Abstract
This paper gives an overview of issues in privacy protection of personal information in the cloud, and describes a variety of approaches that may be used to address these issues. Some of these approaches are available for use now; others are relatively immature, but look promising. The most appropriate approach varies according to the type of data to be processed or application to be run in the cloud.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Warren, S., Brandeis, L.: The Right to Privacy. Harvard Law Review 4, 193 (1890)
Westin, A.: Privacy and Freedom. Atheneum, New York (1967)
American Institute of Certified Public Accountants (AICPA) and CICA, Generally Accepted Privacy Principles (August 2009), http://www.aicpa.org/interestareas/informationtechnology/resources/privacy/generallyacceptedprivacyprinciples/downloadabledocuments/gapp_prac_%200909.pdf
Solove, D.J.: A Taxonomy of Privacy. University of Pennyslavania Law Review 154(3), 477 (2006), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=667622
European Commission (EC): Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)
Organization for Economic Co-operation and Development (OECD): Guidelines for the Protection of Personal Data and Transborder Data Flows (1980), http://www.oecd.org/document/18/0,3746,en_2649_34223_1815186_1_1_1_1,00.html
Safe Harbor website, http://export.gov/safeharbor/
The White House: Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (February 2012), http://www.whitehouse.gov/sites/default/files/privacy-final.pdf
European Commission (EC): Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (January 2012), http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_10_en.pdf
Manyika, J., Chui, M., Brown, B., Bughin, J., Dobbs, R., Roxburgh, C. Byers, A.H.: Big Data: The next frontier for innovation, competition and productivity, McKinsey Global Insitute Report (May 2011), http://www.mckinsey.com/Insights/MGI/Research/Technology_and_Innovation/Big_data_The_next_frontier_for_innovation
Mell, P., Grance, T.: A NIST definition of cloud computing. National Institute of Standards and Technology. NIST Special Publication 800-145 (2009), http://www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf
Narayanan, A., Shmatikov, V.: Robust Deanonymization of Large Sparse Datasets. In: IEEE Symposium on Security and Privacy (S&P), pp. 111–125. IEEE (2008)
Lyon, C., Retzer, K.: Privacy in the Cloud: A Legal Framework for Moving Personal Data to the Cloud. Corporate Counselor (February 14, 2011)
Gellman, R.: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing. World Privacy Forum (2009), www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf
Grance, T., Jansen, W.: Guidelines on Security and Privacy in Public Cloud Computing. NIST Special Publication 800-144 (December 2011)
Catteddu, D., Hogben, G. (eds.): Cloud Computing: Benefits, Risks and Recommendations for Information Security. ENISA Report (2009), http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
Cloud Security Alliance (CSA): Security Guidance for Critical Areas of Focus in Cloud Computing. v2.1, English language version (December 2009), http://cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf
Pearson, S.: Privacy, Security and Trust in Cloud Computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, Computer Communications and Networks. Springer, London (2012)
ENISA, Cloud Computing Information Assurance Framework, http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-information-assurance-framework
Mowbray, M.: The Fog over the Grimpen Mire: Cloud Computing and the Law. Scripted Journal of Law, Technology and Society 6(1) (April 2009)
Kamara, S., Lauter, K.: Cryptographic Cloud Storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) FC 2010 Workshops. LNCS, vol. 6054, pp. 136–149. Springer, Heidelberg (2010)
Cusack, M.: Information Preservation: Structured Data Archiving: Key Issues. Cloud Camp London (2009), http://www.slideshare.net/cpurrington/mark-cusack-cloud-camp4-london-2
Trusted Computing Group, http://www.trustedcomputinggroup.org
Pearson, S.: Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy. In: Herrmann, P., Issarny, V., Shiu, S. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 305–320. Springer, Heidelberg (2005)
