scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Privacy in the clouds

18 Dec 2008-Identity in The Information Society (Springer Netherlands)-Vol. 1, Iss: 1, pp 89-108
TL;DR: Four fundamental technological approaches to help assure widespread and enduring online participation, confidence and trust in the information society are outlined.
Abstract: Informational self-determination refers to the right or ability of individuals to exercise personal control over the collection, use and disclosure of their personal data by others. The basis of modern privacy laws and practices around the world, informational privacy has become a challenging concept to protect and promote in a world of ubiquitous and unlimited data sharing and storage among organizations. The paper advocates a “user-centric” approach to managing personal data online. However, user-centricity can be problematic when the user—the data subject—is not directly involved in transactions involving the disclosure, collection, processing, and storage of their personal data. Identity data is increasingly being generated, used and stored entirely in the networked “Cloud”, where it is under control of third parties. The paper explores possible technology solutions to ensure that individuals will be able to exercise informational self-determination in an era of network grid computing, exponential data creation, ubiquitous surveillance and rampant online fraud. The paper describes typical “Web 2.0” use scenarios, suggests some technology building blocks to protect and promote informational privacy online, and concludes with a call to develop a privacy-respective information technology ecosystem for identity management. Specifically, the paper outlines four fundamental technological approaches to help assure widespread and enduring online participation, confidence and trust in the information society.

Content maybe subject to copyright    Report

Citations
More filters
Proceedings ArticleDOI
30 Nov 2010
TL;DR: This paper assesses how security, trust and privacy issues occur in the context of cloud computing and discusses ways in which they may be addressed.
Abstract: Cloud computing is an emerging paradigm for large scale infrastructures. It has the advantage of reducing cost by sharing computing and storage resources, combined with an on-demand provisioning mechanism relying on a pay-per-use business model. These new features have a direct impact on the budgeting of IT budgeting but also affect traditional security, trust and privacy mechanisms. Many of these mechanisms are no longer adequate, but need to be rethought to fit this new paradigm. In this paper we assess how security, trust and privacy issues occur in the context of cloud computing and discuss ways in which they may be addressed.

530 citations


Cites background from "Privacy in the clouds"

  • ...Ann Cavoukian, the Privacy Commissioner in Ontario, suggests four fundamental technological approaches towards assuring confidence and trust in the privacy of PII in the cloud [48], namely:...

    [...]

Proceedings ArticleDOI
12 Dec 2009
TL;DR: PasS (Privacy as a Service) is the first practical cloud computing privacy solution that utilizes previous research on cryptographic coprocessors to solve the problem of securely processing sensitive data in cloud computing infrastructures.
Abstract: In this paper we present PasS (Privacy as a Service); a set of security protocols for ensuring the privacy and legal compliance of customer data in cloud computing architectures. PasS allows for the secure storage and processing of users’ confidential data by leveraging the tamper-proof capabilities of cryptographic coprocessors. Using tamper-proof facilities provides a secure execution domain in the computing cloud that is physically and logically protected from unauthorized access. PasS central design goal is to maximize users’ control in managing the various aspects related to the privacy of sensitive data. This is achieved by implementing user-configurable software protection and data privacy mechanisms. Moreover, PasS provides a privacy feedback process which informs users of the different privacy operations applied on their data and makes them aware of any potential risks that may jeopardize the confidentiality of their sensitive information. To the best of our knowledge, PasS is the first practical cloud computing privacy solution that utilizes previous research on cryptographic coprocessors to solve the problem of securely processing sensitive data in cloud computing infrastructures.

