in the name of allah - sharifce.sharif.edu/courses/89-90/2/ce534-1/resources/root/student...
TRANSCRIPT
PRIVACY IN THE CLOUDAmirhoseiN Aliakbarian
Khordad, 90
In The Name of Allah
2011 رویرهش 2 هبنشجنپ
OUTLINE
Cloud Computing
Significance of Privacy in the Cloud
Some Solutions
2011 رویرهش 2 هبنشجنپ
CLOUD
2011 رویرهش 2 هبنشجنپ
C L O U DI M P O R T A N C E
There is lots of samples.
Microsoft
Amazon ec2
IBM SmartCloud
XaaS
2011 رویرهش 2 هبنشجنپ
PRIVACY IN THE CLOUD
2011 رویرهش 2 هبنشجنپ
P R I V A C Y I N T H E C L O U DP R I V A C Y , I T S E L F
More than Simple Security
Human Rigths to be left FREE!
Having Control over Personal Info.
2011 رویرهش 2 هبنشجنپ
P R I V A C Y I N T H E C L O U DP E R S O N A L I N F O R M A T I O N
PII
Sensitive Information
Usage Info
Device Uniquely Identifiable Info
2011 رویرهش 2 هبنشجنپ
P R I V A C Y I N T H E C L O U DD A T A L I F E C Y C L E
T. Mather, et al., Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance: O'Reilly Media, Inc., 2009.
2011 رویرهش 2 هبنشجنپ
P R I V A C Y I N T H E C L O U DP R I V A C Y R I S K S
Cloud Service Users
Organizations using Cloud
Implementers of Cloud Framework
Service Providers
Data Subject
2011 رویرهش 2 هبنشجنپ
P R I V A C Y I N T H E C L O U DT A K I N G P R I V A C Y I N T O A C C O U N T W H I L E D E S I N I N G
Privacy Impact Assesment
Assess at different phases
Use PET
Top Tips (Next Slide)
2011 رویرهش 2 هبنشجنپ
P R I V A C Y I N T H E C L O U DT A K I N G P R I V A C Y I N T O A C C O U N T W H I L E D E S I N I N G
Top Tips for SEs
Minimize PII sent to Cloud
Protect PII in the Cloud
Maximize User Control
Allow User Choice
Specify and Limit purpose of data usage
Provide Feedback
2011 رویرهش 2 هبنشجنپ
P R I V A C Y I N T H E C L O U DP R I V A C Y L E A K A G E E X A M P L E S
SalesForce
User Specific Services
2011 رویرهش 2 هبنشجنپ
SOME SOLUTIONS
2011 رویرهش 2 هبنشجنپ
S O M E S O L U T I O N SA C L I E N T B A S E D S O L U T I O N [ M O W B R A Y ]
M .Mowbray and S. Pearson, "A client-based privacy manager for cloud computing," presented at the Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, Dublin, Ireland, 2009.
2011 رویرهش 2 هبنشجنپ
S O M E S O L U T I O N SA N A N O N Y M I T Y B A S E D S O L U T I O N
k-Anonymity
Private matching
Min-Attribute Generalization
2011 رویرهش 2 هبنشجنپ
S O M E S O L U T I O N SP R I V A C Y - P R E S E R V I N G A U D I T I N G [ W A N G ]
Public Auditing: A Solution to Check Integrity
Two Basic Schemes ...
Problems: Privacy, Dynamic Data, Other Limitations
2011 رویرهش 2 هبنشجنپ
S O M E S O L U T I O N SP R I V A C Y - P R E S E R V I N G A U D I T I N G [ W A N G ]
Based on Homomorphic Authenticator
Performance - Batch Auditing
2011 رویرهش 2 هبنشجنپ
S O M E S O L U T I O N SC O N C L U S I O N
Client-Based
Limit Usages
Works partially with all Clouds
Server-Based
More Trust needed
Need Server Cooperation
2011 رویرهش 2 هبنشجنپ
REFERENCES
Z. Minqi, "Security and Privacy in Cloud Computing: A Survey," in Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on, 2010, pp. 105-112.Microsoft. (2011). Microsoft Cloud Computing Tools and Platforms. Available: www.microsoft.com/CloudAmazon. (2011). Amazon Elastic Compute Cloud. Available: http://aws.amazon.com/ec2/
IBM, "IBM SmartCloud," 2011.HP, "HP Cloud Computing," 2011.T. Mather, et al., Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance: O'Reilly Media, Inc., 2009.
S. Pearson, "Taking account of privacy when designing cloud computing services," presented at the Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, 2009.
M .Mowbray and S. Pearson, "A client-based privacy manager for cloud computing," presented at the Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, Dublin, Ireland, 2009.
S. Pearson, et al., "A Privacy Manager for Cloud Computing," in Cloud Computing. vol. 5931, M. Jaatun, et al., Eds., ed: Springer Berlin / Heidelberg, 2009, pp. 90-106.
W. Jian and L. Jiajin, "Based on Private Matching and Min-attribute Generalization for Privacy Preserving in Cloud Computing," in Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), 2010 Sixth International Conference on, 2010, pp. 735-738.
W. Cong, et al., "Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing," in INFOCOM, 2010 Proceedings IEEE, 2010, pp. 1-9.
2011 رویرهش 2 هبنشجنپ
THANKS FOR YOUR ATTENTION
Any Question?
2011 رویرهش 2 هبنشجنپ