privacy, security, and trust in cloud computing
DESCRIPTION
Privacy, Security, and trust in cloud computing. By: Siani Pearson Presented by: Kia Manoochehri. Contents. Introduction Privacy Issues Security Issues Trust Issues Addressing these issues. Introduction. What is cloud computing? - PowerPoint PPT PresentationTRANSCRIPT
Privacy, Security, and trust in cloud computingBY: SIANI PEARSONPRESENTED BY: KIA MANOOCHEHRI
Contents
Introduction Privacy Issues Security Issues Trust Issues Addressing these issues
Introduction
What is cloud computing? “Cloud computing is a model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
Keep in mind hardware or software resources and also internet applications are included in this explanation
Privacy, Security, and Trust
Privacy and Trust have no standard universally accepted definition This is an intrinsic problem that we will discuss
We defined security last time as the following: “the ability of a system to protect information and system resources with
respect to confidentiality and integrity” Expand the definition this time to: “Preservation of confidentiality, integrity
and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.”
Privacy, Security, and Trust
Personal Information and Personal Data are used by European and Asian vendors but the USA uses “Personally Identifiable Information” Name, Address, SS#, CC#s, email address, passwords, DOB.
“personal data shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”
Privacy, Security, and Trust
Important Terms: Data controller: An entity (whether a natural or legal person, public authority,
agency or other body) which alone, jointly or in common with others determines the purposes for which and the manner in which any item of personal information is processed
Data processor: An entity (whether a natural or legal person, public authority, agency or any other body) which processes personal information on behalf and upon instructions of the Data Controller
Data subject: An identified or identifiable individual to whom personal information relates, whether such identification is direct or indirect (for example, by reference to an identification number or to one or more factors specific to physical, physiological, mental, economic, cultural or social identity)
Privacy
According to the United Nations, privacy is “a fundamental human right” European Convention on Human Rights also affirms this (1948)
UK Human Rights act of 1998 also affirms this
Privacy
The United States of America disagrees with their NSA… We know they keep records of the following:
All calls made in the US Content of some of these calls
Email, Facebook, and instant messages Raw Internet Traffic
Privacy
Generally speaking, privacy concerns deal with: Personal information
Particularly concerned with keeping it out of the hands of the government
“The right to be left alone”
“control information about ourselves”
Privacy
Additional concerns: “the rights and obligations of individuals and organizations with respect to
the collection, use, disclosure, and retention of personally identifiable information”
“focus on the harms that arise from privacy violations”
Privacy Issues
Lack of User Control Fundamentally counter-intuitive to the cloud concept
Leads to potential theft, misuse, and unauthorized resale by the vendors
Privacy Issues
Unauthorized Secondary Usage CSP may gain revenue from authorized secondary uses of users’ data, most
commonly the targeting of advertisements
Risk of vendor demise; what happens if CPS goes bankrupt???
Privacy Issues
Data Proliferation and Transborder Data Flow Difficult to ascertain privacy compliance requirements in the cloud
Difficult to ascertain WHERE our data actually is…
Privacy Issues
Dynamic Provisioning Unclear what rights in the data will be acquired by data processors and their
sub-contractors
Unclear WHO is actually responsible for the data…
Trust
No universally accepted scholarly definition… yay!
“Trust is a psychological state comprising the intention to accept vulnerability based upon positive expectations of the intentions or behavior of another”
Trust
Previous definition is poor and doesn’t cover the following concerns Letting the trustees take care of something the trustor cares about The subjective probability with which the trustor assesses that the trustee
will perform a particular action The expectation that the trustee will not engage in opportunistic behavior A belief, attitude, or expectation concerning the likelihood that the actions or
outcomes of the trustee will be acceptable or will serve the trustor’s interests
Trust Issues
Fundamentally, trust is a difficult concept for users to grasp “trust is hard to build and easy to lose: a single violation of trust can destroy
years of slowly accumulated credibility”
Need to consider both social and technological aspects
Trust Issues
Barriers to cloudadoption
Addressing these issues
Need consistent and coordinated development in three major categories Innovative regulatory frameworks
Responsible company governance
Supporting technologies
Addressing these issues
Innovative regulatory frameworks Accountability which can allow global business and provide redress within
cloud environments
Addressing these issues
Responsible company governance Organizations act as a responsible steward of the data which is entrusted to
them within the cloud, ensuring responsible behavior via accountability mechanisms and balancing innovation with individuals’ expectations
Privacy by Design being a way of achieving this.
Addressing these issues
Privacy by Design – 7 Key Concepts Proactive not Reactive; Preventative not Remedial Privacy as the Default Setting Privacy Embedded into Design Full Functionality – Positive-Sum, not Zero-Sum End-to-End Security – Full Lifecycle Protection Visibility and Transparency – Keep it Open Respect for User Privacy – Keep it User-Centric
Addressing these issues
Supporting technologies these include privacy enhancing technologies, security mechanisms,
encryption, anonymization
Privacy, Security, and trust in cloud computingBY: SIANI PEARSONPRESENTED BY: KIA MANOOCHEHRI