Assessing Privacy Capabilities of Cloud Service Providers

Cloud computing provides well-known economic and technical advantages. However, the absence of knowledge on the privacy capabilities of service providers remains as one of the barriers for the adoption of cloud services. In this paper we describe a mechanism for the quantitative assessment of the privacy practices of different cloud service providers, so that their potential clients can compare among them and choose the one that better meets their requirements. We have validated our contributions in three different scenarios.

[1]  Amani S. Ibrahim,et al.  Collaboration-Based Cloud Computing Security Management Framework , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[2]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[3]  Neeraj Suri,et al.  AHP-Based Quantitative Approach for Assessing and Comparing Cloud Security , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[4]  David Wright,et al.  PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology , 2015, 2015 IEEE Security and Privacy Workshops.

[5]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[6]  Christian Paquin,et al.  U-Prove Technology Overview V1.1 (Revision 2) , 2013 .

[7]  Neeraj Suri,et al.  Quantitative Assessment of Cloud Security Level Agreements - A Case Study , 2012, SECRYPT.

[8]  Siani Pearson,et al.  Towards a Formalised Representation for the Technical Enforcement of Privacy Level Agreements , 2015, 2015 IEEE International Conference on Cloud Engineering.

[9]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).