data privacy, in this paper, we propose a novel data protection framework which addresses challenges during the life cycle of a cloud service. The framework consists of three key components: policy ranking, policy integration and policy enforcement. For each component, we present various models and analyze their properties. Our goal is to provide a new vision toward addressing the issues of the data protection in the cloud rather than detailed techniques of each component. To this extent, the paper includes a discussion of a set of general guidelines for evaluating systems designed based on such a framework.

References

[1]
Extensible access control markup language (XACML) version 2.0. OASIS Standard, 2005.
[2]
D. Agrawal, J. Giles, K. W. Lee, and J. Lobo. Policy ratification. In Proc. of the IEEE International Workshop on Policies for Distributed Systems and Networks, pages 223--232, 2005.
[3]
T. Ahmed and A. R. Tripathi. Static verification of security requirements in role based cscw systems. In Proc. of ACM Symposium on Access Control Models and Technologies, pages 196--203, 2003.
[4]
Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson, and Dawn Song. Provable data possession at untrusted stores. In Proc. of ACM conference on Computer and communications security, pages 598--609, 2007.
[5]
Microsoft Azure Platform. http://www.microsoft.com/windowsazure/?wt.srch=1.
[6]
M. Backes, M. Duermuth, and R. Steinwandt. An algebra for composing enterprise privacy policies. In Proc. of European Symposium on Research in Computer Security, volume 3193, pages 33--52, 2004.
[7]
M. Backes, G. Karjoth, W. Bagga, and M. Schunter. Efficient comparison of enterprise privacy policies. In Proc. of ACM Symposium on Applied Computing, pages 375--382, 2004.
[8]
P. Bonatti, S. D. C. D. Vimercati, and P. Samarati. An algebra for composing access control policies. ACM Transactions on Information and System Security, 5(1):1--35, 2002.
[9]
G. Bruns, D. S. Dantas, and M. Huth. A simple and expressive semantic framework for policy composition in access control. In Proceedings of the 5th ACM Workshop on Formal Methods in Security Engineering, 2007.
[10]
A. Cavoukian. Privacy in the clouds. Identity in the Information Society, 1, 2008.
[11]
RightScale Cloud Computing. Delivered. http://www.rightscale.com/.
[12]
Google Application Engine. http://code.google.com/appengine/.
[13]
K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz. Verification and change-impact analysis of access-control policies. In Proc. of the International Conference on Software Engineering, pages 196--205, 2005.
[14]
M. Fujita, P. C. McGeer, and J. C.-Y. Yang. Multi-terminal binary decision diagrams: An efficient datastructure for matrix representation. Formal Methods in System Design, 10(2-3):149--169, 1997.
[15]
R. Gellman. Privacy in the clouds: Risks to privacy and confidentiality from cloud computing. World Privacy Forum, 2009.
[16]
P. T. Jaeger, J. Lin, and J. M. Grimes. Cloud computing and information policy: Computing in a policy cloud? Journal of Information Technology and politics, 5(3), 2009.
[17]
R. Jagadeesan, W. Marrero, C. Pitcher, and V. Saraswat. Timed constraint programming: a declarative approach to usage control. In Proc. of the ACM SIGPLAN international conference on Principles and practice of declarative programming, pages 164--175, 2005.
[18]
B. R. Kandukuri, R. P. V., and A. Rakshit. Cloud security issues. In IEEE International Conference on Services Computing (SCC), pages 517--520, 2009.
[19]
L. M. Kaufman. Data security in the World of Cloud Computing. IEEE Security and Privacy, 7(4):61--64, 2009.
[20]
M. Lillibridge, S. Elnikety, A. Birrell, M. Burrows, and M. Isard. A cooperative internet backup scheme. In USENIX Annual Technical Conference, General Track, pages 29--41, 2003.
[21]
D. Lin, P. Rao, E. Bertino, N. Li, and J. Lobo. An approach to evaluate policy similarity. In Proc. of ACM Symposium on Access Control Models and Technologies, pages 1--10, 2007.
[22]
E. Lupu and M. Sloman. Conflicts in policy-based distributed systems management. IEEE Transactions on Software Engineering, 25(6):852--869, 1999.
[23]
T. Mather, S. Kumaraswamy, and S. Latif. Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice). O'Reilly, 2009.
[24]
P. Mazzoleni, E. Bertino, and B. Crispo. XACML policy integration algorithms. In Proc. of ACM Symposium on Access Control Models and Technologies, pages 223--232, 2006.
[25]
M. C. Mont, S. Pearson, and P. Bramhall. Towards accountable management of privacy and identity information. In Proc. of the European Symposium on Research in Computer Security, pages 146--161, 2003.
[26]
Cloud Computing: Clash of the clouds. The economist. 2009.
[27]
IEEE International Conference on Cloud Computing. http://thecloudcomputing.org/2009/2/.
[28]
S. Pearson and A. Charlesworth. Accountability as a way forward for privacy protection in the cloud. Hewlett-Packard Development Company, 2009.
[29]
Siani Pearson, Yun Shen, and Miranda Mowbray. A privacy manager for cloud computing. In CloudCom, pages 90--106, 2009.
[30]
Proofpoint. http://www.proofpoint.com/.
[31]
P. Rao, D. Lin, E. Bertino, N. Li, and J. Lobo. An algebra for fine-grained integration of xacml policies. In Proc. of ACM Symposium on Access Control Models and Technologies, pages 63--72, 2009.
[32]
P. Rao, D. Lin, R. Ferrini, E. Bertino, and J. Lobo. A similarity measure for comparing access control policies. In Technical Report, Dept of Computer Science, Purdue University, USA, 2010.
[33]
B. P. Rimal, E. Choi, and I. Lumb. A taxonomy and survey of Cloud Computing systems. Networked Computing and Advanced Information Management, International Conference on, 0:44--51, 2009.
[34]
Salesforce. http://www.salesforce.com/.
[35]
J. Salmon. Louded in uncertainty - The legal pitfalls of cloud computing. Sept 2008.
[36]
Thomas J. E. Schwarz and Ethan L. Miller. Store, forget, and check: Using algebraic signatures to check remotely administered storage. In IEEE ICDCS, International Conference on Distributed Systems, page 12, 2006.
[37]
Amazon Web Services. http://aws.amazon.com/.
[38]
W. Tang. On using encryption techniques to enhance sticky policies enforcement. Technical Report (TR-CTIT-08-64), Centre for Telematics and Information Technology, 2008.
[39]
Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou. Enabling public verifiability and data dynamics for storage security in cloud computing. In ESORICS, pages 355--370, 2009.
[40]
Workday. http://www.workday.com/.
[41]
N. Zhang, M. Ryan, and D. P. Guelev. Evaluating access control policies through model checking. In Proc. of the Information Security Conference, pages 446--460, 2005.

