Usable assured deletion in the cloud

The prevalence of cloud and storage-as-a-service has led to users storing and sharing data through such services. However, little is understood about one key element of data management in this new landscape, i.e., data deletion and more critically assured deletion. With regards to deletion, existing research has not explored the deletion needs of users, their preferences and the challenges they face. Nor is there any understanding of the challenges faced by cloud providers should they want to offer assured deletion. Users’ deletion needs and their preferences are diverse and vary depending on the context. However, satisfying these needs may be limited to the properties of the infrastructure - what the infrastructure permits and does not. For instance, the cloud infrastructure has various features that may pose different challenges to meeting the needs of users and providing assured deletion. These features include virtualization, multi-tenancy, high availability and On-demand elasticity. The work presented in this thesis is the first to investigate these issues. Thus, it finds that users’ motivation to delete are: privacy-, policy-, expertise- and storage-driven. They fail to delete because of the poorly designed interfaces, the way they perceive cloud deletion and lack of information about cloud deletion. Users want to have a choice in how their data is deleted, they want to be able to specify the type of deletion. Their deletion preferences are complex and may always change depending on the context of deletion, i.e., individually or socially. Regarding information about deletion, they want important information that may help them to delete or recover from failures to be easily accessible through the interface. They do not want essential information only to be restricted to privacy policies. Using these findings, this thesis provides a conceptual framework for the design of usable assured deletion in the cloud and then formulates user requirements for usable assured deletion. With regards to providers, by analysing the cloud infrastructure, this work provides a systematization of the challenges that providers face while attempting to assure deletion. It also identifies the cloud provider requirements for usable assured deletion. By considering both sets of requirements, i.e., user and provider requirements, this work provides user requirements and principles for usable assured deletion. Overall, the findings of this work formulate a solid grounding for the design and the development of cloud systems that assure deletion in a usable way. More importantly, it helps in the empowerment of users with regards to assured deletion.

[1]  Yang Wang,et al.  What matters to users?: factors that affect users' willingness to share information with online advertisers , 2013, SOUPS.

[2]  Mohsen Guizani,et al.  Assured Data Deletion With Fine-Grained Access Control for Fog-Based Industrial Applications , 2018, IEEE Transactions on Industrial Informatics.

[3]  Daniel Votipka,et al.  User Interactions and Permission Use on Android , 2017, CHI.

[4]  Sotiris Ioannidis,et al.  Face/Off: Preventing Privacy Leakage From Photos in Social Networks , 2015, CCS.

[5]  Joseph Osuji,et al.  Using Grounded theory as a method of inquiry : advantages and disadvantages , 2014 .

[6]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: Improved definitions and efficient constructions , 2011, J. Comput. Secur..

[7]  M. Angela Sasse,et al.  Obstacles to the Adoption of Secure Communication Tools , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[8]  Michael K. Reiter,et al.  Crowdsourced Exploration of Security Configurations , 2015, CHI.

[9]  Jian Shen,et al.  Provable data transfer from provable data possession and deletion in cloud storage , 2017, Comput. Stand. Interfaces.

[10]  Alessandro Acquisti,et al.  Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions , 2016, SOUPS.

[11]  Ivan Flechais,et al.  "If It's Urgent or It Is Stopping Me from Doing Something, Then I Might Just Go Straight at It": A Study into Home Data Security Decisions , 2017, HCI.

[12]  Geoffrey H. Kuenning,et al.  TrueErase , 2016, ACM Trans. Storage.

[13]  Blase Ur,et al.  The post anachronism: the temporal dimension of facebook privacy , 2013, WPES.

[14]  Deborah E. White,et al.  Thematic Analysis , 2017 .

[15]  K. Roulston Reflective Interviewing: A Guide to Theory and Practice , 2010 .

[16]  Daniel Zappala,et al.  Helping Johnny Understand and Avoid Mistakes: A Comparison of Automatic and Manual Encryption in Email , 2015, ArXiv.

[17]  Lujo Bauer,et al.  (Do Not) Track Me Sometimes: Users’ Contextual Preferences for Web Tracking , 2016, Proc. Priv. Enhancing Technol..

[18]  Kimberly A. Neuendorf,et al.  The Content Analysis Guidebook , 2001 .

[19]  Serge Egelman,et al.  Information Disclosure Concerns in The Age of Wearable Computing , 2016 .

[20]  Ming Xu,et al.  Enabling Assured Deletion in the Cloud Storage by Overwriting , 2016, SCC@AsiaCCS.

