A comprehensive approach to privacy in the cloud-based Internet of Things

In the near future, the Internet of Things is expected to penetrate all aspects of the physical world, including homes and urban spaces. In order to handle the massive amount of data that becomes collectible and to offer services on top of this data, the most convincing solution is the federation of the Internet of Things and cloud computing. Yet, the wide adoption of this promising vision, especially for application areas such as pervasive health care, assisted living, and smart cities, is hindered by severe privacy concerns of the individual users. Hence, user acceptance is a critical factor to turn this vision into reality.To address this critical factor and thus realize the cloud-based Internet of Things for a variety of different application areas, we present our comprehensive approach to privacy in this envisioned setting. We allow an individual user to enforce all her privacy requirements before any sensitive data is uploaded to the cloud, enable developers of cloud services to integrate privacy functionality already into the development process of cloud services, and offer users a transparent and adaptable interface for configuring their privacy requirements. Observation: Adoption of cloud-based IoT is hindered by severe privacy concerns.We protect potentially sensitive data before it is uploaded to the cloud.We support service developers in developing privacy functionality for a service.We shift decisions about privacy from developers and providers to users.We provide users with a transparent and adaptable interface for configuring privacy.

[1]  Martin Gilje Jaatun,et al.  Security in Model Driven Development: A Survey , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[2]  Klaus Wehrle,et al.  User-Driven Privacy Enforcement for Cloud-Based Services in the Internet of Things , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[3]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[4]  H. Nissenbaum A Contextual Approach to Privacy Online , 2011, Daedalus.

[5]  Gary T. Marx,et al.  Personal Information, Borders, and the New Surveillance Studies , 2007 .

[6]  Peter Bodorik,et al.  Engineering Privacy for Big Data Apps with the Unified Modeling Language , 2013, 2013 IEEE International Congress on Big Data.

[7]  Tom Stewart,et al.  Usability , 2009, Behav. Inf. Technol..

[8]  Jorge Lobo,et al.  Privacy-aware role-based access control , 2010 .

[9]  Klaus Wehrle,et al.  Privacy in the Internet of Things: threats and challenges , 2014, Secur. Commun. Networks.

[10]  Thomas F. J.-M. Pasquier,et al.  Expressing and Enforcing Location Requirements in the Cloud Using Information Flow Control , 2015, 2015 IEEE International Conference on Cloud Engineering.

[11]  Klaus Wehrle,et al.  Maintaining User Control While Storing and Processing Sensor Data in the Cloud , 2013, Int. J. Grid High Perform. Comput..

[12]  Paul Dourish,et al.  Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena , 2006, Hum. Comput. Interact..

[13]  Schahram Dustdar,et al.  Efficient and Scalable IoT Service Delivery on Cloud , 2013, 2013 IEEE Sixth International Conference on Cloud Computing.

[14]  Sabine Koch,et al.  Healthy ageing supported by technology – a cross-disciplinary research challenge , 2010, Informatics for health & social care.

[15]  Klaus Wehrle,et al.  SCSlib: Transparently Accessing Protected Sensor Data in the Cloud , 2014, EUSPN/ICTH.

[16]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[17]  Klaus Wehrle,et al.  POSTER: Privacy-preserving Indoor Localization , 2014, ArXiv.

[18]  Michael E. Lesk The Price of Privacy , 2012, IEEE Security & Privacy.

[19]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[20]  Bernhard Rumpe,et al.  Agile Modellierung mit UML - Codegenerierung, Testfälle, Refactoring, 2. Auflage , 2012, Xpert.press.

[21]  Bernhard Rumpe Agile Modellierung mit UML - Codegenerierung, Testfälle, Refactoring , 2005, Xpert.press.

[22]  Arie van Deursen,et al.  Domain-specific languages: an annotated bibliography , 2000, SIGP.

[23]  Martin Schindler,et al.  Eine Werkzeuginfrastruktur zur agilen Entwicklung mit der UML-P , 2012, Aachener Informatik-Berichte, Software Engineering.

[24]  Clare-Marie Karat,et al.  Usable security and privacy: a case study of developing privacy management tools , 2005, SOUPS '05.

[25]  Martin Courtney Premium binds [Communications Tracking Technologies] , 2013 .

[26]  Elena Ferrari,et al.  Towards a Modeling and Analysis Framework for Privacy-Aware Systems , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[27]  Günter Karjoth,et al.  A privacy policy model for enterprises , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[28]  Stacy J. Prowell,et al.  Denial of Service , 2010 .

[29]  Jianqiang Li,et al.  A hybrid solution for privacy preserving medical data sharing in the cloud environment , 2015, Future Gener. Comput. Syst..

[30]  Klaus Wehrle,et al.  SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators , 2013, Trusted Cloud Computing.

[31]  Tom Kirkham,et al.  Risk driven Smart Home resource management using cloud services , 2014, Future Gener. Comput. Syst..

[32]  Gene Tsudik,et al.  A new approach to secure logging , 2008, TOS.

[33]  Lee A. Bygrave,et al.  A right to be forgotten? , 2014, Commun. ACM.

