Privacy in cloud computing environments: a survey and research challenges

Definitely, cloud computing represents a real evolution in the IT world that provides many advantages for both providers and users. This new paradigm includes several services that allow data storage and processing. However, outsourcing data to the cloud raises many issues related to privacy concerns. In fact, for some organizations and individuals, data privacy present a crucial aspect of their business. Indeed, their sensitive data (health, finance, personal information, etc.) have a very important value, and any infringement of privacy can cause great loss in terms of money and reputation. Therefore, without considering privacy issues, the adoption of cloud computing can be discarded by large spectra of users. In this paper, we provide a survey on privacy risks and challenges for public cloud computing. We present and evaluate the main existing solutions that have made great progress in this area. To better address privacy concerns, we point out considerations and guidelines while giving the remained open issues that require additional investigation efforts to fulfill preserving and enhancing privacy in public cloud.

[1]  Slim Trabelsi,et al.  Sticky policies for data control in the cloud , 2012, 2012 Tenth Annual International Conference on Privacy, Security and Trust.

[2]  Manish Manoria,et al.  A survey on privacy preserving mining implementing techniques , 2016, 2016 Symposium on Colossal Data Analysis and Networking (CDAN).

[3]  Salve Bhagyashri Salve Bhagyashri,et al.  Privacy-Preserving Public Auditing For Secure Cloud Storage , 2014 .

[4]  Zahir Tari,et al.  Security and Privacy in Cloud Computing , 2014, IEEE Cloud Computing.

[5]  Siani Pearson,et al.  Privacy and Security for Cloud Computing , 2012, Computer Communications and Networks.

[6]  Javier Lopez,et al.  Trust, Privacy, and Security in Digital Business , 2014, Lecture Notes in Computer Science.

[7]  Vagelis Papakonstantinou,et al.  The New Cloud Computing ISO/IEC 27018 Standard Through the Lens of the EU Legislation on Data Protection , 2014 .

[8]  P. Jyothi,et al.  Minimizing Internal Data Theft in Cloud Through Disinformation Attacks , 2013 .

[9]  QiuMeikang,et al.  Intelligent cryptography approach for secure distributed big data storage in cloud computing , 2017 .

[10]  Martin A. Weiss,et al.  U.S.-EU Data Privacy: From Safe Harbor to Privacy Shield [May 19, 2016] , 2016 .

[11]  Ahmed Khalid,et al.  A survey of Cloud Computing Security challenges and solutions , 2016 .

[12]  Cong Wang,et al.  Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data , 2012, IEEE Transactions on Parallel and Distributed Systems.

[13]  Chris J. Mitchell,et al.  Trusted Computing, Second International Conference, Trust 2009, Oxford, UK, April 6-8, 2009, Proceedings , 2009, TRUST.

[14]  Siani Pearson,et al.  Toward Accountability in the Cloud , 2011, IEEE Internet Computing.

[15]  Siani Pearson,et al.  End-to-end policy based encryption techniques for multi-party data management , 2014, Comput. Stand. Interfaces.

[16]  Frank Leymann,et al.  Compliant Cloud Computing (C3): Architecture and Language Support for User-Driven Compliance Management in Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[17]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[18]  Martijn Warnier,et al.  Privacy Regulations for Cloud Computing , 2009 .

[19]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[20]  Muthu Ramachandran,et al.  Cloud Computing Adoption Framework – a security framework for business clouds , 2015 .

[21]  Minhaj Ahmad Khan,et al.  A survey of security issues for cloud computing , 2016, J. Netw. Comput. Appl..

[22]  Elisa Bertino,et al.  Proceedings of the third ACM conference on Data and application security and privacy , 2013, CODASPY 2013.

[23]  Vallipuram Muthukkumarasamy,et al.  A survey on data leakage prevention systems , 2016, J. Netw. Comput. Appl..

[24]  Gillian Bull,et al.  Data Protection - Safe Harbor: Transferring Personal Data to the USA , 2001, Comput. Law Secur. Rev..

[25]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[26]  Stéphane Betgé-Brezetz,et al.  End-to-end privacy policy enforcement in cloud infrastructure , 2013, 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet).

[27]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .

[28]  Matthew Metheny,et al.  Security and Privacy in Public Cloud Computing , 2013, CloudCom 2013.

[29]  Sushil Jajodia,et al.  Encryption and Fragmentation for Data Confidentiality in the Cloud , 2013, FOSAD.

[30]  Jiankun Hu,et al.  Secure searches in the cloud: A survey , 2016, Future Gener. Comput. Syst..

[31]  Shiping Chen,et al.  SafeProtect: Controlled Data Sharing With User-Defined Policies in Cloud-Based Collaborative Environment , 2016, IEEE Transactions on Emerging Topics in Computing.

[32]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[33]  Wenjing Lou,et al.  A privacy-preserved full-text retrieval algorithm over encrypted data for cloud storage applications , 2017, J. Parallel Distributed Comput..

[34]  Patricia Moloney Figliola U.S.-EU Data Privacy: From Safe Harbor to Privacy Shield , 2016 .

[35]  Alexander Pretschner,et al.  Data Loss Prevention Based on Data-Driven Usage Control , 2012, 2012 IEEE 23rd International Symposium on Software Reliability Engineering.