[21]  Yang Wang,et al.  "I regretted the minute I pressed share": a qualitative study of regrets on Facebook , 2011, SOUPS.

[22]  Cheryl Tatano Beck,et al.  Generalization in quantitative and qualitative research: myths and strategies. , 2010, International journal of nursing studies.

[23]  Cong Wang,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[24]  Lorrie Faith Cranor,et al.  Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging , 2015, CHI.

[25]  Shigang Chen,et al.  Two-Party Fine-Grained Assured Deletion of Outsourced Data in Cloud Systems , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems.

[26]  Pieter H. Hartel,et al.  Computationally Efficient Searchable Symmetric Encryption , 2010, Secure Data Management.

[27]  Nicola Dell,et al.  Digital Technologies and Intimate Partner Violence , 2017, Proc. ACM Hum. Comput. Interact..

[28]  Elizabeth Sillence,et al.  Digital hoarding behaviours: Underlying motivations and potential negative consequences , 2018, Comput. Hum. Behav..

[29]  Joe Arnold,et al.  OpenStack Swift: Using, Administering, and Developing for Swift Object Storage , 2014 .

[30]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[31]  Ronald L. Rivest,et al.  How to tell if your cloud files are vulnerable to drive crashes , 2011, CCS '11.

[32]  Pauline Anthonysamy,et al.  Social Networking Privacy: Understanding the Disconnect from Policy to Controls , 2013, Computer.

[33]  Xiaoping Wu,et al.  Cloud Computing System Based on Trusted Computing Platform , 2010, 2010 International Conference on Intelligent Computation Technology and Automation.

[34]  Reihaneh Safavi-Naini,et al.  LoSt: location based storage , 2012, CCSW '12.

[35]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[36]  Robert G. Capra,et al.  File synchronization and sharing: User practices and challenges , 2014, ASIST.

[37]  D. Norman The Design of Everyday Things: Revised and Expanded Edition , 2013 .

[38]  Alessandro Acquisti,et al.  Tweets are forever: a large-scale quantitative analysis of deleted tweets , 2013, CSCW.

[39]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[40]  Alessandro Sorniotti,et al.  Policy-based secure deletion , 2013, IACR Cryptol. ePrint Arch..

[41]  Steve Whittaker,et al.  Cloudy forecast: an exploration of the factors underlying shared repository use , 2014, CHI.

[42]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[43]  Fabio Pianesi,et al.  If You Are Happy and You Know It, Say "I'm Here": Investigating Parents' Location-Sharing Preferences , 2015, INTERACT.

[44]  Yu Xu,et al.  Shopping as a Social Activity: Understanding People's Categorical Item Sharing Preferences on Social Networks , 2018, IUI Workshops.

[45]  Sunny Consolvo,et al.  "...No one Can Hack My Mind": Comparing Expert and Non-Expert Security Practices , 2015, SOUPS.

[46]  Lorrie Faith Cranor,et al.  A "nutrition label" for privacy , 2009, SOUPS.

[47]  Weiming Zhang,et al.  A Cloud-User Watermarking Protocol Protecting the Right to Be Forgotten for the Outsourced Plain Images , 2018, Int. J. Digit. Crime Forensics.

[48]  Mark W. Newman,et al.  Share and share alike: exploring the user interface affordances of file sharing , 2006, CHI.

[49]  Ari Juels,et al.  Proofs of retrievability: theory and implementation , 2009, CCSW '09.

[50]  Chris Kanich,et al.  Forgotten But Not Gone: Identifying the Need for Longitudinal Data Management in Cloud Storage , 2018, CHI.

[51]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[52]  Bo Tang,et al.  Incorporating Intelligence in Fog Computing for Big Data Analysis in Smart Cities , 2017, IEEE Transactions on Industrial Informatics.

[53]  Annie I. Antón,et al.  Examining Internet privacy policies within the context of user privacy values , 2005, IEEE Transactions on Engineering Management.

[54]  Jiannong Cao,et al.  When Privacy Meets Usability: Unobtrusive Privacy Permission Recommendation System for Mobile Apps Based on Crowdsourcing , 2018, IEEE Transactions on Services Computing.

[55]  Bu-Sung Lee,et al.  How to Track Your Data: The Case for Cloud Computing Provenance , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[56]  Alexander De Luca,et al.  "If I press delete, it's gone" - User Understanding of Online Data Deletion and Expiration , 2018, SOUPS @ USENIX Security Symposium.