[34]  Kevin Fu,et al.  HICCUPS: health information collaborative collection using privacy and security , 2009, SPIMACS '09.

[35]  Adam Stubblefield,et al.  Using Client Puzzles to Protect TLS , 2001, USENIX Security Symposium.

[36]  Colin Atkinson,et al.  Model-Driven Development: A Metamodeling Foundation , 2003, IEEE Softw..

[37]  Radhika M. Pai,et al.  A Dual Cloud Based Secure Environmental Parameter Monitoring System: A WSN Approach , 2013, CloudComp.

[38]  Bernhard Rumpe Modellierung mit UML - Sprache, Konzepte und Methodik, 2. Auflage , 2011, Xpert.press.

[39]  Bernhard Rumpe,et al.  Agile Modeling with the UML , 2002, RISSEF.

[40]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[41]  Bernhard Rumpe,et al.  MontiCore 1.0: Framework zur Erstellung und Verarbeitung domänenspezifischer Sprachen , 2006 .

[42]  Michael Eggert,et al.  SensorCloud: Sociological Contextualization of an Innovative Cloud Platform , 2014, Trusted Cloud Computing.

[43]  Shiping Chen,et al.  A platform for secure monitoring and sharing of generic health data in the Cloud , 2014, Future Gener. Comput. Syst..

[44]  Klaus Wehrle,et al.  The Cloud Needs Cross-Layer Data Handling Annotations , 2013, 2013 IEEE Security and Privacy Workshops.

[45]  Matthias Schunter,et al.  Privacy promises, access control, and privacy management. Enforcing privacy throughout an enterprise by extending access control , 2002, Proceedings. Third International Symposium on Electronic Commerce,.

[46]  Clare-Marie Karat,et al.  An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench , 2006, SOUPS '06.

[47]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[48]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[49]  Josef Spillner,et al.  Flexible data distribution policy language and gateway architecture , 2012, 2012 IEEE Latin America Conference on Cloud Computing and Communications (LatinCloud).

[50]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[51]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[52]  Srdjan Capkun,et al.  Home is safer than the cloud!: privacy concerns for consumer cloud storage , 2011, SOUPS.

[53]  C. Powers Privacy Promises, Access Control, and Privacy Management , 2002 .

[54]  David A. Basin,et al.  A decade of model-driven security , 2011, SACMAT '11.

[55]  Klaus Wehrle,et al.  Towards Data Handling Requirements-Aware Cloud Computing , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[57]  Klaus Wehrle,et al.  A Trust Point-based Security Architecture for Sensor Data in the Cloud , 2014, Trusted Cloud Computing.

[58]  Jin H. Im,et al.  Privacy , 2002, Encyclopedia of Information Systems.

[59]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[60]  Gabor Karsai,et al.  Design Guidelines for Domain Specific Languages , 2014, ArXiv.

[61]  Gramm Leach Bliley Privacy Enforcement with an Extended Role-Based Access Control Model , 2006 .

[62]  Martin Glinz,et al.  On shared understanding in software engineering: an essay , 2014, Computer Science - Research and Development.

[63]  Richard Beckwith,et al.  Designing for Ubiquity: The Perception of Privacy , 2003, IEEE Pervasive Comput..

[64]  Klaus Wehrle,et al.  A Cloud design for user-controlled storage and processing of sensor data , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[65]  Nelson Pacheco da Rocha,et al.  Usability, accessibility and ambient-assisted living: a systematic literature review , 2013, Universal Access in the Information Society.

[66]  Antonio Pescapè,et al.  On the Integration of Cloud Computing and Internet of Things , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[67]  Soonyoung Cha,et al.  Personal Information , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[68]  Mukhtiar Memon,et al.  Ambient Assisted Living Healthcare Frameworks, Platforms, Standards, and Quality Attributes , 2014, Sensors.

[69]  Wei Xie,et al.  Security and Privacy in Cloud Computing: A Survey , 2010, 2010 Sixth International Conference on Semantics, Knowledge and Grids.

[70]  R.T.Subhalakshmi,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[71]  Bernhard Rumpe,et al.  A Model-based Software Development Kit for the SensorCloud Platform , 2014, Trusted Cloud Computing.

[72]  Salil S. Kanhere,et al.  A survey on privacy in mobile participatory sensing applications , 2011, J. Syst. Softw..

[73]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[74]  Joseph K. Liu,et al.  Secure sharing of Personal Health Records in cloud computing: Ciphertext-Policy Attribute-Based Signcryption , 2015, Future Gener. Comput. Syst..

[75]  Andreas Jacobsson,et al.  On the Risk Exposure of Smart Home Automation Systems , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[76]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[77]  Yacine Challal,et al.  Secure and Scalable Cloud-Based Architecture for e-Health Wireless Sensor Networks , 2012, 2012 21st International Conference on Computer Communications and Networks (ICCCN).

[78]  Heiko Behrens,et al.  Xtext: implement your language faster than the quick and dirty way , 2010, SPLASH/OOPSLA Companion.

[79]  Slim Trabelsi,et al.  PPL: PrimeLife Privacy Policy Engine , 2011, 2011 IEEE International Symposium on Policies for Distributed Systems and Networks.