310 likes | 625 Views
Privacy, Security, and trust in cloud computing. By: Siani Pearson Presented by: Kia Manoochehri. Contents. Introduction Privacy Issues Security Issues Trust Issues Addressing these issues. Introduction . What is cloud computing?
E N D
Privacy, Security, and trust in cloud computing By: Siani Pearson Presented by: Kia Manoochehri
Contents • Introduction • Privacy Issues • Security Issues • Trust Issues • Addressing these issues
Introduction • What is cloud computing? • “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” • Keep in mind hardware or software resources and also internet applications are included in this explanation
Privacy, Security, and Trust • Privacy and Trust have no standard universally accepted definition • This is an intrinsic problem that we will discuss • We defined security last time as the following: • “the ability of a system to protect information and system resources with respect to confidentiality and integrity” • Expand the definition this time to: “Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.”
Privacy, Security, and Trust • Personal Information and Personal Data are used by European and Asian vendors but the USA uses “Personally Identifiable Information” • Name, Address, SS#, CC#s, email address, passwords, DOB. • “personal data shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”
Privacy, Security, and Trust • Important Terms: • Data controller: An entity (whether a natural or legal person, public authority, agency or other body) which alone, jointly or in common with others determines the purposes for which and the manner in which any item of personal information is processed • Data processor: An entity (whether a natural or legal person, public authority, agency or any other body) which processes personal information on behalf and upon instructions of the Data Controller • Data subject: An identified or identifiable individual to whom personal information relates, whether such identification is direct or indirect (for example, by reference to an identification number or to one or more factorsspecific to physical, physiological, mental, economic, cultural or social identity)
Privacy • According to the United Nations, privacy is “a fundamental human right” • European Convention on Human Rights also affirms this (1948) • UK Human Rights act of 1998 also affirms this
Privacy • The United States of America disagrees with their NSA… • We know they keep records of the following: • All calls made in the US • Content of some of these calls • Email, Facebook, and instant messages • Raw Internet Traffic
Privacy • Generally speaking, privacy concerns deal with: • Personal information • Particularly concerned with keeping it out of the hands of the government • “The right to be left alone” • “control information about ourselves”
Privacy • Additional concerns: • “the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personally identifiable information” • “focus on the harms that arise from privacy violations”
Privacy Issues • Lack of User Control • Fundamentally counter-intuitive to the cloud concept • Leads to potential theft, misuse, and unauthorized resale by the vendors
Privacy Issues • Unauthorized Secondary Usage • CSP may gain revenue from authorized secondary uses of users’ data, most commonly the targeting of advertisements • Risk of vendor demise; what happens if CPS goes bankrupt???
Privacy Issues • Data Proliferation and Transborder Data Flow • Difficult to ascertain privacy compliance requirements in the cloud • Difficult to ascertain WHERE our data actually is…
Privacy Issues • Dynamic Provisioning • Unclear what rights in the data will be acquired by data processors and their sub-contractors • Unclear WHO is actually responsible for the data…
Trust • No universally accepted scholarly definition… yay! • “Trust is a psychological state comprising the intention to accept vulnerability based upon positive expectations of the intentions or behavior of another”
Trust • Previous definition is poor and doesn’t cover the following concerns • Letting the trustees take care of something the trustor cares about • The subjective probability with which the trustor assesses that the trustee will perform a particular action • The expectation that the trustee will not engage in opportunistic behavior • A belief, attitude, or expectation concerning the likelihood that the actions or outcomes of the trustee will be acceptable or will serve the trustor’s interests
Trust Issues • Fundamentally, trust is a difficult concept for users to grasp • “trust is hard to build and easy to lose: a single violation of trust can destroy years of slowly accumulated credibility” • Need to consider both social and technological aspects
Trust Issues • Barriers to cloud adoption
Addressing these issues • Need consistent and coordinated development in three major categories • Innovative regulatory frameworks • Responsible company governance • Supporting technologies
Addressing these issues • Innovative regulatory frameworks • Accountability which can allow global business and provide redress within cloud environments
Addressing these issues • Responsible company governance • Organizations act as a responsible steward of the data which is entrusted to them within the cloud, ensuring responsible behavior via accountability mechanisms and balancing innovation with individuals’ expectations • Privacy by Design being a way of achieving this.
Addressing these issues • Privacy by Design – 7 Key Concepts • Proactive not Reactive; Preventative not Remedial • Privacy as the DefaultSetting • Privacy Embedded into Design • Full Functionality – Positive-Sum, not Zero-Sum • End-to-End Security – Full Lifecycle Protection • Visibility and Transparency – Keep it Open • Respect for User Privacy – Keep it User-Centric
Addressing these issues • Supporting technologies • these include privacy enhancing technologies, security mechanisms, encryption, anonymization
Privacy, Security, and trust in cloud computing By: Siani Pearson Presented by: Kia Manoochehri