Skip to main content
SpringerLink
Log in

Protecting Personal Information in Cloud Computing

  • Conference paper
On the Move to Meaningful Internet Systems: OTM 2012 (OTM 2012)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7566))

Abstract

This paper gives an overview of issues in privacy protection of personal information in the cloud, and describes a variety of approaches that may be used to address these issues. Some of these approaches are available for use now; others are relatively immature, but look promising. The most appropriate approach varies according to the type of data to be processed or application to be run in the cloud.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Warren, S., Brandeis, L.: The Right to Privacy. Harvard Law Review 4, 193 (1890)

    Article  Google Scholar 

  2. Westin, A.: Privacy and Freedom. Atheneum, New York (1967)

    Google Scholar 

  3. American Institute of Certified Public Accountants (AICPA) and CICA, Generally Accepted Privacy Principles (August 2009), http://www.aicpa.org/interestareas/informationtechnology/resources/privacy/generallyacceptedprivacyprinciples/downloadabledocuments/gapp_prac_%200909.pdf

  4. Solove, D.J.: A Taxonomy of Privacy. University of Pennyslavania Law Review 154(3), 477 (2006), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=667622

    Article  Google Scholar 

  5. European Commission (EC): Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)

    Google Scholar 

  6. Organization for Economic Co-operation and Development (OECD): Guidelines for the Protection of Personal Data and Transborder Data Flows (1980), http://www.oecd.org/document/18/0,3746,en_2649_34223_1815186_1_1_1_1,00.html

  7. Safe Harbor website, http://export.gov/safeharbor/

  8. The White House: Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (February 2012), http://www.whitehouse.gov/sites/default/files/privacy-final.pdf

  9. European Commission (EC): Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (January 2012), http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_10_en.pdf

  10. Manyika, J., Chui, M., Brown, B., Bughin, J., Dobbs, R., Roxburgh, C. Byers, A.H.: Big Data: The next frontier for innovation, competition and productivity, McKinsey Global Insitute Report (May 2011), http://www.mckinsey.com/Insights/MGI/Research/Technology_and_Innovation/Big_data_The_next_frontier_for_innovation

  11. Mell, P., Grance, T.: A NIST definition of cloud computing. National Institute of Standards and Technology. NIST Special Publication 800-145 (2009), http://www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf

  12. Narayanan, A., Shmatikov, V.: Robust Deanonymization of Large Sparse Datasets. In: IEEE Symposium on Security and Privacy (S&P), pp. 111–125. IEEE (2008)

    Google Scholar 

  13. Lyon, C., Retzer, K.: Privacy in the Cloud: A Legal Framework for Moving Personal Data to the Cloud. Corporate Counselor (February 14, 2011)

    Google Scholar 

  14. Gellman, R.: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing. World Privacy Forum (2009), www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf

  15. Grance, T., Jansen, W.: Guidelines on Security and Privacy in Public Cloud Computing. NIST Special Publication 800-144 (December 2011)

    Google Scholar 

  16. Catteddu, D., Hogben, G. (eds.): Cloud Computing: Benefits, Risks and Recommendations for Information Security. ENISA Report (2009), http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment

  17. Cloud Security Alliance (CSA): Security Guidance for Critical Areas of Focus in Cloud Computing. v2.1, English language version (December 2009), http://cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf

  18. Pearson, S.: Privacy, Security and Trust in Cloud Computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, Computer Communications and Networks. Springer, London (2012)

    Google Scholar 

  19. ENISA, Cloud Computing Information Assurance Framework, http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-information-assurance-framework

  20. Mowbray, M.: The Fog over the Grimpen Mire: Cloud Computing and the Law. Scripted Journal of Law, Technology and Society 6(1) (April 2009)

    Google Scholar 

  21. Kamara, S., Lauter, K.: Cryptographic Cloud Storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) FC 2010 Workshops. LNCS, vol. 6054, pp. 136–149. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  22. Cusack, M.: Information Preservation: Structured Data Archiving: Key Issues. Cloud Camp London (2009), http://www.slideshare.net/cpurrington/mark-cusack-cloud-camp4-london-2

  23. Trusted Computing Group, http://www.trustedcomputinggroup.org

  24. Pearson, S.: Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy. In: Herrmann, P., Issarny, V., Shiu, S. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 305–320. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  25. Pearson, S., Casassa Mont, M., Novoa, M.: Securing Information Transfer within Distributed Computing Environments. IEEE Security & Privacy Magazine 6(1), 34–42 (2008)

    Article  Google Scholar 

  26. Yao, A.C.: How to Generate and Exchange Secrets. In: 27th Symposium of Foundations of Computer Science (FoCS), pp. 162–167. IEEE Press, New York (1986)

    Google Scholar 

  27. Gentry, C.: Fully Homomorphic Encryption Using Ideal Lattices. In: 41st ACM Symposium on Theory of Computing, Bethesda, Maryland, USA, May 31-June 2, pp. 169–178 (2009)

    Google Scholar 

  28. Mowbray, M., Pearson, S., Shen, Y.: Enhancing Privacy in Cloud Computing via Policy-based Obfuscation. J. Supercomputing 61(2), 267–291 (2012)