[57]  Jonathan Grudin,et al.  A study of preferences for sharing and privacy , 2005, CHI Extended Abstracts.

[58]  B. Berg Qualitative Research Methods for the Social Sciences , 1989 .

[59]  Shigang Chen,et al.  On Deletion of Outsourced Data in Cloud Computing , 2014, 2014 IEEE 7th International Conference on Cloud Computing.

[60]  ชวิตรา ตันติมาลา Constructing Grounded Theory: A Practical Guide through Qualitative Analysis , 2017 .

[61]  Hovav Shacham,et al.  Do you know where your cloud files are? , 2011, CCSW '11.

[62]  Jakob Nielsen,et al.  Enhancing the explanatory power of usability heuristics , 1994, CHI '94.

[63]  Philip N Johnson-Laird,et al.  INAUGURAL ARTICLE by a Recently Elected Academy Member:Mental models and human reasoning , 2010 .

[64]  L. Jean Camp,et al.  Targeted risk communication for computer security , 2011, IUI '11.

[65]  Roy H. Campbell,et al.  A middleware for assured clouds , 2011, Journal of Internet Services and Applications.

[66]  Michelle X. Zhou,et al.  KnowMe and ShareMe: understanding automatically discovered personality traits from social media and user sharing preferences , 2014, CHI.

[67]  David M. Nicol,et al.  Trust mechanisms for cloud computing , 2013, Journal of Cloud Computing: Advances, Systems and Applications.

[68]  Jakob Nielsen,et al.  Heuristic evaluation of user interfaces , 1990, CHI '90.

[69]  Frederik Vercauteren,et al.  Somewhat Practical Fully Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[70]  Chris Kanich,et al.  "I Saw Images I Didn't Even Know I Had": Understanding User Perceptions of Cloud Storage Privacy , 2015, CHI.

[71]  H. Bernard,et al.  Techniques to Identify Themes , 2003 .

[72]  Sebastian Günther Folk Models of Home Computer Security , 2012 .

[73]  David M. Eyers,et al.  Data-Centric Access Control for Cloud Computing , 2016, SACMAT.

[74]  Michael Backes Poster : Forcing the Cloud to Forget by Attesting Data Deletion , 2015 .

[75]  Emilee J. Rader,et al.  The importance of visibility for folk theories of sensor data , 2017, SOUPS.

[76]  Xiaojiang Du,et al.  Efficient attribute-based encryption with attribute revocation for assured data deletion , 2018, Inf. Sci..

[77]  Jose M. Such,et al.  REACT: REcommending Access Control decisions To social media users , 2017, 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[78]  Ronald L. Krutz,et al.  Cloud Security: A Comprehensive Guide to Secure Cloud Computing , 2010 .

[79]  Yang Tang,et al.  A Secure Cloud Backup System with Assured Deletion and Version Control , 2011, 2011 40th International Conference on Parallel Processing Workshops.

[80]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[81]  Imad M. Abbadi,et al.  Challenges for Provenance in Cloud Computing , 2011, TaPP.

[82]  Emilee J. Rader,et al.  Yours, mine and (not) ours: social influences on group information repositories , 2009, CHI.

[83]  Michael K. Reiter,et al.  To Permit or Not to Permit, That is the Usability Question: Crowdsourcing Mobile Apps’ Privacy Permission Settings , 2017, Proc. Priv. Enhancing Technol..

[84]  V. T. Raja,et al.  Protecting the privacy and security of sensitive customer data in the cloud , 2012, Comput. Law Secur. Rev..

[85]  Jose M. Such,et al.  How Socially Aware Are Social Media Privacy Controls? , 2016, Computer.

[86]  Blase Ur,et al.  "i read my Twitter the next morning and was astonished": a conversational perspective on Twitter regrets , 2013, CHI.

[87]  Steven Furnell,et al.  Why users cannot use security , 2005, Comput. Secur..

[88]  Ishani Banerji,et al.  Evidence-based recommendations for designing free-sorting experiments , 2015, Behavior research methods.

[89]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[90]  K. Jehn,et al.  Using triangulation to validate themes in qualitative studies , 2009 .

[91]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[92]  L. Jean Camp,et al.  Implementing Mental Models , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[93]  Marlyn Bennett A Review of the Literature on the Benefits and Drawbacks of Participatory Action Research , 2020, First Peoples Child & Family Review.

