Privacy, Security, and trust in cloud computingBY: SIANI PEARSON
PRESENTED BY: KIA MANOOCHEHRI
Contents
Introduction
Privacy Issues
Security Issues
Trust Issues
Addressing these issues
Introduction
What is cloud computing?
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
Keep in mind hardware or software resources and also internet applications are included in this explanation
Privacy, Security, and Trust
Privacy and Trust have no standard universally accepted definition
This is an intrinsic problem that we will discuss
We defined security last time as the following:
“the ability of a system to protect information and system resources with respect to confidentiality and integrity”
Expand the definition this time to: “Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.”
Privacy, Security, and Trust
Personal Information and Personal Data are used by European and Asian vendors but the USA uses “Personally Identifiable Information”
Name, Address, SS#, CC#s, email address, passwords, DOB.
“personal data shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”
Privacy, Security, and Trust
Important Terms: Data controller: An entity (whether a natural or legal person, public authority,
agency or other body) which alone, jointly or in common with others determines the purposes for which and the manner in which any item of personal information is processed
Data processor: An entity (whether a natural or legal person, public authority, agency or any other body) which processes personal information on behalf and upon instructions of the Data Controller
Data subject: An identified or identifiable individual to whom personal information relates, whether such identification is direct or indirect (for example, by reference to an identification number or to one or more factors specific to physical, physiological, mental, economic, cultural or social identity)
Privacy
According to the United Nations, privacy is “a fundamental human right”
European Convention on Human Rights also affirms this (1948)
UK Human Rights act of 1998 also affirms this
Privacy
The United States of America disagrees with their NSA…
We know they keep records of the following:
All calls made in the US
Content of some of these calls
Email, Facebook, and instant messages
Raw Internet Traffic
Privacy
Generally speaking, privacy concerns deal with:
Personal information
Particularly concerned with keeping it out of the hands of the government
“The right to be left alone”
“control information about ourselves”
Privacy
Additional concerns:
“the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personally identifiable information”
“focus on the harms that arise from privacy violations”
Privacy Issues
Lack of User Control
Fundamentally counter-intuitive to the cloud concept
Leads to potential theft, misuse, and unauthorized resale by the vendors
Privacy Issues
Unauthorized Secondary Usage
CSP may gain revenue from authorized secondary uses of users’ data, most commonly the targeting of advertisements
Risk of vendor demise; what happens if CPS goes bankrupt???
Privacy Issues
Data Proliferation and Transborder Data Flow
Difficult to ascertain privacy compliance requirements in the cloud
Difficult to ascertain WHERE our data actually is…
Privacy Issues
Dynamic Provisioning
Unclear what rights in the data will be acquired by data processors and their sub-contractors
Unclear WHO is actually responsible for the data…
Trust
No universally accepted scholarly definition… yay!
“Trust is a psychological state comprising the intention to accept vulnerability based upon positive expectations of the intentions or behavior of another”
Trust
Previous definition is poor and doesn’t cover the following concerns
Letting the trustees take care of something the trustor cares about
The subjective probability with which the trustor assesses that the trustee will perform a particular action
The expectation that the trustee will not engage in opportunistic behavior
A belief, attitude, or expectation concerning the likelihood that the actions or outcomes of the trustee will be acceptable or will serve the trustor’s interests
Trust Issues
Fundamentally, trust is a difficult concept for users to grasp
“trust is hard to build and easy to lose: a single violation of trust can destroy years of slowly accumulated credibility”
Need to consider both social and technological aspects
Trust Issues
Barriers to cloud
adoption
Addressing these issues
Need consistent and coordinated development in three major categories
Innovative regulatory frameworks
Responsible company governance
Supporting technologies
Addressing these issues
Innovative regulatory frameworks
Accountability which can allow global business and provide redress within cloud environments
Addressing these issues
Responsible company governance
Organizations act as a responsible steward of the data which is entrusted to them within the cloud, ensuring responsible behavior via accountability mechanisms and balancing innovation with individuals’ expectations
Privacy by Design being a way of achieving this.
Addressing these issues
Privacy by Design – 7 Key Concepts
Proactive not Reactive; Preventative not Remedial
Privacy as the Default Setting
Privacy Embedded into Design
Full Functionality – Positive-Sum, not Zero-Sum
End-to-End Security – Full Lifecycle Protection
Visibility and Transparency – Keep it Open
Respect for User Privacy – Keep it User-Centric
Addressing these issues
Supporting technologies
these include privacy enhancing technologies, security mechanisms, encryption, anonymization
Privacy, Security, and trust in cloud computingBY: SIANI PEARSON
PRESENTED BY: KIA MANOOCHEHRI