Privacy as a service: privacy-aware data storage and processing in cloud computing architectures (original) (raw)
Related papers
IJARCCE, 2014
In this paper, in this Project We Proposed Securely encryption schemes have proven to offer a high level of security, but they require lengthy computations; more efficient and scalable security solutions are thus needed. Traditional distributed architectures uphold trust by enforcing security policies. However, in cloud deployment models, data and application control is delegated; hence traditional policy-based enforcement presents a number of challenges. Reliable enforcement is a critical aspect of cloud service dependability. A trusted third party within a cloud environment is often used together with cryptographic methods to ensure the integrity, authenticity, and confidentiality of both data and communication. Protecting a user's account from misuse is an important part of the larger problem of controlling access to cloud-based resources (such as objects, memory, devices, and soft ware). Cryptographic authentication solutions can help facilitate secure resource utilization. Secure and privacy-preserving cloud computing presents technical, legal, and administrative challenges. Our focus here is on the technical issues. The main aspects of security, confidentiality, integrity, and availability must be addressed at the client side, the connection, and the server side. The major issue is that all three operate in and are part of shared environments; hence their security and privacy requirements must be combined. The importance of cloud security has been widely acknowledged, and several organizations, such as the Cloud Security Alliance have been looking at it from different perspectives. Cloud services have three basic models: software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Although these models have major differences, they share many security-and privacy-related issues.
On Protecting Privacy in the Cloud
2015
Cloud computing has now emerged as popular computing paradigm for data storage and computation for enterprises and individuals. Its major characteristics include the pay-per-use pricing model, where users pay only for the resources they consume with no upfront cost for hardware/software infrastructures, and the capability of providing scalable and unlimited storage and computation resources to meet changing business needs of enterprises with minimal management overhead [1]. The cloud, however, presents a major limitation to enterprises and individuals who move to public clouds: they lose control over the systems that manage their data and applications, leading to increased security and privacy concerns [2,3,4].
Secure Data Processing in the Cloud
2017
Data protection is a key issue in the adoption of cloud services. The project “RestAssured – Secure Data Processing in the Cloud,” financed by the European Union’s Horizon 2020 research and innovation programme, addresses the challenge of data protection in the cloud with a combination of innovative security solutions, data lifecycle management techniques, run-time adaptation, and automated risk management. This paper gives an overview about the project’s goals and current status.
Privacy in the cloud: Bridging the gap between design and implementation
Lecture Notes in Business Information Processing, 2013
Bridging the gap between design and implementation stages has been a major concern that deplores designers, analysts and developers for quite a long time during the design and implementation of information systems in traditional environments. This issue grows to bigger dimension with the presence of cloud computing. Designing and modeling an Information System for the Cloud is a major and hard task that most of the traditional software engineering approaches fail to fulfill. In parallel, many respective organisations and respective researchers have highlighted a number of security and privacy challenges that are not present in traditional environments and need special attention when implementing or migrating information systems into a cloud environment. Thus, security and privacy are by themselves two areas that need special attention in the cloud era. This paper moves on to this direction. Specifically, it presents a number of privacy-oriented technical concepts that analysts need to consider when designing and modeling privacy-aware systems in a cloud environment. Also it suggest for every concept a number of implementation techniques that can assist developers in implementing the respective concepts.
Data Security and Privacy in Cloud Computing
International Journal of Distributed Sensor Networks, 2014
Data security has consistently been a major issue in information technology. In the cloud computing environment, it becomes particularly serious because the data is located in different places even in all the globe. Data security and privacy protection are the two main factors of user's concerns about the cloud technology. Though many techniques on the topics in cloud computing have been investigated in both academics and industries, data security and privacy protection are becoming more important for the future development of cloud computing technology in government, industry, and business. Data security and privacy protection issues are relevant to both hardware and software in the cloud architecture. This study is to review different security techniques and challenges from both software and hardware aspects for protecting data in the cloud and aims at enhancing the data security and privacy protection for the trustworthy cloud environment. In this paper, we make a comparative...
CloudProtect: Managing Data Privacy in Cloud Applications
2012 IEEE Fifth International Conference on Cloud Computing, 2012
This paper describes the CloudProtect middleware that empowers users to encrypt sensitive data stored within various cloud applications. However, most web applications require data in plaintext for implementing the various functionalities and in general, do not support encrypted data management. Therefore, CloudProtect strives to carry out the data transformations (encryption/decryption) in a manner that is transparent to the application, i.e., preserves all functionalities of the application, including those that require data to be in plaintext. Additionally, CloudProtect allows users flexibility in trading off performance for security in order to let them optimally balance their privacy needs and usage-experience.