[94]  Dan Feng,et al.  SafeVanish: An Improved Data Self-Destruction for Protecting Data Privacy , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[95]  Paul Dourish,et al.  Security in the wild: user strategies for managing security as an everyday, practical problem , 2004, Personal and Ubiquitous Computing.

[96]  Piotr Sapiezynski,et al.  Investigating sources of PII used in Facebook’s targeted advertising , 2019, Proc. Priv. Enhancing Technol..

[97]  Srdjan Capkun,et al.  Data Node Encrypted File System: Efficient Secure Deletion for Flash Memory , 2012, USENIX Security Symposium.

[98]  Peter R. Pietzuch,et al.  CloudFilter: practical control of sensitive data propagation to the cloud , 2012, CCSW '12.

[99]  M. Mrinalni Vaknishadh,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2012 .

[100]  Noa Aharony,et al.  An exploratory study on factors affecting the adoption of cloud computing by information professionals , 2015, Electron. Libr..

[101]  Naranker Dulay,et al.  Shared and Searchable Encrypted Data for Untrusted Servers , 2008 .

[102]  Krishna P. Gummadi,et al.  Longitudinal Privacy Management in Social Media: The Need for Better Controls , 2017, IEEE Internet Computing.

[103]  Dong Yong-feng A Data Assured Deletion Approach Adapted for Cloud Storage , 2012 .

[104]  Angela Sasse,et al.  Humans in the Loop Human – Computer Interaction and Security , 2022 .

[105]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[106]  John C. Tang,et al.  What Do You See in the Cloud? Understanding the Cloud-Based User Experience through Practices , 2013, INTERACT.

[107]  M. Premkumar,et al.  Resolving Multi-party Privacy Conflicts in Social Media , 2018 .

[108]  Xiaohui Liang,et al.  Secure provenance: the essential of bread and butter of data forensics in cloud computing , 2010, ASIACCS '10.

[109]  J. Bergold,et al.  Participatory Research Methods: A Methodological Approach in Motion , 2012 .

[110]  Bashar Nuseibeh,et al.  On Protecting Privacy in the Cloud , 2015 .

[111]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[112]  Angelos D. Keromytis,et al.  CloudFence: Data Flow Tracking as a Cloud Service , 2013, RAID.

[113]  John C. Tang,et al.  That syncing feeling: early user experiences with the cloud , 2012, DIS '12.

[114]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[115]  A. Bryman Social Research Methods , 2001 .

[116]  David Aspinall,et al.  AppPAL for Android - Capturing and Checking Mobile App Policies , 2016, ESSoS.

[118]  Justin Marshall,et al.  TrueErase: per-file secure deletion for the storage data path , 2012, ACSAC '12.

[119]  Blase Ur,et al.  Do Users' Perceptions of Password Security Match Reality? , 2016, CHI.

[120]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[121]  Aleecia M. McDonald,et al.  The Cost of Reading Privacy Policies , 2009 .

[122]  Alan F. Blackwell,et al.  The reification of metaphor as a design tool , 2006, TCHI.

[123]  Srdjan Capkun,et al.  On Secure Data Deletion , 2014, IEEE Secur. Priv..

[124]  Lorrie Faith Cranor,et al.  Designing Effective Privacy Notices and Controls , 2017, IEEE Internet Computing.

[125]  Leonard R. Newton,et al.  Data-logging in practical science: research and reality , 2000 .

[126]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[127]  Scott Reeves,et al.  Qualitative research methodologies: ethnography , 2008, BMJ : British Medical Journal.

[128]  Ayad F. Barsoum,et al.  Provable Possession and Replication of Data over Cloud Servers , 2011 .

[129]  V. Braun,et al.  Using thematic analysis in psychology , 2006 .

[130]  F. John Krautheim,et al.  Private Virtual Infrastructure for Cloud Computing , 2009, HotCloud.

[131]  Gottfried Wilhelm,et al.  Participatory Design for Security-Related User Interfaces , 2015 .

[132]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.

[133]  Eran Toch,et al.  Retrospective privacy: managing longitudinal privacy in online social networks , 2013, SOUPS.

[134]  K. Charmaz,et al.  Constructing Grounded Theory , 2014 .

[135]  Lujo Bauer,et al.  Access Control for Home Data Sharing: Attitudes, Needs and Practices , 2010, CHI.

[136]  Gregory D. Abowd,et al.  Human-Computer Interaction (3rd Edition) , 2003 .

