Abstract
This paper introduces and discusses a data management solution to provide accountability within the cloud as well as addressing privacy issues. The central idea is as follows. Customers allow cloud (service) providers to have access to specific data based on agreed policies and by forcing interactions with interchangeable independent third parties called Trust Authorities. The access to data can be as fine-grained as necessary, based on policy definitions, underlying encryption mechanisms (supporting the stickiness of policies to the data) and a related key management approach that allows (sets of) data attribute(s) to be encrypted specifically based on the policy. Access to data is mediated by a Trust Authority that checks for compliance to policies in order to release decryption keys. By these means users can be provided with finegrained control over access and usage of their data within the cloud, even in public cloud models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Pearson, S., Benameur, A.: Privacy, Security and Trust Issues Arising from Cloud Computing. In: CPSRT 2010, CloudCom, IEEE, Los Alamitos (2010)
Catteddu, D., Hogben, G. (eds.): ENISA: Cloud Computing: Benefits, Risks and Recommendations for Information Security (2009), http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
Weitzner, D., Abelson, H., Berners-Lee, T., Hanson, C., Hendler, J.A., Kagal, L., McGuinness, D.L., Sussman, G.J., Waterman, K.K.: Transparent Accountable Data Mining: New Strategies for Privacy Protection. In: AAAI Spring Symposium on The Semantic Web meets eGovernment, AAAI Press, Menlo Park (2006)
Galway Project: Plenary session Introduction, p. 5 (April 28, 2009)
Crompton, M., Cowper, C., Jefferis, C.: The Australian Dodo Case: an insight for data protection regulation. World Data Protection Report 9(1), BNA (2009)
Galway Project: Data Protection Accountability: The Essential Elements (2009), http://www.huntonfiles.com/files/webupload/CIPL_Galway_Accountability_Paper.pdf
Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. In: DEXA, pp. 377–382. IEEE Computer Society, Los Alamitos (2003)
IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL specification, v1.2 (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/
OASIS: XACML, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Ardagna, C., et al.: PrimeLife Policy Language, ACAS, W3C (2009), http://www.w3.org/2009/policy-ws/
Bussard, L., Becker, M.Y.: Can access control be extended to deal with data handling in privacy scenarios?, ACAS, W3C (2009), http://www.w3.org/2009/policy-ws/
Papanikolaou, N., Creese, S., Goldsmith, M., Casassa Mont, M., Pearson, S.: ENCORE: Towards a holistic approach to privacy. In: SECRYPT (2010)
Cranor, L.: Web Privacy with P3P. O’Reilly & Associates, Sebastopol (2002)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001), http://wwwdse.doc.ic.ac.uk/research/policies/index.shtml
Ardagna, C., Vimercati, S., Samarati, P.: Enhancing user privacy through data handling policies. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 224–236. Springer, Heidelberg (2006)
Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
Becker, M.Y., Malkis, A., Bussard, L.: A Framework for Privacy Preferences and Data-Handling Policies, MSR-TR-2009-128 (2009), http://research.microsoft.com/apps/pubs/default.aspx?id=102614
Bruening, P., Krasnow Waterman, K.: Data Tagging for New Information Governance Models. IEEE Security and Privacy, 64–68 (September/October 2010)
Voltage, http://www.voltage.com/technology/Technology_FormatPreservingEncryption.htm
Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-Preserving Encryption. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 295–312. Springer, Heidelberg (2009)
Tang, W.: On using encryption techniques to enhance sticky policies enforcement, TR-CTIT-08-64, Centre for Telematics and Information Technology (2008)
Pearson, S., Casassa Mont, M.: A System for Privacy-aware Resource Allocation and Data Processing in Dynamic Environments. In: I-NetSec 2006. IFIP, vol. 201, pp. 471–482. Springer, Heidelberg (2006)
Zuo, Y., O’Keefe, T.: Post-release information privacy protection: A framework and next-generation priacy-enhanced operating system. ISF 9(5), 451–467 (2007), http://www.springerlink.com/content/03718003288553u5/
Pearson, S., Casassa Mont, M., Novoa, M.: Securing Information Transfer within Distributed Computing Environments. IEEE Security & Privacy Magazine 6(1), 34–42 (2008)
Pérez-Freire, L., Comesaña, P., Troncoso-Pastoriza, J.R., Pérez-González, F.: Watermarking security: A survey. In: Shi, Y.Q. (ed.) Transactions on Data Hiding and Multimedia Security I. LNCS, vol. 4300, pp. 41–72. Springer, Heidelberg (2006)
Bayardo, R., Agrawal, R.: Data Privacy through Optimal k-Anonymisation. In: International Conference on Data Engineering, pp. 217–228 (2005)
Pöhls, H.C.: Verifiable and Revocable Expression of Consent to Processing of Aggregated Personal Data. In: ICICS (2008)
Schunter, M., Waidner, M.: Simplified privacy controls for aggregated services — suspend and resume of personal data. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 218–232. Springer, Heidelberg (2007)
Pearson, S., Charlesworth, A.: Accountability as a Way Forward for Privacy Protection in the Cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 131–144. Springer, Heidelberg (2009)
Knode, R., Egan, D.: Digital Trust in the Cloud, CSC (July 2010), http://assets1.csc.com/cloud/downloads/wp_cloudtrustprotocolprecis_073010.pdf
Dataware project, Horizon Digital Economy Research Group, http://www.horizon.ac.uk
EnCoRe, Ensuring Consent and Revocation project, http://www.encore-project.info
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pearson, S., Mont, M.C., Kounga, G. (2011). Enhancing Accountability in the Cloud via Sticky Policies. In: Lee, C., Seigneur, JM., Park, J.J., Wagner, R.R. (eds) Secure and Trust Computing, Data Management, and Applications. STA 2011. Communications in Computer and Information Science, vol 187. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22365-5_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-22365-5_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22364-8
Online ISBN: 978-3-642-22365-5
eBook Packages: Computer ScienceComputer Science (R0)