Advertisement

Accountability Through Transparency for Cloud Customers

  • Martin Gilje Jaatun
  • Daniela S. Cruzes
  • Julio Angulo
  • Simone Fischer-Hübner
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 581)

Abstract

Public cloud providers process data on behalf of their customers in data centres that typically are physically remote from their users. This context creates a number of challenges related to data privacy and security, and may hinder the adoption of cloud technology. One of these challenges is how to maintain transparency of the processes and procedures while at the same time providing services that are secure and cost effective. This chapter presents results from an empirical study in which the cloud customers identified a number of transparency requirements to the adoption of cloud providers. We have compared our results with previous studies, and have found that in general, customers are in synchrony with research criteria for cloud service provider transparency, but there are also some extra pieces of information that customers are looking for. We further explain how A4Cloud tools contribute to addressing the customers’ requirements.

Keywords

Cloud computing Accountability Transparency Privacy Security 

Notes

Acknowledgements

This paper is based on joint research in the EU FP7 A4CLOUD project, grant agreement no: 317550.

References

  1. 1.
    Paquette, S., Jaeger, P.T., Wilson, S.C.: Identifying the security risks associated with governmental use of cloud computing. Gov. Inf. Q. 27, 245–253 (2010)CrossRefGoogle Scholar
  2. 2.
    Kuo, A.M.: Opportunities and challenges of cloud computing to improve health care services. J. Med. Internet Res. 13, e67 (2011)CrossRefGoogle Scholar
  3. 3.
    Gavrilov, G., Trajkovik, V.: Security and privacy issues and requirements for healthcare cloud computing. In: Proceedings of the ICT Innovations (2012)Google Scholar
  4. 4.
    AbuKhousa, E., Mohamed, N., Al-Jaroodi, J.: e-health cloud: opportunities and challenges. Future Internet 4, 621 (2012)CrossRefGoogle Scholar
  5. 5.
    Rodrigues, J.J., de la Torre, I., Fernandez, G., Lopez-Coronado, M.: Analysis of the security and privacy requirements of cloud-based electronic health records systems. J. Med. Internet Res. 15, e186 (2013)CrossRefGoogle Scholar
  6. 6.
    Ahuja, S.P., Mani, S., Zambrano, J.: A survey of the state of cloud computing in healthcare. Netw. Commun. Technol. 1, 12–19 (2012)Google Scholar
  7. 7.
    Felici, M., Koulouris, T., Pearson, S.: Accountability for data governance in cloud ecosystems. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 2, pp. 327–332 (2013)Google Scholar
  8. 8.
    Yang, H., Tate, M.: A descriptive literature review and classification of cloud computing research. Commun. Assoc. Inf. Syst. 31, 35–60 (2012)Google Scholar
  9. 9.
    Onwubiko, C.: Security issues to cloud computing. In: Antonopoulos, N., Gillam, L. (eds.) Cloud Computing. Computer Communications and Networks, pp. 271–288. Springer, London (2010)CrossRefGoogle Scholar
  10. 10.
    Khorshed, M.T., Ali, A.S., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28, 833–851 (2012). Including Special sections SS: Volunteer Computing and Desktop Grids and SS: Mobile Ubiquitous ComputingCrossRefGoogle Scholar
  11. 11.
    Durkee, D.: Why cloud computing will never be free. Commun. ACM 53, 62–69 (2010)CrossRefGoogle Scholar
  12. 12.
    Pauley, W.: Cloud provider transparency: an empirical evaluation. IEEE Secur. Priv. 8, 32–39 (2010)CrossRefGoogle Scholar
  13. 13.
    Bernsmed, K., Tountopoulos, V., Brigden, P., Rübsamen, T., Felici, M., Wainwright, N., Santana De Oliveira, A., Sendor, J., Sellami, M., Royer, J.C.: Consolidated use case report. A4Cloud Deliverable D23.2 (2014)Google Scholar
  14. 14.
    Jaatun, M.G., Pearson, S., Gittler, F., Leenes, R.: Towards strong accountability for cloud service providers. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 1001–1006 (2014)Google Scholar
  15. 15.