    Article  Google Scholar 

  29. Amazon Web Services LLC, TC3 Health (2009), http://aws.amazon.com/solutions/case-studies/tc3-health/

  30. Salesforce.com, Inc.: Sales Force Automation, http://www.salesforce.com/products/sales-force-automation/

  31. Pearson, S., Casassa Mont, M., Chen, L., Reed, A.: End-to-End Policy-Based Encryption and Management of Data in the Cloud. In: Proc. CloudCom 2011. IEEE (2011)

    Google Scholar 

  32. Irwin, K., Yu, T.: Determining user privacy preferences by asking the right questions: an automated approach. In: WPES 2005: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pp. 47–50. ACM, New York (2005)

    Chapter  Google Scholar 

  33. Cavoukian, A.: Privacy in the Clouds. Identity Journal Ltd. (2008)

    Google Scholar 

  34. Chaum, D.: Security without Identification: Card Computers to make Big Brother Obsolete. Communications of the ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  35. Anonymizer, www.anonymizer.com

  36. Gentry, C., Halevi, S., Smart, N.P.: Fully Homomorphic Encryption with Polylog Overhead. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 465–482. Springer, Heidelberg (2012), http://eprint.iacr.org/2011/566.pdf

    Chapter  Google Scholar 

  37. PerspecSys, www.perspecsys.com

  38. Pate, S., Tambay, T.: Securing the Cloud – Using Encryption and Key Management to Solve Today’s Security Challenges, Storage Networking Industry Association (SNIA) (2011), https://www.eiseverywhere.com/file_uploads/974dc3f1fc021f4f6caa02b20a11b031_Pate_Monday_0940_SNWS11.pdf

  39. Trend Micro, http://www.trendmicro.co.uk/

  40. Porticor, http://www.porticor.com

  41. Barker, E., Smid, M., Branstad, D., Chockhani, S.: A Framework for Designing Cryptographic Key Management Systems, NIST Special Publication 800-130 (April 2012), http://csrc.nist.gov/publications/drafts/800-130/second-draft_sp-800-130_april-2012.pdf

  42. Cavoukian, A.: Privacy by Design: The 7 Foundational Principles (January 2011) (revised), http://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf

  43. Information Commissioners Office, Privacy by Design, Report (2008), www.ico.gov.uk

  44. Information Commissioner’s Office (ICO): Data protection guidance note: Privacy enhancing technologies (2007), http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/privacy_enhancing_technologies_v2.pdf

  45. Shen, Y, Pearson, S.: Privacy-enhancing Technologies: A Review. HP Labs Technical Report, HPL-2011-113 (2011), http://www.hpl.hp.com/techreports/2011/HPL-2011-113.html

  46. Pearson, S.: Taking Account of Privacy when Designing Cloud Computing Services. In: Proc. ICSE-Cloud 2009. IEEE, Vancouver (2009), Also available as HP Labs Technical Report, HPL-2009-54, http://www.hpl.hp.com/techreports/2009/HPL-2009-54.html

  47. NEC Company Ltd. and Information and Privacy Commissioner, Ontorio, Canada: Modelling cloud computing architecture without compromising privacy: A privacy by design approach (June 2010)

    Google Scholar 

  48. Office of the Information and Privacy Commissioner of Alberta, Office of the Privacy Commissioner of Canada, Office of the Information and Privacy Commissioner for British Colombia: Getting Accountability Right with a Privacy Management Program (April 2012)

    Google Scholar 

  49. Cavoukian, A., Taylor, S., Abrams, M.: Privacy by Design: Essential for Organizational Accountability and Strong Business Practices. Identity in the Information Society 3(2), 405–413 (2010)

    Article  Google Scholar 

  50. Pearson, S.: Toward Accountability in the Cloud. IEEE Internet Computing 15(4), 64–69 (2011)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cloud and Security Lab, HP Labs, Bristol, UK

    Miranda Mowbray & Siani Pearson

Authors
  1. Miranda Mowbray
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Siani Pearson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Semantic Technology and Application Research Laboratory (STARLab), Vrije Universiteit Brussel, Building G-10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. Research Centre for Automatic Control, School of Engineering in Information Technology, Campus scientifique, University of Lorraine, CNRS, BP 70239, 54506, Vandoeuvre-les-Nancy, France

    Hervé Panetto

  3. La Trobe University, Melbourne, VIC, Australia

    Tharam Dillon

  4. Faculty of Computer Science, University of Vienna, 1010, Vienna, Austria

    Stefanie Rinderle-Ma

  5. Institute of Databases and Information Systems, Ulm University, Germany

    Peter Dadam

  6. School of Information Technology and Electrical Engineering, University of Queensland, QLD 4072, Brisbane, Australia

    Xiaofang Zhou

  7. HP Labs, Bristol, UK

    Siani Pearson

  8. Johannes Kepler University, Linz, Austria

    Alois Ferscha

  9. Università di Modena e Reggio Emilia, Modena, Italy

    Sonia Bergamaschi

  10. ADVIS Lab, Department of Computer Science, University of Illinois at Chicago, Chicago, IL, USA

    Isabel F. Cruz

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mowbray, M., Pearson, S. (2012). Protecting Personal Information in Cloud Computing. In: Meersman, R., et al. On the Move to Meaningful Internet Systems: OTM 2012. OTM 2012. Lecture Notes in Computer Science, vol 7566. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33615-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33615-7_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33614-0

  • Online ISBN: 978-3-642-33615-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation