Towards User Centric Data Governance and Control in the Cloud

  • Stephan Groß
  • Alexander Schill
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7039)


Cloud Computing, i. e. providing on-demand access to virtualised computing resources over the Internet, is one of the current mega-trends in IT. Today, there are already several providers offering cloud computing infrastructure (IaaS), platform (PaaS) and software (SaaS) services. Although the cloud computing paradigm promises both economical as well as technological advantages, many potential users still have reservations about using cloud services as this would mean to trust a cloud provider to correctly handle their data according to previously negotiated rules. Furthermore, the virtualisation causes a location independence of offered services which could interfere with domain specific legislative regulations. In this paper, we present an approach of putting the cloud user back into power when migrating data and services into and within the cloud. We outline our work in progress, that aims at providing a platform for developing flexible service architectures for cloud computing with special consideration of security and non-functional properties.


  1. 1.
    Abu-Libdeh, H., Princehouse, L., Weatherspoon, H.: RACS: a case for cloud storage diversity. In: Proceedings of the 1st ACM Symposium on Cloud Computing, SoCC 2010, pp. 229–240. ACM, New York (2010), Scholar
  2. 2.
    Aversa, R., Avvenuti, M., Cuomo, A., Di Martino, B., Di Modica, G., Distefano, S., Puliafito, A., Rak, M., Tomarchio, O., Vecchio, A., Venticinque, S., Villano, U.: The Cloud@Home Project: Towards a New Enhanced Computing Paradigm. In: Guarracino, M.R., Vivien, F., Träff, J.L., Cannatoro, M., Danelutto, M., Hast, A., Perla, F., Knüpfer, A., Di Martino, B., Alexander, M. (eds.) Euro-Par-Workshop 2010. LNCS, vol. 6586, pp. 555–562. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Bonvin, N., Papaioannou, T.G., Aberer, K.: A self-organized, fault-tolerant and scalable replication scheme for cloud storage. In: Proceedings of the 1st ACM Symposium on Cloud computing (SoCC 2010), pp. 205–216. ACM, New York (2010)CrossRefGoogle Scholar
  4. 4.
    Catteddu, D.: Cloud Computing – Benefits, risks and recommendations for information security. ENISA Report, ENISA (November 2009)Google Scholar
  5. 5.
    Catteddu, D.: Security & Resilience in Governmental Clouds – Making an informed decision. ENISA Report, ENISA (January 2011)Google Scholar
  6. 6.
    Cranor, L.F., Garfinkel, S.L.: Designing Secure Systems That People Can Use. O’Reilly (September 2005) ISBN 978-0-596-00827-7Google Scholar
  7. 7.
    England, D., Randles, M., Taleb-Bendiab, A.: Designing interaction for the cloud. In: Proceedings of the 2011 Annual Conference Extended Abstracts on Human Factors in Computing Systems, CHI EA 2011, pp. 2453–2456. ACM, New York (2011), Scholar
  8. 8.
    Fischer-Hübner, S., Iacono, L.L., Möller, S.: Usable Security und Privacy. Datenschutz und Datensicherheit (DuD) (11), 773 (2010)Google Scholar
  9. 9.
    Garfinkel, S.L.: Design principles and patterns for computer systems that are simultaneously secure and usable. Ph.D. thesis, Massachusetts Institute of Technology (2005),
  10. 10.
    Grolimund, D., Meisser, L., Schmid, S., Wattenhofer, R.: Cryptree: A folder tree structure for cryptographic file systems. Technical report, Purdue University, Department of Computer Science, West Lafayette, IN, USA (2006)Google Scholar
  11. 11.
    He, Q., Li, Z., Zhang, X.: Study on Cloud Storage System Based on Distributed Storage Systems. In: 2010 International Conference on Computational and Information Sciences, ICCIS (December 2010)Google Scholar
  12. 12.
  13. 13.
    Information technology – Security techniques – Information security management systems – Requirements. No. 27001 in ISO/IEC Standard, International Organization for Standardization (2005)Google Scholar
  14. 14.
    Kamara, S., Lauter, K.: Cryptographic Cloud Storage. Tech. rep., Microsoft Research Cryptography Group (2011)Google Scholar
  15. 15.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing. Recommendations of the National Institute of Standards and Technology (NIST), Special Publication 800–145 (January 2011),
  16. 16.
    Mosch, M.: User-controlled data sovereignty in the Cloud. In: Proceedings of the PhD Symposium at the 9th IEEE European Conference on Web Services (ECOWS 2011), Lugano, Switzerland (September 2011)Google Scholar
  17. 17.
    Resch, J.K., Plank, J.S.: AONT-RS: blending security and performance in dispersed storage systems. In: 9th Usenix Conference on File and Storage Technologies FAST 2011 (February 2011)Google Scholar
  18. 18.
    Schnjakin, M., Meinel, C.: Plattform zur Bereitstellung sicherer und hochverfügbarer Speicherressourcen in der Cloud. In: Sicher in die digitale Welt von morgen – 12. Deutscher IT-Sicherheitskongress des BSI. SecuMedia Verlag, Bonn (2011)Google Scholar
  19. 19.
    Seiger, R., Groß, S., Schill, A.: SecCSIE: A Secure Cloud Storage Integrator for Enterprises. In: International Workshop on Clouds for Enterprises (C4E). Luxemburg (September 2011)Google Scholar
  20. 20.
    Spillner, J.: Spaceflight – A versatile live demonstrator and teaching system for advanced service-oriented technologies. In: Crimean Conference on Microwave and Telecommunication Technology (CriMiCo), Sewastopol, Ukraine (September 2011) (accepted for publication)Google Scholar
  21. 21.
    Wang, C., Wang, Q., Ren, K., Lou, W.: Ensuring data storage security in Cloud Computing. In: Proceedings of the 17th International Workshop on Quality of Service, Charleston, SC, USA (2009)Google Scholar
  22. 22.
    Whittaker, Z.: Microsoft admits patriot act can access EU-based cloud data. ZDNet iGeneration Blog (June 2011),
  23. 23.
    Xu, P., Zheng, W., Wu, Y., Huang, X., Xu, C.: Enabling Cloud Storage to Support Traditional Applications. In: 5th Annual ChinaGrid Conference (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Stephan Groß
    • 1
  • Alexander Schill
    • 1
  1. 1.Fakultät InformatikTechnische Universität DresdenDresdenGermany

Personalised recommendations