310 citations

01 Jan 2004
TL;DR: This book explores the social, political, and legal implications of the collection and use of personal information in computer databases from all angles and recommends how the law can be reformed to simultaneously protect the authors' privacy and allow us to enjoy the benefits of their increasingly digital world.
Abstract: THE DIGITAL PERSON: TECHNOLOGY AND PRIVACY IN THE INFORMATION AGE (ISBN: 0814798462) (NYU Press 2004) explores the social, political, and legal implications of the collection and use of personal information in computer databases. In the Information Age, our lives are documented in digital dossiers maintained by hundreds (perhaps thousands) of businesses and government agencies. These dossiers are composed of bits of our personal information, which when assembled together begin to paint a portrait of our personalities. The dossiers are increasingly used to make decisions about our lives - whether we get a loan, a mortgage, a license, or a job; whether we are investigated or arrested; and whether we are permitted to fly on an airplane. Digital dossiers impact many aspects of our lives. For example, they increase our vulnerability to identity theft, a serious crime that has been escalating at an alarming rate. Moreover, since September 11th, the government has been tapping into vast stores of information collected by businesses and using it to profile people for criminal or terrorist activity. Do these developments pose a problem? Is it possible to protect privacy in a society where information flows so freely and proliferates so rapidly? THE DIGITAL PERSON seeks to answer these questions. This book explores the problem from all angles - how businesses gather personal information in massive databases; how the government increasingly provides this data to businesses through public records; and how the government is gathering personal data from businesses for its own uses. THE DIGITAL PERSON not only explores these problems, but also provides a compelling account of how we can respond to them. Using a wide variety of sources, including history, philosophy, and literature, Solove sets forth a new understanding of privacy, one that is appropriate for the new challenges of the Information Age. Solove recommends how the law can be reformed to simultaneously protect our privacy and allow us to enjoy the benefits of our increasingly digital world. The table of contents and Chapter 1 are available for download.

201 citations

Journal ArticleDOI
TL;DR: An overview of the cloud service models and the main techniques and research prototypes that efficiently support trust management of services in cloud environments are surveyed and a generic analytical framework is presented that assesses existing trust management research prototypes in cloud computing and relevant areas using a set of assessment criteria.
Abstract: Trust management is one of the most challenging issues in the emerging cloud computing area. Over the past few years, many studies have proposed different techniques to address trust management issues. However, despite these past efforts, several trust management issues such as identification, privacy, personalization, integration, security, and scalability have been mostly neglected and need to be addressed before cloud computing can be fully embraced. In this article, we present an overview of the cloud service models and we survey the main techniques and research prototypes that efficiently support trust management of services in cloud environments. We present a generic analytical framework that assesses existing trust management research prototypes in cloud computing and relevant areas using a set of assessment criteria. Open research issues for trust management in cloud environments are also discussed.

186 citations

Proceedings ArticleDOI
12 Dec 2009
TL;DR: A hierarchy of P2P reputation systems is suggested to protect clouds and datacenters at the site level and to safeguard the data objects at the file-access level to protect cloud service models, currently implemented by Amazon, IBM, and Google.
Abstract: Internet clouds work as service factories built around web-scale datacenters. The elastic cloud resources and huge datasets processed are subject to security breaches, privacy abuses, and copyright violations. Provisioned cloud resources on-demand are especially vulnerable to cyber attacks. The cloud platforms built by Google, IBM, and Amazon all reveal this weaknesses. We propose a new approach to integrating virtual clusters, security-reinforced datacenters, and trusted data accesses guided by reputation systems. A hierarchy of P2P reputation systems is suggested to protect clouds and datacenters at the site level and to safeguard the data objects at the file-access level. Different security countermeasures are suggested to protect cloud service models: IaaS, PaaS, and SaaS, currently implemented by Amazon, IBM, and Google, respectively.

178 citations

References
More filters
Posted Content
TL;DR: This paper was the first initiative to try to define Web 2.0 and understand its implications for the next generation of software, looking at both design patterns and business modes.
Abstract: This paper was the first initiative to try to define Web2.0 and understand its implications for the next generation of software, looking at both design patterns and business modes. Web 2.0 is the network as platform, spanning all connected devices; Web 2.0 applications are those that make the most of the intrinsic advantages of that platform: delivering software as a continually-updated service that gets better the more people use it, consuming and remixing data from multiple sources, including individual users, while providing their own data and services in a form that allows remixing by others, creating network effects through an "architecture of participation," and going beyond the page metaphor of Web 1.0 to deliver rich user experiences.

