Abstract
The issue of how to provide appropriate privacy protection for cloud computing is important, and as yet unresolved. In this paper we propose an approach in which procedural and technical solutions are co-designed to demonstrate accountability as a path forward to resolving jurisdictional privacy and security risks within the cloud.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
HP cloud website, http://h71028.www7.hp.com/enterprise/us/en/technologies/cloud-computing.html?jumpid=ex_r2858_us/en/large/tsg/go_cloud
Pearson, S.: Taking Account of Privacy when Designing Cloud Computing Services. In: ICSE-Cloud 2009, Vancouver. IEEE, Los Alamitos (2009); HP Labs Technical Report, HPL-2009-54 (2009), http://www.hpl.hp.com/techreports/2009/HPL-2009-54.html
Solove, D.J.: A Taxonomy of Privacy. University of Pennsylvania Law Review 154(3), 477–564 (2006)
Council Directive 95/46/EC: On the protection of individuals with regard to the processing of personal data and on the free movement of such data. OJ, L281, pp. 31–50 (1995)
Ackerman, M., Darrell, T., Weitzner, D.: Privacy in Context. Human Computer Interaction 16(2), 167–176 (2001)
Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing (2009), http://www.cloudsecurityalliance.org/guidance/csaguide.pdf
Gellman, R.: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing. World Privacy Forum (2009), http://www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf
Abrams, M.: A Perspective: Data Flow Governance in Asia Pacific & APEC Framework (2008), http://ec.europa.eu/justice_home/news/information_dossiers/personal_data_workshop/speeches_en.htm
Kohl, U.: Jurisdiction and the Internet. Cambridge University Press, Cambridge (2007)
Mowbray, M.: The Fog over the Grimpen Mire: Cloud Computing and the Law. Script-ed Journal of Law, Technology and Society 6(1) (April 2009)
Hall, J.A., Liedtka, S.L.: The Sarbanes-Oxley Act: implications for large-scale IT outsourcing. Communications of the ACM 50(3), 95–100 (2007)
McKinley, P.K., Samimi, F.A., Shapiro, J.K., Chiping, T.: Service Clouds: A Distributed Infrastructure for Constructing Autonomic Communication Services. In: Dependable, Autonomic and Secure Computing, pp. 341–348. IEEE, Los Alamitos (2006)
Microsoft Corporation: Privacy Guidelines for Developing Software Products and Services, v2.1a (2007), http://www.microsoft.com/Downloads/details.aspx?FamilyID=c48cf80f-6e87-48f5-83ec-a18d1ad2fc1f&displaylang=en
Information Commissioners Office: Privacy by Design, Report (2008), http://www.ico.gov.uk
Bamberger, K., Mulligan, D.: Privacy Decision-making in Administrative Agencies. University of Chicago Law Review 75(1) (2008)
Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review 79(1), 119–158 (2004)
6, P.: Who wants privacy protection, and what do they want? Journal of Consumer Behaviour 2(1), 80–100 (2002)
Cederquist, J.G., Conn, R., Dekker, M.A.C., Etalle, S., den Hartog, J.I.: An audit logic for accountability. In: Policies for Distributed Systems and Networks, pp. 34–43. IEEE, Los Alamitos (2005)
UK Information Commissioner’s Office A Report on the Surveillance Society (2006)
Charlesworth, A.: The Future of UK Data Protection Regulation. Information Security Technical Report 11(1), 46–54 (2006)
Charlesworth, A.: Information Privacy Law in the European Union: E. Pluribus Unum. or Ex. Uno. Plures. Hastings Law Review 54, 931–969 (2003)
Weitzner, D., Abelson, H., Berners-Lee, T., Hanson, C., Hendler, J.A., Kagal, L., McGuinness, D.L., Sussman, G.J., Waterman, K.K.: Transparent Accountable Data Mining: New Strategies for Privacy Protection. In: Proceedings of AAAI Spring Symposium on The Semantic Web meets eGovernment. AAAI Press, Menlo Park (2006)
Crompton, M., Cowper, C., Jefferis, C.: The Australian Dodo Case: an insight for data protection regulation. World Data Protection Report 9(1) (2009)
Dolnicar, S., Jordaan, Y.: Protecting Consumer Privacy in the Company’s Best Interest. Australasian Marketing Journal 14(1), 39–61 (2006)
Tweney, A., Crane, S.: Trustguide2: An exploration of privacy preferences in an online world. In: Cunningham, P., Cunningham, M. (eds.) Expanding the Knowledge Economy. IOS Press, Amsterdam (2007)
Organization for Economic Co-operation and Development: Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data. OECD, Geneva (1980)
Truste: Website (2009), http://www.truste.org/
SLA@SOI: Website (2009), http://sla-at-soi.eu/
Creative Commons: Creative Commons Home Page (2009), http://creativecommons.org