    Cruzes, D.S., Dybå, T.: Recommended steps for thematic synthesis in software engineering. In: Proceedings of the ESEM 2011, pp. 275–284 (2011)Google Scholar
  16. 16.
    Azraoui, M., Elkhiyaoui, K., Önen, M., Bernsmed, K., De Oliveira, A.S., Sendor, J.: A-PPL: an accountability policy language. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/SETOP/QASA 2014. LNCS, vol. 8872, pp. 319–326. Springer, Heidelberg (2015)Google Scholar
  17. 17.
    Alnemr, R., Pearson, S., Leenes, R., Mhungu, R.: Coat: cloud offerings advisory tool. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 95–100 (2014)Google Scholar
  18. 18.
    Jaatun, M.G., Bernsmed, K., Undheim, A.: Security SLAs – an idea whose time has come? In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) CD-ARES 2012. LNCS, vol. 7465, pp. 123–130. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  19. 19.
    Pulls, T.: Preserving privacy in transparency logging. Ph.D. thesis, Karlstad University Studies, vol. 28 (2015)Google Scholar
  20. 20.
    Fischer-Hübner, S., Hedbom, H., Wästlund, E.: Trust and assurance HCI. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 245–260. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Angulo, J., Fischer-Hübner, S., Pulls, T., Wästlund, E.: Usable transparency with the data track: a tool for visualizing data disclosures. In: Extended Abstracts in the Proceedings of the Conference on Human Factors in Computing Systems, CHI 2015, Seoul, Republic of Korea, pp. 1803–1808. ACM (2015)Google Scholar
  22. 22.
    Hedbom, H., Pulls, T., Hjärtquist, P., Lavén, A.: Adding secure transparency logging to the PRIME core. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds.) IFIP AICT 320. IFIP AICT, vol. 320, pp. 299–314. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Hedbom, H.: A survey on transparency tools for enhancing privacy. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) The Future of Identity. IFIP AICT, vol. 298, pp. 67–82. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Pulls, T., Peeters, R., Wouters, K.: Distributed privacy-preserving transparency logging. In: Workshop on Privacy in the Electronic Society, WPES 2013, Berlin, Heidelberg, Germany, pp. 83–94 (2013)Google Scholar
  25. 25.
    Kani-Zabihi, E., Helmhout, M.: Increasing service users’ privacy awareness by introducing on-line interactive privacy features. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 131–148. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  26. 26.
    Kolter, J., Netter, M., Pernul, G.: Visualizing past personal data disclosures. In: ARES 2010 International Conference on Availability, Reliability, and Security. IEEE, pp. 131–139 (2010)Google Scholar
  27. 27.
    Becker, H., Naaman, M., Gravano, L.: Beyond trending topics: real-world event identification on twitter. In: Proceedings of the Fifth International AAAI Conference on Weblogs and Social Media, ICWSM 2011 (2011)Google Scholar
  28. 28.
    Freeman, L.C.: Visualizing social networks. J. Soc. Struct. 1, 4 (2000)Google Scholar
  29. 29.
    Kairam, S., MacLean, D., Savva, M., Heer, J.: Graphprism: compact visualization of network structure. In: Proceedings of the International Working Conference on Advanced Visual Interfaces, ACM, pp. 498–505 (2012)Google Scholar
  30. 30.
    Hon, W., Millard, C., Walden, I.: Negotiating cloud contracts - looking at clouds from both sides now. Stan. Tech. L. Rev. 81 (2012). Queen Mary School of Law Legal Studies Research Paper No. 117/2012. https://journals.law.stanford.edu/stanford-technology-law-review/online/negotiating-cloud-contracts-looking-clouds-both-sides-now, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2055199

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Martin Gilje Jaatun
    • 1
  • Daniela S. Cruzes
    • 1
  • Julio Angulo
    • 2
  • Simone Fischer-Hübner
    • 2
  1. 1.Department of Software Engineering, Safety and SecuritySINTEF ICTTrondheimNorway
  2. 2.Karlstad UniversityKarlstadSweden

Personalised recommendations