Data Confidentiality Scalability and Accountability (DCSA) in Cloud Computing

This paper aims to achieve data confidentiality scalability and accountability in cloud computing by determining first the security mechanisms required for each data sensitivity level, and which of these security controls may not be supported in certain computing environments, then which solutions can be used to cope with the identified security limitations of cloud computing. Secondly issues such as risks of privacy exposure, scalability in key management, flexible access and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to Personal health record (PHR)s stored in semi-trusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute based encryption (ABE) techniques to encrypt each patient’s PHR file. Finally we propose an approach in which procedural and technical solutions are co designed to demonstrate accountability as a path forward to resolving authority privacy and security risks within the cloud. Keywords— Cloud computing, Confidentiality, Scalability, Accountability.

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  H. Raghav Rao,et al.  Security in grid computing: A review and synthesis , 2008, Decis. Support Syst..

[3]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[4]  Siani Pearson,et al.  A System for Privacy-Aware Resource Allocation and Data Processing in Dynamic Environments , 2006, SEC.

[5]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[6]  A. Forrey,et al.  The Health Insurance Portability and Accountability Act: practice of dentistry in the United States: privacy and confidentiality. , 2003, The journal of contemporary dental practice.

[7]  A. Meyer The Health Insurance Portability and Accountability Act. , 1997, Tennessee medicine : journal of the Tennessee Medical Association.

[8]  Annie I. Antón,et al.  Analyzing Regulatory Rules for Privacy and Security Requirements , 2008, IEEE Transactions on Software Engineering.

[9]  Siani Pearson,et al.  Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy , 2005, iTrust.

[10]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.