Skip to main content
SpringerLink
Log in

Enhancing Accountability in the Cloud via Sticky Policies

  • Conference paper
Secure and Trust Computing, Data Management, and Applications (STA 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 187))

Abstract

This paper introduces and discusses a data management solution to provide accountability within the cloud as well as addressing privacy issues. The central idea is as follows. Customers allow cloud (service) providers to have access to specific data based on agreed policies and by forcing interactions with interchangeable independent third parties called Trust Authorities. The access to data can be as fine-grained as necessary, based on policy definitions, underlying encryption mechanisms (supporting the stickiness of policies to the data) and a related key management approach that allows (sets of) data attribute(s) to be encrypted specifically based on the policy. Access to data is mediated by a Trust Authority that checks for compliance to policies in order to release decryption keys. By these means users can be provided with finegrained control over access and usage of their data within the cloud, even in public cloud models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Pearson, S., Benameur, A.: Privacy, Security and Trust Issues Arising from Cloud Computing. In: CPSRT 2010, CloudCom, IEEE, Los Alamitos (2010)

    Google Scholar 

  2. Catteddu, D., Hogben, G. (eds.): ENISA: Cloud Computing: Benefits, Risks and Recommendations for Information Security (2009), http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment

  3. Weitzner, D., Abelson, H., Berners-Lee, T., Hanson, C., Hendler, J.A., Kagal, L., McGuinness, D.L., Sussman, G.J., Waterman, K.K.: Transparent Accountable Data Mining: New Strategies for Privacy Protection. In: AAAI Spring Symposium on The Semantic Web meets eGovernment, AAAI Press, Menlo Park (2006)

    Google Scholar 

  4. Galway Project: Plenary session Introduction, p. 5 (April 28, 2009)

    Google Scholar 

  5. Crompton, M., Cowper, C., Jefferis, C.: The Australian Dodo Case: an insight for data protection regulation. World Data Protection Report 9(1), BNA (2009)

    Google Scholar 

  6. Galway Project: Data Protection Accountability: The Essential Elements (2009), http://www.huntonfiles.com/files/webupload/CIPL_Galway_Accountability_Paper.pdf

  7. Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. In: DEXA, pp. 377–382. IEEE Computer Society, Los Alamitos (2003)

    Google Scholar 

  9. IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL specification, v1.2 (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/

  10. OASIS: XACML, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

  11. Ardagna, C., et al.: PrimeLife Policy Language, ACAS, W3C (2009), http://www.w3.org/2009/policy-ws/

  12. Bussard, L., Becker, M.Y.: Can access control be extended to deal with data handling in privacy scenarios?, ACAS, W3C (2009), http://www.w3.org/2009/policy-ws/

  13. Papanikolaou, N., Creese, S., Goldsmith, M., Casassa Mont, M., Pearson, S.: ENCORE: Towards a holistic approach to privacy. In: SECRYPT (2010)

    Google Scholar 

  14. Cranor, L.: Web Privacy with P3P. O’Reilly & Associates, Sebastopol (2002)

    Google Scholar 

  15. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001), http://wwwdse.doc.ic.ac.uk/research/policies/index.shtml

  16. Ardagna, C., Vimercati, S., Samarati, P.: Enhancing user privacy through data handling policies. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 224–236. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  18. Becker, M.Y., Malkis, A., Bussard, L.: A Framework for Privacy Preferences and Data-Handling Policies, MSR-TR-2009-128 (2009), http://research.microsoft.com/apps/pubs/default.aspx?id=102614

  19. Bruening, P., Krasnow Waterman, K.: Data Tagging for New Information Governance Models. IEEE Security and Privacy, 64–68 (September/October 2010)

    Google Scholar 

  20. Voltage, http://www.voltage.com/technology/Technology_FormatPreservingEncryption.htm

  21. Navajos, http://navajosystems.com/technology_encryption.asp

  22. Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-Preserving Encryption. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 295–312. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  23. Tang, W.: On using encryption techniques to enhance sticky policies enforcement, TR-CTIT-08-64, Centre for Telematics and Information Technology (2008)

    Google Scholar 

  24. Pearson, S., Casassa Mont, M.: A System for Privacy-aware Resource Allocation and Data Processing in Dynamic Environments. In: I-NetSec 2006. IFIP, vol. 201, pp. 471–482. Springer, Heidelberg (2006)

    Google Scholar 

  25. Zuo, Y., O’Keefe, T.: Post-release information privacy protection: A framework and next-generation priacy-enhanced operating system. ISF 9(5), 451–467 (2007), http://www.springerlink.com/content/03718003288553u5/

    Google Scholar 

  26. Pearson, S., Casassa Mont, M., Novoa, M.: Securing Information Transfer within Distributed Computing Environments. IEEE Security & Privacy Magazine 6(1), 34–42 (2008)

    Article  Google Scholar 

  27. Pérez-Freire, L., Comesaña, P., Troncoso-Pastoriza, J.R., Pérez-González, F.: Watermarking security: A survey. In: Shi, Y.Q. (ed.) Transactions on Data Hiding and Multimedia Security I. LNCS, vol. 4300, pp. 41–72. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  28. Bayardo, R., Agrawal, R.: Data Privacy through Optimal k-Anonymisation. In: International Conference on Data Engineering, pp. 217–228 (2005)

    Google Scholar 

  29. Pöhls, H.C.: Verifiable and Revocable Expression of Consent to Processing of Aggregated Personal Data. In: ICICS (2008)

    Google Scholar 

  30. Schunter, M., Waidner, M.: Simplified privacy controls for aggregated services — suspend and resume of personal data. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 218–232. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  31. Pearson, S., Charlesworth, A.: Accountability as a Way Forward for Privacy Protection in the Cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 131–144. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  32. Knode, R., Egan, D.: Digital Trust in the Cloud, CSC (July 2010), http://assets1.csc.com/cloud/downloads/wp_cloudtrustprotocolprecis_073010.pdf

  33. Dataware project, Horizon Digital Economy Research Group, http://www.horizon.ac.uk

  34. EnCoRe, Ensuring Consent and Revocation project, http://www.encore-project.info

Download references

Author information

Authors and Affiliations

  1. Cloud and Security Research Lab, HP Labs, Long Down Avenue, Bristol, BS34 8QZ, UK

    Siani Pearson, Marco Casassa Mont & Gina Kounga

Authors
  1. Siani Pearson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marco Casassa Mont
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gina Kounga
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Engineering, Hanshin University, 815-802 Byukjeok Hanshin A., Youngtong 2-dong, Soowon, Korea

    Changhoon Lee

  2. University of Geneva, CUI, 24 Rue du Général Dufour, Geneva 4, Switzerland

    Jean-Marc Seigneur

  3. Department of Computer Science and Engineering, Seoul National University of Science and Technology, 172 Gongreung 2-dong, Nowon-gu, 139-742, Seoul, Korea

    James J. Park

  4. Institute of FAW, University of Linz, Altenbergerstrasse 69, 4040, Linz, Austria

    Roland R. Wagner

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pearson, S., Mont, M.C., Kounga, G. (2011). Enhancing Accountability in the Cloud via Sticky Policies. In: Lee, C., Seigneur, JM., Park, J.J., Wagner, R.R. (eds) Secure and Trust Computing, Data Management, and Applications. STA 2011. Communications in Computer and Information Science, vol 187. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22365-5_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22365-5_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22364-8

  • Online ISBN: 978-3-642-22365-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation