Accountability for cloud and other future Internet services

Cloud and IT service providers should act as responsible stewards for the data of their customers and users. However, the current absence of accountability frameworks for distributed IT services makes it difficult for users to understand, influence and determine how their service providers honour their obligations. The A4Cloud project will create solutions to support users in deciding and tracking how their data is used by cloud service providers. By combining methods of risk analysis, policy enforcement, monitoring and compliance auditing with tailored IT mechanisms for security, assurance and redress, A4Cloud aims to extend accountability across entire cloud service value chains, covering personal and business sensitive information in the cloud.

[1]  Aiko Pras,et al.  Inside dropbox: understanding personal cloud storage services , 2012, Internet Measurement Conference.

[2]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[3]  P. Samarati,et al.  PrimeLife Policy Language , 2010 .

[4]  Daniela Cruzes,et al.  Recommended Steps for Thematic Synthesis in Software Engineering , 2011, 2011 International Symposium on Empirical Software Engineering and Measurement.

[5]  Alain Pannetrat,et al.  Mutant Apples: A Critical Examination of Cloud SLA Availability Definitions , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[6]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[7]  Roel Peeters,et al.  Distributed privacy-preserving transparency logging , 2013, WPES.

[8]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[9]  Karin Bernsmed,et al.  Abstract Accountability Language , 2014, IFIPTM.

[10]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[11]  Ken Huang,et al.  ST&E Is the Most Cost Effective Measure for Comply with Payment Card Industry (PCI) Data Security Standard , 2008, Financial Cryptography.

[12]  Harald Zwingelberg,et al.  UI prototypes : Policy administration and presentation (version 1) , 2009 .

[13]  Mary Tate,et al.  A Descriptive Literature Review and Classification of Cloud Computing Research , 2012, Commun. Assoc. Inf. Syst..

[14]  Siani Pearson,et al.  Interoperability Analysis of Accountable Data Governance in the Cloud , 2014, CSP Forum.

[15]  Siani Pearson,et al.  Toward Accountability in the Cloud , 2011, IEEE Internet Computing.

[16]  Karin Bernsmed,et al.  A-PPL: An Accountability Policy Language , 2014, DPM/SETOP/QASA.

[17]  Joint Task Force Transformation Initiative,et al.  Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .

[18]  Heiko Ludwig,et al.  Web Service Level Agreement (WSLA) Language Specification , 2003 .

[19]  Karin Bernsmed,et al.  A Cloud Accountability Policy Representation Framework , 2014, CLOSER.

[20]  Ari Juels,et al.  New approaches to security and availability for cloud data , 2013, CACM.

[21]  Francesco Torelli,et al.  SLA★: An abstract syntax for Service Level Agreements , 2010, 2010 11th IEEE/ACM International Conference on Grid Computing.

[22]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[23]  P. Krutchen,et al.  The Rational Unified Process: An Introduction , 2000 .

[24]  Fang Liu,et al.  NIST Cloud Computing Reference Architecture , 2011, 2011 IEEE World Congress on Services.

[25]  Asit Dan,et al.  Web Services Agreement Speci cation , 2005 .