By Rahul Ganta

1. Security and Privacy in the Cloud • A Long-Term View • By • Rahul Ganta

2. AGENDA • Introduction • Cloud characteristics • Security and Privacy aspects • Principal parties in the cloud • Trust in the cloud • 1.Trust-based privacy protection • 2.Subjective logic • Privacy enhanced cloud services • Summary

3. INTRODUCTION • Scope of the privacy is potentially the lifetime of the privacy subject • Investigated trust issues and privacy aspects for cloud service users, using subjective logic as a primary tool. • Subjective logic can be a useful tool for developing trust models for cloud computing.

4. CLOUD CHARACTERISTICS • Location Independent and Mobility as a basic premise • Lifetime of security and privacy protection • 1.Communications Security • 2.Device Security • 3.Data Storage Security • 4.Archival Storage • 5.Personal Storage

5. SECURITY AND PRIVACY ASPECTS • Security aspects • 1.Service aspects • 2.Service execution security • Right to privacy • Privacy aspects • Long-Term view of privacy • Privacy points and counterpoints

6. PRINCIPAL PARTIES IN TE CLOUD • Individual users • Aggregate users • Cloud service providers • 1.Private vs Public cloud service provider • 2.Virtual cloud service provider • 3.Physical cloud service provider • Cloud intruders

7. TRUST IN THE CLOUD • Economically feasible to provide trust in a cloud service provider with encryption techniques alone • To enhance privacy, investigates trust and trust relationships between the principal parties using • 1.Trust-based privacy protection • 2.Subjective logic

8. TRUST-BASED PRIVACY PROTECTION • Level of trust will vary during the lifetime and depends on various factors. • Opinion in below two points by a specific client and other clients are considered as trustworthy. • 1.Reputation on keeping private data protected • 2.Reputation of behaving according to agreement • A long term privacy can be protected by monitoring trustworthiness of service providers.

9. ANONYMIZATION • Anonymization is an approach that can be used to achieve the needed level of privacy protection. • To provide privacy protection, user should be able to measure and continually monitor trustworthiness of Anonymizers. • Another approach would be to split data into separate parts.

10. SUBJECTIVE LOGIC • It express the level of trust. • ω expresses opinion about trustworthiness level • ω={t,d,u},t+d+u=1,t=trust,d=distrust,u=uncertainty • ={,,} trustworthiness of . • Trustworthiness on and is • = ^ ={,,} • Let s1 and s2 are two users then represents the opinion of se about the trustworthiness of recommendation given by s2.

11. SUBJECTIVE LOGIC • Combined opinion of s1 and s2 on a is . • = ={,,} • If there are several independent opinions on a then • = ={,,} • =( +)/( + -) • =( +)/( + -) • =()/( + -)

12. PRIVACY ENHANCED CLOUD SERVICES • Scope of the privacy is potentially the lifetime of the privacy subject • User either select trustworthy service provider • Or try to reduce privacy sensitivity of data ie. r • π(r) denote privacy sensitivity of r,defined by user • Privacy sensitivity of r can be reduced by • Encryption • Anonymization • Splitting data

13. SUMMARY • Cryptographic techniques cannot always provide protection(especially in long term) • This research proposed a trust-based privacy protection • The approach based on subjective logic. • The users have to handle their data to minimize privacy threats in the cloud

14. QUESTIONS

15. Thank You