Enhancing privacy in cloud computing via policy-based obfuscation

In this paper, we describe a privacy manager for cloud computing that controls policy-based obfuscation and de-obfuscation of personal, sensitive, or confidential data within cloud service provision. By these means, cloud computing users may reduce the risk of their private data being stolen or misused, and in addition assistance may be given to cloud computing providers in helping them conform to privacy law. We describe different possible architectures for such privacy management in cloud computing, give an algebraic description of obfuscation features provided by the privacy manager, and describe how policies may be defined to control such obfuscation. Furthermore, we assess the performance and scalability of this approach and consider mechanisms to enhance usability. Several examples of how the privacy manager might be used are given, including protection of private metadata associated with online photos and of confidential information contained within share portfolios.

[1]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[2]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[3]  Boris Balacheff,et al.  Trusted virtual platforms: a key enabler for converged client devices , 2009, OPSR.

[4]  Andrew S. Patrick,et al.  From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interactions , 2003, Privacy Enhancing Technologies.

[5]  B. Turner Organization for Economic Co-Operation and Development (OECD) , 2001 .

[6]  C. J. Date A Guide to the SQL Standard , 1987 .

[7]  Igor E. Shparlinski,et al.  The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.

[8]  Shin Ta Liu,et al.  Risk Modeling, Assessment, and Management , 1999, Technometrics.

[9]  Ting Yu,et al.  Determining user privacy preferences by asking the right questions: an automated approach , 2005, WPES '05.

[10]  Siani Pearson,et al.  Privacy Assurance: Bridging the Gap Between Preference and Practice , 2007, TrustBus.

[11]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[12]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[13]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[14]  BrownRichard,et al.  Trusted virtual platforms , 2009 .

[15]  Peter Bodorik,et al.  Consistent privacy preferences (CPP): model, semantics, and properties , 2008, SAC '08.

[16]  Dimitris Gritzalis,et al.  A Privacy-Enhancing e-Business Model Based on Infomediaries , 2001, MMM-ACNS.

[17]  États-Unis Uniting and strengthening America by providing appropriate tools required to intercept and obstruct terrorism (USA patriot act) Act of 2001 , 2001 .

[18]  Siani Pearson,et al.  An Adaptive Privacy Management System for Data Repositories , 2005, TrustBus.

[19]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[20]  Ramakrishnan Srikant,et al.  XPref: a preference language for P3P , 2005, Comput. Networks.

[21]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[22]  Daniele Catteddu,et al.  Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[23]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[24]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[25]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[26]  M. Mowbray The Fog over the Grimpen Mire: Cloud Computing and the Law , 2009 .

[27]  Lorrie Faith Cranor,et al.  A "nutrition label" for privacy , 2009, SOUPS.

[28]  Edgar A. Whitley,et al.  EnCoRe : Ensuring Consent and Revocation , 2009 .

[29]  Karl Aberer,et al.  P2P reputation management: Probabilistic estimation vs. social networks , 2006, Comput. Networks.

[30]  John Sören Pettersson,et al.  Making PRIME usable , 2005, SOUPS '05.

[31]  Lorrie Faith Cranor,et al.  User interfaces for privacy agents , 2006, TCHI.

[32]  Lorrie Faith Cranor,et al.  Web Privacy with P3p , 2002 .

[33]  Victor A. Skormin,et al.  Information Assurance in Computer Networks , 2001, Lecture Notes in Computer Science.

[34]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[35]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[36]  Vitaly Shmatikov,et al.  Obfuscated databases and group privacy , 2005, CCS '05.

[37]  Marco Casassa Mont,et al.  A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises , 2006, Privacy Enhancing Technologies.

[38]  Siani Pearson,et al.  A client-based privacy manager for cloud computing , 2009, COMSWARE '09.

[39]  Siani Pearson,et al.  Securing Information Transfer in Distributed Computing Environments , 2008, IEEE Security & Privacy.

[40]  Sanjay Ghemawat,et al.  MapReduce: Simplified Data Processing on Large Clusters , 2004, OSDI.

[41]  Siani Pearson,et al.  Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy , 2005, iTrust.

[42]  Hai Jin,et al.  Building Automated Trust Negotiation architecture in virtual computing environment , 2009, The Journal of Supercomputing.