Casassa Mont, M.: Dealing with privacy obligations: Important aspects and technical approaches. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 120–131. Springer, Heidelberg (2004)
Mowbray, M., Pearson, S.: A Client-Based Privacy Manager for Cloud Computing. In: Proc. COMSWARE 2009. ACM, New York (2009)
Yao, A.C.: How to Generate and Exchange Secrets. In: Proc. FoCS, pp. 162–167. IEEE, Los Alamitos (1986)
IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL specification, v1.2 (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/
OASIS: XACML, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Cranor, L.: Web Privacy with P3P. O’Reilly & Associates, Sebastopol (2002)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001), http://wwwdse.doc.ic.ac.uk/research/policies/index.shtml
Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. In: Mařík, V., Štěpánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, pp. 377–382. Springer, Heidelberg (2003)
Pearson, S.: Trusted computing: Strengths, weaknesses and further opportunities for enhancing privacy. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 305–320. Springer, Heidelberg (2005)
Kenny, S., Korba, L.: Applying Digital Rights Management Systems to Privacy Rights Management Computers & Security 21(7) (2002)
Tang, Q.: On Using Encryption Techniques to Enhance Sticky Policies Enforcement. TR-CTIT-08-64, Centre for Telematics and Information Technology, Uni. Twente (2008)
Golle, P., McSherry, F., Mironov, I.: Data Collection with self-enforcing privacy. In: CCS 2006, Alexandria, Virginia, USA. ACM, New York (2006)
Cavoukian, A., Crompton, M.: Web Seals: A review of Online Privacy Programs. In: Privacy and Data Protection (2000), http://www.privacy.gov.au/publications/seals.pdf
Elahi, T., Pearson, S.: Privacy Assurance: Bridging the Gap between Preference and Practice. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds.) TrustBus. LNCS, vol. 4657, pp. 65–74. Springer, Heidelberg (2007)
Casassa Mont, M., Thyne, R.: A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 118–134. Springer, Heidelberg (2006)
Kenny, S., Borking, J.: The Value of Privacy Engineering. JILT, 1 (2002), http://elj.warwick.ac.uk/jilt/02-1/kenny.html
IBM: Sparcle project, http://domino.research.ibm.com/comm/research_projects.nsf/pages/sparcle.index.html
IBM: REALM project, http://www.zurich.ibm.com/security/publications/2006/REALM-at-IRIS2006-20060217.pdf
Travis, D., Breaux, T.D., Antón, A.I.: Analyzing Regulatory Rules for Privacy and Security Requirements. Transactions on Software Engineering 34(1), 5–20 (2008)
OASIS: eContracts Specification v1.0 (2007), http://www.oasis-open.org/apps/org/workgroup/legalxml-econtracts
EnCoRe: Ensuring Consent and Revocation project (2008), http://www.encore-project.info
Flegel, U.: Pseudonymising Unix Log Files. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 162–179. Springer, Heidelberg (2002)
Gritzalis, D., Moulinos, K., Kostis, K.: A Privacy-Enhancing e-Business Model Based on Infomediaries. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 72–83. Springer, Heidelberg (2001)
Pearson, S., Sander, T., Sharma, R.: A Privacy Management Tool for Global Outsourcing. In: DPM 2009 (2009)
Warren, A., Bayley, R., Charlesworth, A., Bennett, C., Clarke, R., Oppenheim, C.: Privacy Impact Assessments: international experience as a basis for UK guidance. Computer Law and Security Report 24(3), 233–242 (2008)
Trusted Computing Group (2009), https://www.trustedcomputinggroup.org
Pearson, S., Casassa Mont, M.: A System for Privacy-aware Resource Allocation and Data Processing in Dynamic Environments. In: I-NetSec 2006, vol. 201, pp. 471–482. Springer, Heidelberg (2006)
Dalton, C., Plaquin, D., Weidner, W., Kuhlmann, D., Balacheff, B., Brown, R.: Trusted virtual platforms: a key enabler for converged client devices. Operating Systems Review 43(1), 36–43 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pearson, S., Charlesworth, A. (2009). Accountability as a Way Forward for Privacy Protection in the Cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds) Cloud Computing. CloudCom 2009. Lecture Notes in Computer Science, vol 5931. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10665-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-10665-1_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10664-4
Online ISBN: 978-3-642-10665-1
eBook Packages: Computer ScienceComputer Science (R0)