in the name of allah - sharifce.sharif.edu/courses/89-90/2/ce534-1/resources/root/student...

PRIVACY IN THE CLOUDAmirhoseiN Aliakbarian

Khordad, 90

In The Name of Allah

2011 رویرهش 2 هبنشجنپ

OUTLINE

Cloud Computing

Significance of Privacy in the Cloud

Some Solutions


CLOUD


C L O U DI M P O R T A N C E

There is lots of samples.

Microsoft

Amazon ec2

IBM SmartCloud

XaaS


PRIVACY IN THE CLOUD


P R I V A C Y I N T H E C L O U DP R I V A C Y , I T S E L F

More than Simple Security

Human Rigths to be left FREE!

Having Control over Personal Info.


P R I V A C Y I N T H E C L O U DP E R S O N A L I N F O R M A T I O N

PII

Sensitive Information

Usage Info

Device Uniquely Identifiable Info


P R I V A C Y I N T H E C L O U DD A T A L I F E C Y C L E

T. Mather, et al., Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance: O'Reilly Media, Inc., 2009.


P R I V A C Y I N T H E C L O U DP R I V A C Y R I S K S

Cloud Service Users

Organizations using Cloud

Implementers of Cloud Framework

Service Providers

Data Subject


P R I V A C Y I N T H E C L O U DT A K I N G P R I V A C Y I N T O A C C O U N T W H I L E D E S I N I N G

Privacy Impact Assesment

Assess at different phases

Use PET

Top Tips (Next Slide)


P R I V A C Y I N T H E C L O U DT A K I N G P R I V A C Y I N T O A C C O U N T W H I L E D E S I N I N G

Top Tips for SEs

Minimize PII sent to Cloud

Protect PII in the Cloud

Maximize User Control

Allow User Choice

Specify and Limit purpose of data usage

Provide Feedback


P R I V A C Y I N T H E C L O U DP R I V A C Y L E A K A G E E X A M P L E S

SalesForce

User Specific Services


SOME SOLUTIONS


S O M E S O L U T I O N SA C L I E N T B A S E D S O L U T I O N [ M O W B R A Y ]

M .Mowbray and S. Pearson, "A client-based privacy manager for cloud computing," presented at the Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, Dublin, Ireland, 2009.


S O M E S O L U T I O N SA N A N O N Y M I T Y B A S E D S O L U T I O N

k-Anonymity

Private matching

Min-Attribute Generalization


S O M E S O L U T I O N SP R I V A C Y - P R E S E R V I N G A U D I T I N G [ W A N G ]

Public Auditing: A Solution to Check Integrity

Two Basic Schemes ...

Problems: Privacy, Dynamic Data, Other Limitations


S O M E S O L U T I O N SP R I V A C Y - P R E S E R V I N G A U D I T I N G [ W A N G ]

Based on Homomorphic Authenticator

Performance - Batch Auditing


S O M E S O L U T I O N SC O N C L U S I O N

Client-Based

Limit Usages

Works partially with all Clouds

Server-Based

More Trust needed

Need Server Cooperation


REFERENCES

Z. Minqi, "Security and Privacy in Cloud Computing: A Survey," in Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on, 2010, pp. 105-112.Microsoft. (2011). Microsoft Cloud Computing Tools and Platforms. Available: www.microsoft.com/CloudAmazon. (2011). Amazon Elastic Compute Cloud. Available: http://aws.amazon.com/ec2/

IBM, "IBM SmartCloud," 2011.HP, "HP Cloud Computing," 2011.T. Mather, et al., Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance: O'Reilly Media, Inc., 2009.

S. Pearson, "Taking account of privacy when designing cloud computing services," presented at the Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, 2009.

M .Mowbray and S. Pearson, "A client-based privacy manager for cloud computing," presented at the Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, Dublin, Ireland, 2009.

S. Pearson, et al., "A Privacy Manager for Cloud Computing," in Cloud Computing. vol. 5931, M. Jaatun, et al., Eds., ed: Springer Berlin / Heidelberg, 2009, pp. 90-106.

W. Jian and L. Jiajin, "Based on Private Matching and Min-attribute Generalization for Privacy Preserving in Cloud Computing," in Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), 2010 Sixth International Conference on, 2010, pp. 735-738.

W. Cong, et al., "Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing," in INFOCOM, 2010 Proceedings IEEE, 2010, pp. 1-9.


http://www.microsoft.com/Cloud




http://aws.amazon.com/ec2/

http://aws.amazon.com/ec2/

THANKS FOR YOUR ATTENTION

Any Question?


in the name of allah - sharifce.sharif.edu/courses/89-90/2/ce534-1/resources/root/student...

Documents