[137]  L. Jean Camp,et al.  Mental models of privacy and security , 2009, IEEE Technology and Society Magazine.

[138]  Sarah M. Diesburg,et al.  A survey of confidential data storage and deletion methods , 2010, CSUR.

[139]  Dan C. Marinescu,et al.  Cloud Computing: Theory and Practice , 2013 .

[140]  Rick Wash,et al.  Influencing mental models of security: a research agenda , 2011, NSPW '11.

[141]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[142]  Yang Tang,et al.  FADE: Secure Overlay Cloud Storage with File Assured Deletion , 2010, SecureComm.

[143]  Irene Pollach,et al.  What's wrong with online privacy policies? , 2007, CACM.

[144]  Pauline Anthonysamy,et al.  A Method for Analysing Traceability between Privacy Policies and Privacy Controls of Online Social Networks , 2012, APF.

[145]  Glenn A. Bowen Naturalistic inquiry and the saturation concept: a research note , 2008 .

[146]  岩橋 敏幸,et al.  "Your Attention Please: Designing security-decision UIs to make genuine risks harder to ignore"の紹介 , 2013 .

[147]  Bashar Nuseibeh,et al.  Protecting Privacy in the Cloud: Current Practices, Future Directions , 2016, Computer.

[148]  Moira C. Norrie,et al.  MUBox: Multi-User Aware Personal Cloud Storage , 2015, CHI.

[149]  N. M. Morris,et al.  On Looking into the Black Box: Prospects and Limits in the Search for Mental Models , 1986 .

[150]  Gorka Irazoqui Apecechea,et al.  S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES , 2015, 2015 IEEE Symposium on Security and Privacy.

[151]  Yosef Jabareen,et al.  Building a Conceptual Framework: Philosophy, Definitions, and Procedure , 2009 .

[152]  Marita A. O'Brien,et al.  Diffusion of Technology: Frequency of use for Younger and Older Adults , 2011, Ageing international.

[153]  Paul Ralph,et al.  Grounded Theory in Software Engineering Research: A Critical Review and Guidelines , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[154]  Srdjan Capkun,et al.  Home is safer than the cloud!: privacy concerns for consumer cloud storage , 2011, SOUPS.

[155]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[156]  Lujo Bauer,et al.  Sharing Personal Content Online: Exploring Channel Choice and Multi-Channel Behaviors , 2016, CHI.

[157]  Colin Boyd,et al.  GeoProof: Proofs of Geographic Location for Cloud Computing Environment , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[158]  Chen Yue,et al.  A data assured deletion scheme in cloud storage , 2014, China Communications.

[159]  Amy Voida,et al.  Turbulence in the clouds: challenges of cloud-based information work , 2013, CHI.

[160]  Tara Matthews,et al.  Stories from Survivors: Privacy & Security Practices when Coping with Intimate Partner Abuse , 2017, CHI.

[161]  P. Vishvapathi,et al.  Privacy-Preserving Multi-keyword Ranked Search over Encrypted Cloud Data , 2022 .

[162]  Ari Juels,et al.  HAIL: a high-availability and integrity layer for cloud storage , 2009, CCS.

[163]  Junzuo Lai,et al.  A Secure Cloud Backup System with Deduplication and Assured Deletion , 2017, ProvSec.

[164]  Yang Tang,et al.  Secure Overlay Cloud Storage with Access Control and Assured Deletion , 2012, IEEE Transactions on Dependable and Secure Computing.

[165]  B. Everitt,et al.  Statistical methods for rates and proportions , 1973 .

[166]  Lukas Burkon Quality of Service Attributes for Software as a Service , 2013 .

[167]  Eleanor McLellan,et al.  Codebook Development for Team-Based Qualitative Analysis , 1998 .

[168]  Rajesh Palit,et al.  Simplified File Assured Deletion (SFADE) - A user friendly overlay approach for data security in cloud storage system , 2013, 2013 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[169]  Robert H. Sloan,et al.  Beyond Notice and Choice: Privacy, Norms, and Consent , 2013 .

[170]  Lee A. Bygrave,et al.  A right to be forgotten? , 2014, Commun. ACM.

[171]  David M. Eyers,et al.  CloudSafetyNet: Detecting Data Leakage between Cloud Tenants , 2014, CCSW.

[172]  Steven M. Bellovin,et al.  Facebook and privacy: it's complicated , 2012, SOUPS.

[173]  John Stone,et al.  Handbook of Science and Technology Studies , 2007 .

[174]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.