[36]  Aaron Weiss Trusted computing , 2006, NTWK.

[37]  Aziz Mohaisen,et al.  A Private Walk in the Clouds: Using End-to-End Encryption between Cloud Applications in a Personal Domain , 2014, TrustBus.

[38]  Siani Pearson,et al.  A toolkit for automating compliance in cloud computing services , 2014, Int. J. Cloud Comput..

[39]  Erwin Laure,et al.  Security and Privacy of Sensitive Data in Cloud Computing: A Survey of Recent Developments , 2015, NeTCoM 2015.

[40]  Athanasios V. Vasilakos,et al.  Security in cloud computing: Opportunities and challenges , 2015, Inf. Sci..

[41]  Gerrit Hornung,et al.  A General Data Protection Regulation for Europe? Light and shade in the Commission’s draft of 25 January 2012 , 2012 .

[42]  Max Mühlhäuser,et al.  Trust as a facilitator in cloud computing: a survey , 2012, Journal of Cloud Computing: Advances, Systems and Applications.

[43]  Douglas M. Blough,et al.  Distributed Enforcement of Sticky Policies with Flexible Trust , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[44]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[45]  Alexander Pretschner,et al.  Data usage control enforcement in distributed systems , 2013, CODASPY.

[46]  Hatem Hadj Kacem,et al.  Elastic Multi-tenant Business Process Based Service Pattern in Cloud Computing , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[47]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[48]  Slim Trabelsi,et al.  Data Usage Control in the Future Internet Cloud , 2011, Future Internet Assembly.

[49]  Igor Cialenco,et al.  Asymptotic Properties of the Maximum Likelihood Estimator for Stochastic Parabolic Equations with Additive Fractional Brownian Motion , 2008, 0804.0407.

[50]  Siani Pearson,et al.  Enhancing privacy in cloud computing via policy-based obfuscation , 2012, The Journal of Supercomputing.

[51]  Ahmad-Reza Sadeghi,et al.  Token-Based Cloud Computing , 2010, TRUST.

[52]  Daniel L. Goroff Balancing privacy versus accuracy in research protocols , 2015, Science.

[53]  Michael D Birnhack,et al.  The EU Data Protection Directive: An engine of a global regime , 2008, Comput. Law Secur. Rev..

[54]  M. Dupont,et al.  Privacy Data Envelope: Concept and implementation , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[55]  Mukesh Singhal,et al.  CloudPDB: A light-weight data privacy schema for cloud-based databases , 2016, 2016 International Conference on Computing, Networking and Communications (ICNC).

[56]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[57]  Ruby B. Lee,et al.  A software-hardware architecture for self-protecting data , 2012, CCS.

[58]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[59]  Burak Kantarci,et al.  On the impact of quality of experience (QoE) in a vehicular cloud with various providers , 2014, 2014 11th Annual High Capacity Optical Networks and Emerging/Enabling Technologies (Photonics for Energy).

[60]  Stephen S. Yau,et al.  Protection of users' data confidentiality in cloud computing , 2010, Internetware.

[61]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems. OTM 2018 Conferences , 2018, Lecture Notes in Computer Science.

[62]  Alexander Pretschner,et al.  A Fully Decentralized Data Usage Control Enforcement Infrastructure , 2015, ACNS.

[63]  Miguel Correia,et al.  DepSky: Dependable and Secure Storage in a Cloud-of-Clouds , 2013, TOS.

[64]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[65]  Priscilla M. Regan Old issues, new context: Privacy, information collection, and homeland security , 2004, Gov. Inf. Q..

[66]  Dave Cliff,et al.  A financial brokerage model for cloud computing , 2011, Journal of Cloud Computing: Advances, Systems and Applications.

[67]  Qi Zhang,et al.  Trusted Platform Module 2.0 Library , 2013 .

[68]  Sara Baase A Gift of Fire, Social, Legal, and Ethical Issues in Computing , 2008 .

[69]  U. S. Code,et al.  Gramm-Leach-Bliley Act , 1999 .

[70]  Donna Xu,et al.  Self Protecting Data Sharing Using Generic Policies , 2015, 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[71]  Mahesh U. Shankarwar,et al.  Security and Privacy in Cloud Computing: A Survey , 2014, FICTA.

[72]  Elisa Bertino,et al.  Adaptive data protection in distributed systems , 2013, CODASPY.

[73]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[74]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[75]  J. Rubenfeld The Right of Privacy , 1989 .

[76]  H. T. Mouftah,et al.  An Auction-Driven Multi-Objective Provisioning Framework in a Vehicular Cloud , 2015, 2015 IEEE Globecom Workshops (GC Wkshps).

[77]  Siani Pearson,et al.  Protecting Personal Information in Cloud Computing , 2012, OTM Conferences.

[78]  Era moderna até Health Insurance Portability and Accountability Act , 2011 .

[79]  Aderemi A. Atayero,et al.  Security Issues in Cloud Computing: The Potentials of Homomorphic Encryption , 2011 .

[80]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[81]  Keke Gai,et al.  Intelligent cryptography approach for secure distributed big data storage in cloud computing , 2017, Inf. Sci..

[82]  Sugata Sanyal,et al.  A Survey on Security Issues in Cloud Computing , 2011, 1109.5388.

[83]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..