Cloud-Based Identity and Identity Meta-Data: Secure and Control of Data in Globalization Era

This paper proposes a new identity, and its underlying meta-data, model. The approach enables secure spanning of identity meta-data across many boundaries such as health-care, financial and educational institutions, including all others that store and process sensitive personal data. It introduces the new concepts of Compound Personal Record (CPR) and Compound Identifiable Data (CID) ontology, which aim to move toward own your own data model. The CID model ensures authenticity of identity meta-data; high availability via unified Cloud-hosted XML data structure; and privacy through encryption, obfuscation and anonymity applied to Ontology-based XML distributed content. Additionally CID via XML ontologies is enabled for identity federation. The paper also suggests that access over sensitive data should be strictly governed through an access control model with granular policy enforcement on the service side. This includes the involvement of relevant access control model entities, which are enabled to authorize an ad-hoc break-glass data access, which should give high accountability for data access attempts.

[1]  Xiaohua Jia,et al.  ABAC: Attribute-Based Access Control , 2014 .

[2]  Eike Kiltz,et al.  Identity-Based Signatures , 2009, Identity-Based Cryptography.

[3]  Ling Liu,et al.  Security Models and Requirements for Healthcare Application Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[4]  James Michael Stewart,et al.  CISSP: Certified Information Systems Security Professional Study Guide, 2nd Edition , 2004 .

[5]  Csilla Farkas,et al.  Ontology-Based Authorization Model for XML Data in Distributed Systems , 2010 .

[7]  Gianni Costa,et al.  On Effective XML Clustering by Path Commonality: An Efficient and Scalable Algorithm , 2012, 2012 IEEE 24th International Conference on Tools with Artificial Intelligence.

[8]  T. Grance,et al.  SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) , 2010 .

[9]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[10]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[11]  William J. Buchanan,et al.  An Integrated Cloud-based Healthcare Infrastructure , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[12]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[13]  Siani Pearson,et al.  An interdisciplinary approach to accountability for future internet service provision , 2013, Int. J. Trust. Manag. Comput. Commun..

[14]  Slava Kisilevich,et al.  Efficient Multidimensional Suppression for K-Anonymity , 2010, IEEE Transactions on Knowledge and Data Engineering.

[15]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[16]  Xindong Wu,et al.  Anonymizing classification data using rough set theory , 2013, Knowl. Based Syst..

[17]  Antonio Maña,et al.  XML-Based Distributed Access Control System , 2002, EC-Web.

[18]  James Allan,et al.  A survey in indexing and searching XML documents , 2002, J. Assoc. Inf. Sci. Technol..

[19]  Le Xuan Hung,et al.  An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow , 2012, J. Biomed. Informatics.

[20]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[21]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[22]  Yevgeniy Dodis,et al.  ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption , 2004, CCS '04.

[23]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[24]  Jeffrey L. Duffany Cloud Computing Security and Privacy , 2012 .

[25]  Bhavani M. Thuraisingham,et al.  ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[26]  Siani Pearson,et al.  Enhancing privacy in cloud computing via policy-based obfuscation , 2012, The Journal of Supercomputing.

[27]  Min-Shiang Hwang,et al.  Privacy Protection Data Access Control , 2013, Int. J. Netw. Secur..

[28]  William J. Buchanan,et al.  DACAR Platform for eHealth Services Cloud , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[29]  Mark Bartel,et al.  Xml-Signature Syntax and Processing , 2000 .

[30]  Siani Pearson,et al.  Enhancing Accountability in the Cloud via Sticky Policies , 2011, STA Workshops.

[31]  Owen Lo,et al.  Technical evaluation of an e-health platform. , 2012 .

[32]  Nina Taft,et al.  How to hide the elephant- or the donkey- in the room: Practical privacy against statistical inference for large data , 2013, 2013 IEEE Global Conference on Signal and Information Processing.

[33]  Francesco Pagano,et al.  Using in-memory encrypted databases on the cloud , 2011, 2011 1st International Workshop on Securing Services on the Cloud (IWSSC).

[34]  Elias Ekonomou,et al.  SPoC: Protecting Patient Privacy for e-Health Services in the Cloud , 2012, eTELEMED 2012.

[35]  Andreas Schaad,et al.  Ontology-Based Secure XML Content Distribution , 2009, SEC.

[36]  Vijay Varadharajan,et al.  Cryptographic Role-Based Access Control for Secure Cloud Data Storage Systems , 2014 .

[37]  Hua Wang,et al.  A purpose‐based access control in native XML databases , 2012, Concurr. Comput. Pract. Exp..