The New Privacy: Emerging Standards for Cloud-Based Security
2019
From consumer hard drives and enterprise servers, data is migrating to the cloud. Driven by lower costs of ownership, elastic on-demand services, improved interoperability and the insights produced through machine learning, cloud-based computing synthesises the best of previous mainframe and personal computing paradigms. However the cloud—and the valuable data it houses—is also vulnerable. Breaches, data leaks and linkage attacks are widespread, often bypassing existing security safeguards. In this contested environment, privacy attains a new primacy—a critical issue for customers and a currency of trust for business. New technologies are emerging to address privacy in the cloud. This whitepaper surveys four approaches: blockchains, differential privacy, multiparty computation (MPC) and fully homomorphic encryption (FHE). While blockchains and differential privacy are relatively mature and well understood, MPC and FHE have been, until recently, obscure topics of academic research.
Furthering the Growth of Cloud Computing by Providing Privacy as a Service
The evolution of Cloud Computing as a viable business solution for providing hardware and software has created many security concerns. Among these security concerns, privacy is often overlooked. If Cloud Computing is to continue its growth, this privacy concern will need to be addressed. In this work we discuss the current growth of Cloud Computing and the impact the public sector and privacy can have in furthering this growth. To begin to provide privacy protection for Cloud Computing, we introduce privacy constraints that outline privacy preferences. We propose the expansion of Cloud Service Level Agreements (SLAs) to include these privacy constraints as Quality of Service (QoS) levels. This privacy QoS must be agreed upon along with the rest of the QoS terms within the SLA by the Cloud consumer and provider. Finally, we introduce Privacy as a Service (PraaS) to monitor the agreement and provide enforcement if necessary.
Privacy Issues In Cloud Computing
Cloud computing is the delivery of computing as a service rather than a product. It provides shared resources, software, and information to computers and other devices over a network. The increasing network bandwidth and reliable yet flexible network connections make it even possible that users can now subscribe high quality services from data and software that reside solely on remote data centres. We can store and retrieve the data as we like using cloud computing. The cloud computing paradigm changes the way in which information is managed, especially where personal data processing is concerned. End-users can access cloud services without the need for any expert knowledge of the underlying technology. This is a key characteristic of cloud computing, which offers the advantage of reducing cost through the sharing of computing and storage resources, combined with an on-demand provisioning mechanism based on a pay-per-use business model. These new features have a direct impact on the IT budget and cost of ownership, but also bring up issues of traditional security, trust and privacy mechanisms.Privacy, in this Article, refers to the right to self-determination, that is, the right of individuals to 'know what is known about them', be aware of stored information about them, control how that information is communicated and prevent its abuse. In other words, it refers to more than just confidentiality of information. Protection of personal information (or data protection) derives from the right to privacy via the associated right to self-determination. Every individual has the right to control his or her own data, whether private, public or professional. Privacy issues are increasingly important in the online world. It is generally accepted that due consideration of privacy issues promotes user confidence and economic development. However, the secure release, management and control of personal information into the cloud represent a huge challenge for all stakeholders, involving pressures both legal and commercial. This study analyses the challenges posed by cloud computing and the standardization work being done by various standards development organizations (SDOs) to mitigate privacy risks in the cloud, including the role of privacy-enhancing technologies (PETs).
Privacy-preserving security solution for cloud services
Journal of Applied Research and Technology, 2015
We propose a novel privacy-preserving security solution for cloud services. Our solution is based on an efficient nonbilinear group signature scheme providing the anonymous access to cloud services and shared storage servers. The novel solution offers anonymous authenticationfor registered users. Thus, users' personal attributes (age, valid registration, successful payment) can be proven without revealing users' identity, and users can use cloud services without any threat of profiling their behavior. However, if a user breaks provider's rules, his access right is revoked.Our solution provides anonymous access, unlinkability and the confidentiality of transmitted data. We implement our solution as a proof of concept applicationand present the experimental results. Further, we analyzecurrent privacy preserving solutions for cloud services and group signature schemes as basic parts of privacy enhancing solutions in cloud services. We compare the performance of our solution with the related solutionsand schemes.