Pearson, S., Casassa Mont, M., Novoa, M.: Securing Information Transfer within Distributed Computing Environments. IEEE Security & Privacy Magazine 6(1), 34–42 (2008)
Yao, A.C.: How to Generate and Exchange Secrets. In: 27th Symposium of Foundations of Computer Science (FoCS), pp. 162–167. IEEE Press, New York (1986)
Gentry, C.: Fully Homomorphic Encryption Using Ideal Lattices. In: 41st ACM Symposium on Theory of Computing, Bethesda, Maryland, USA, May 31-June 2, pp. 169–178 (2009)
Mowbray, M., Pearson, S., Shen, Y.: Enhancing Privacy in Cloud Computing via Policy-based Obfuscation. J. Supercomputing 61(2), 267–291 (2012)
Amazon Web Services LLC, TC3 Health (2009), http://aws.amazon.com/solutions/case-studies/tc3-health/
Salesforce.com, Inc.: Sales Force Automation, http://www.salesforce.com/products/sales-force-automation/
Pearson, S., Casassa Mont, M., Chen, L., Reed, A.: End-to-End Policy-Based Encryption and Management of Data in the Cloud. In: Proc. CloudCom 2011. IEEE (2011)
Irwin, K., Yu, T.: Determining user privacy preferences by asking the right questions: an automated approach. In: WPES 2005: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pp. 47–50. ACM, New York (2005)
Cavoukian, A.: Privacy in the Clouds. Identity Journal Ltd. (2008)
Chaum, D.: Security without Identification: Card Computers to make Big Brother Obsolete. Communications of the ACM 28(10), 1030–1044 (1985)
Anonymizer, www.anonymizer.com
Gentry, C., Halevi, S., Smart, N.P.: Fully Homomorphic Encryption with Polylog Overhead. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 465–482. Springer, Heidelberg (2012), http://eprint.iacr.org/2011/566.pdf
PerspecSys, www.perspecsys.com
Pate, S., Tambay, T.: Securing the Cloud – Using Encryption and Key Management to Solve Today’s Security Challenges, Storage Networking Industry Association (SNIA) (2011), https://www.eiseverywhere.com/file_uploads/974dc3f1fc021f4f6caa02b20a11b031_Pate_Monday_0940_SNWS11.pdf
Trend Micro, http://www.trendmicro.co.uk/
Porticor, http://www.porticor.com
Barker, E., Smid, M., Branstad, D., Chockhani, S.: A Framework for Designing Cryptographic Key Management Systems, NIST Special Publication 800-130 (April 2012), http://csrc.nist.gov/publications/drafts/800-130/second-draft_sp-800-130_april-2012.pdf
Cavoukian, A.: Privacy by Design: The 7 Foundational Principles (January 2011) (revised), http://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf
Information Commissioners Office, Privacy by Design, Report (2008), www.ico.gov.uk
Information Commissioner’s Office (ICO): Data protection guidance note: Privacy enhancing technologies (2007), http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/privacy_enhancing_technologies_v2.pdf
Shen, Y, Pearson, S.: Privacy-enhancing Technologies: A Review. HP Labs Technical Report, HPL-2011-113 (2011), http://www.hpl.hp.com/techreports/2011/HPL-2011-113.html
Pearson, S.: Taking Account of Privacy when Designing Cloud Computing Services. In: Proc. ICSE-Cloud 2009. IEEE, Vancouver (2009), Also available as HP Labs Technical Report, HPL-2009-54, http://www.hpl.hp.com/techreports/2009/HPL-2009-54.html
NEC Company Ltd. and Information and Privacy Commissioner, Ontorio, Canada: Modelling cloud computing architecture without compromising privacy: A privacy by design approach (June 2010)
Office of the Information and Privacy Commissioner of Alberta, Office of the Privacy Commissioner of Canada, Office of the Information and Privacy Commissioner for British Colombia: Getting Accountability Right with a Privacy Management Program (April 2012)
Cavoukian, A., Taylor, S., Abrams, M.: Privacy by Design: Essential for Organizational Accountability and Strong Business Practices. Identity in the Information Society 3(2), 405–413 (2010)
Pearson, S.: Toward Accountability in the Cloud. IEEE Internet Computing 15(4), 64–69 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mowbray, M., Pearson, S. (2012). Protecting Personal Information in Cloud Computing. In: Meersman, R., et al. On the Move to Meaningful Internet Systems: OTM 2012. OTM 2012. Lecture Notes in Computer Science, vol 7566. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33615-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-33615-7_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33614-0
Online ISBN: 978-3-642-33615-7
eBook Packages: Computer ScienceComputer Science (R0)