7,513 citations

Book
01 Jan 1999
TL;DR: Harvard Professor Lawrence Lessig shows how code can make a domain, site, or network free or restrictive; how technological architectures influence people's behavior and the values they adopt; and how changes in code can have damaging consequences for individual freedoms.
Abstract: From the Publisher: Should cyberspace be regulated? How can it be done? It's a cherished belief of techies and net denizens everywhere that cyberspace is fundamentally impossible to regulate. Harvard Professor Lawrence Lessig warns that, if we're not careful we'll wake up one day to discover that the character of cyberspace has changed from under us. Cyberspace will no longer be a world of relative freedom; instead it will be a world of perfect control where our identities, actions, and desires are monitored, tracked, and analyzed for the latest market research report. Commercial forces will dictate the change, and architecture—the very structure of cyberspace itself—will dictate the form our interactions can and cannot take. Code And Other Laws of Cyberspace is an exciting examination of how the core values of cyberspace as we know it—intellectual property, free speech, and privacy-—are being threatened and what we can do to protect them. Lessig shows how code—the architecture and law of cyberspace—can make a domain, site, or network free or restrictive; how technological architectures influence people's behavior and the values they adopt; and how changes in code can have damaging consequences for individual freedoms. Code is not just for lawyers and policymakers; it is a must-read for everyone concerned with survival of democratic values in the Information Age.

2,706 citations

Journal ArticleDOI
TL;DR: This article analyses some of the key privacy-Enhancing Technologies and provides view in the on-going projects developing these technologies.

673 citations

Book
01 Jan 2007
TL;DR: Solove, an authority on information privacy law, offers a fascinating account of how the Internet is transforming gossip, the way we shame others, and our ability to protect our own reputations as mentioned in this paper.
Abstract: Teeming with chatrooms, online discussion groups, and blogs, the Internet offers previously unimagined opportunities for personal expression and communication. But theres a dark side to the story. A trail of information fragments about us is forever preserved on the Internet, instantly available in a Google search. A permanent chronicle of our private livesoften of dubious reliability and sometimes totally falsewill follow us wherever we go, accessible to friends, strangers, dates, employers, neighbors, relatives, and anyone else who cares to look. This engrossing book, brimming with amazing examples of gossip, slander, and rumor on the Internet, explores the profound implications of the online collision between free speech and privacy.Daniel Solove, an authority on information privacy law, offers a fascinating account of how the Internet is transforming gossip, the way we shame others, and our ability to protect our own reputations. Focusing on blogs, Internet communities, cybermobs, and other current trends, he shows that, ironically, the unconstrained flow of information on the Internet may impede opportunities for self-development and freedom. Long-standing notions of privacy need review, the author contends: unless we establish a balancebetweenprivacy and free speech, we may discover that the freedom of the Internet makes us less free. (11/01/2007)

371 citations


"Privacy in the clouds" refers background in this paper

  • ...28 See Wikipedia entries for “federated identity” and “single sign-on”....

    [...]

  • ...By supporting a plethora of identity systems, this architecture will allow for the migration of applications from legacy systems to the user-centric ones that will 22 See Cavoukian 2006 (October )....

    [...]

  • ...17 See, for example, M-Alliance payment solutions at: http://cordis.europa.eu/ictresults/index.cfm/section/ news/tpl/article/BrowsingType/Features/ID/551 and mPayment service offerings at: www.netsize.com/ products/mpayment.aspx and Diversinet products and services at: www.diversinet.com....

    [...]

  • ...See for example, list of ICT Standards Consortia, at www. cen.eu/cenorm/businessdomains/businessdomains/isss/consortia/index.asp....

    [...]

  • ...With better digital identity management, the dating service would be able to accept third-party certified attributes, without customers running the risk that the certificates would reveal their real names to the 14 See: www.openid.net and http://en.wikipedia.org/wiki/Openid....

    [...]

Book
01 Jan 2008
TL;DR: The Big Switch as mentioned in this paper provides a panoramic view of the new world being conjured from the circuits of the "World Wide Computer" and includes an AZ guide to the companies leading this transformation.
Abstract: Future Shock for the Web-apps era.... Compulsively readablefor nontechies, too. Fast Company Building on the success of his industry-shaking Does IT Matter? Nicholas Carr returns with The Big Switch, a sweeping look at how a new computer revolution is reshaping business, society, and culture. Just as companies stopped generating their own power and plugged into the newly built electric grid some hundred years ago, today it's computing that's turning into a utility. The effects of this transition will ultimately change society as profoundly as cheap electricity did. The Big Switch provides a panoramic view of the new world being conjured from the circuits of the "World Wide Computer." New for the paperback edition, the book now includes an AZ guide to the companies leading this transformation.

337 citations