Cited By

View all
  • (2023)LETRNG—A Lightweight and Efficient True Random Number Generator for GNU/Linux SystemsTsinghua Science and Technology10.26599/TST.2022.901000528:2(370-385)Online publication date: Apr-2023
  • (2020)Fast Hybrid Cryptosystem for Enhancing Cloud Data Security Using Elliptic Curve Cryptography and DNA ComputingInternational Journal of Scientific Research in Science, Engineering and Technology10.32628/IJSRSET207264(336-344)Online publication date: 1-Apr-2020
  • (2020)Using Agent Solutions and Visualization Techniques to Manage Cloud-based Education System2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)10.1109/DASC-PICom-CBDCom-CyberSciTech49142.2020.00073(375-379)Online publication date: Aug-2020
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies
June 2010
212 pages
ISBN:9781450300490
DOI:10.1145/1809842
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cloud computing
  2. data privacy

Qualifiers

  • Research-article

Conference

SACMAT'10
Sponsor:

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)LETRNG—A Lightweight and Efficient True Random Number Generator for GNU/Linux SystemsTsinghua Science and Technology10.26599/TST.2022.901000528:2(370-385)Online publication date: Apr-2023
  • (2020)Fast Hybrid Cryptosystem for Enhancing Cloud Data Security Using Elliptic Curve Cryptography and DNA ComputingInternational Journal of Scientific Research in Science, Engineering and Technology10.32628/IJSRSET207264(336-344)Online publication date: 1-Apr-2020
  • (2020)Using Agent Solutions and Visualization Techniques to Manage Cloud-based Education System2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)10.1109/DASC-PICom-CBDCom-CyberSciTech49142.2020.00073(375-379)Online publication date: Aug-2020
  • (2019)Privacy Protection for Data-Driven Smart Manufacturing SystemsCensorship, Surveillance, and Privacy10.4018/978-1-5225-7113-1.ch085(1721-1739)Online publication date: 2019
  • (2018)Fine-Grained Access Control and Secured Data Sharing in Cloud ComputingCyber Security10.1007/978-981-10-8536-9_20(201-214)Online publication date: 28-Apr-2018
  • (2017)Privacy Protection for Data-Driven Smart Manufacturing SystemsInternational Journal of Web Services Research10.4018/IJWSR.201707010214:3(17-32)Online publication date: 1-Jul-2017
  • (2017)Privacy-Aware Blind Cloud Framework for Advanced HealthcareIEEE Communications Letters10.1109/LCOMM.2017.273914121:11(2492-2495)Online publication date: Nov-2017
  • (2017)An Overview of the State-of-the-Art of Cloud Computing Cyber-SecurityCodes, Cryptology and Information Security10.1007/978-3-319-55589-8_4(56-67)Online publication date: 9-Mar-2017
  • (2016)Ensuring Quality of Random Numbers from TRNG: Design and Evaluation of Post-Processing Using Genetic AlgorithmJournal of Computer and Communications10.4236/jcc.2016.4400704:04(73-92)Online publication date: 2016
  • (2016)Fast Detection of Transformed Data LeaksIEEE Transactions on Information Forensics and Security10.1109/TIFS.2015.250327111:3(528-542)Online publication date: Mar-2016
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media