Datenschutz und Datensicherheit - DuD

, Volume 36, Issue 6, pp 407–412 | Cite as

Vertraulichkeit und Integrität von Daten und IT-Systemen im Cloud-Zeitalter

  • Marit Hansen
Schwerpunkt Sicherheit, Vertraulichkeit & Integrität

Zusammenfassung

Das Bundesverfassungsgericht hat 2008 im Urteil zur Online-Durchsuchung das Grundrecht auf Gewährleistung von Vertraulichkeit und Integrität informationstechnischer Systeme postuliert. Welche Herausforderungen stellen sich vier Jahre später bei einem heute typischen Einsatz von IT-Systemen, dem Cloud Computing?

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literatur

  1. [1]
    AK Technik und AK Medien der Konferenz der Datenschutzbeauftragten des Bundes und der Länder (2011) Orientierungshilfe — Cloud Computing. Version 1.0, Stand 26.09.2011, www.datenschutz-bayern.de/technik/orient/oh_cloud.pdf
  2. [2]
    Bedner, M. / Ackermann, T. (2010) Schutzziele der IT-Sicherheit. DuD 34(5):323–328CrossRefGoogle Scholar
  3. [3]
    Bessani, A. et al. (2011) DepSky: Dependable and Secure Storage in a Cloud-of-Clouds. 6th ACM SIG OPS/EuroSys European Systems Conference (EuroSys’ 11), S. 31–45Google Scholar
  4. [4]
    Birk, D. / Wegener, C. (2011) Technical Issues of Forensic Investigations in Cloud Computing Environments. IEEE 6th Int. Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), S. 1–10Google Scholar
  5. [5]
    Borcea-Pfitzmann, K. / Pfitzmann, A. / Berg, M. (2011) Privacy 3.0:= data minimization + user control + contextual integrity. it — Information Technology 53(1):34–40CrossRefGoogle Scholar
  6. [6]
    Bowden, C. (2011) Privacy and surveillance on the Internet — What happened, and what to expect next... Präsentation vom 20.09.2011, http://wolnyinternet.panoptykon.org/sites/default/files/internet_surveillance_caspar_bowden.pdf
  7. [7]
    Buchmann, J. / May, A. / Vollmer, U. (2006) Perspectives for Cryptographic Long-Term Security. CACM 49(9): 50–56CrossRefGoogle Scholar
  8. [8]
    Bugiel, S. et al. (2011) Twin Clouds: An Architecture for Secure Cloud Computing. Workshop on Cryptography and Security in Clouds (CSC’11), www. hgi.rub.de/hgi/publikationen/SSBN11/
  9. [9]
    BSI (2011) Eckpunktepapier Sicherheitsempfehlungen für Cloud Computing Anbieter. 10.05.2011, www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Mindestanforderungen/Eckpunktepapier-Sicherheitsempfehlungen-CloudComputing-Anbieter.pdf
  10. [10]
    BVerfG (1983) Urteil vom 15.12.1983, Az. 1 BvR 209, 269, 362, 420, 440, 484/83Google Scholar
  11. [11]
    BVerfG (2008) Urteil vom 27.02.2008, 1 BvR 370/07, Abs. 1–333Google Scholar
  12. [12]
    Chow, R. et al. (2009) Controlling data in the cloud: outsourcing computation without outsourcing control. 2009 ACM Workshop on Cloud Computing Security (CCSW’ 09), S. 85–90Google Scholar
  13. [13]
    Cloud Security Alliance (2010) Cloud Audit: Automated Audit, Assertion, Assessment, and Assurance. http://cloudaudit.org/CloudAudit/Downloads.html
  14. [14]
    Common Criteria for Information Technology Security Evaluation, Part 2: Security functional components, Version 2.1 (1999) CCIMB-99-032, ISO/IEC 15408:1999, www.commoncriteriaportal.org/files/ccfiles/ccpart2v21.pdf
  15. [15]
    Curry, Sam et al. (2010) Infrastructure Security: Getting to the Bottom of Compliance in the Cloud. RSA Security Brief, March 2010Google Scholar
  16. [16]
    Federrath, H. / Pfitzmann, A. (2000) Gliederung und Systematisierung von Schutzzielen in IT-Systemen. DuD 24(12):704–710Google Scholar
  17. [17]
    Foresman, C. (2012) Apple holds the master decryption key when it comes to iCloud security, privacy. Ars technica, 03.04.2012, http://arstechnica.com/apple/news/2012/04/apple-holds-the-master-key-when-it-comes-to-icloud-security-privacy.ars
  18. [18]
    Glott, Rüdiger et al. (2011) Trustworthy Clouds underpinning the Future Internet. In: Future Internet Assembly, LNCS 6656, Springer, S. 209–221CrossRefGoogle Scholar
  19. [19]
    Goodman, A. (2010) Gagged for 6 Years, Nick Merrill Speaks Out on Landmark Court Struggle Against FBI’s National Security Letters. Interview, Democracy Now!, 11.08.2010, www.democracynow.org/2010/8/11/gagged_for_6_years_nick_merrill
  20. [20]
    Heckert, M. (2011) Wie ein Handy-Fan von Wolke Sieben fiel. Aachener Zeitung vom 01.02.2011, www.az-web.de/sixcms/detail.php?template=az_detail&id=1533902
  21. [21]
    Hudic, A. et al. (2012) Data Confidentiality using Fragmentation in Cloud Computing. Int. J. Communication Networks and Distributed Systems 1(3/4)Google Scholar
  22. [22]
    Kaliski, B.S. / Pauley, W. (2010) Toward Risk Assessment as a Service in Cloud Environments. 2nd USENIX Workshop on Hot Topics in Cloud Computing (HotCloud’ 10)Google Scholar
  23. [23]
    Ko, S.Y. / Jeon, K. / Morales, R. (2011) The HybrEx Model for Confidentiality and Privacy in Cloud Computing. 3rd USENIX Workshop on Hot Topics in Cloud Computing (HotCloud’ 11)Google Scholar
  24. [24]
    Lauter, K. / Naehrig, M. / Vaikuntanathan, V. (2011) Can Homomorphic Encryption be Practical? 3rd ACM Workshop on Cloud Computing Security (CCSW’11)Google Scholar
  25. [25]
    Markoff, J. (2008): Internet Traffic Begins to Bypass the U.S. The New York Times, 30.08.2008, www.nytimes.com/2008/08/30/business/30pipes.html
  26. [26]
    Meyer, C. et al. (2011) Sec 2 — Ein mobiles Nutzer-kontrolliertes Sicherheitskonzept für Cloud-Storage. D.A.CH Security 2011, S. 285–295Google Scholar
  27. [27]
    Neisse, R. / Holling, D. / Pretschner, A. (2011) Implementing Trust in Cloud Infrastructures. 2011 11th IEEE / ACM Int. Symposium on Cluster, Cloud and Grid Computing (CCGRID’ 11)Google Scholar
  28. [28]
    Nissenbaum, H. (1998) Protecting Privacy in an Information Age: The Problem of Privacy in Public. Law and Philosophy 17(5):559–596Google Scholar
  29. [29]
    Paulus, S. (2011) Standards für Trusted Clouds — Anforderungen an Standards und aktuelle Entwicklungen. DuD 35(5):317–321CrossRefGoogle Scholar
  30. [30]
    Puttaswamy, K.P.N. / Kruegel, C. / Zhao, B.Y. (2011) Silverline: Toward Data Confidentiality in Storage-Intensive Cloud Applications. 2nd ACM Symposium on Cloud Computing (SOCC’ 11)Google Scholar
  31. [31]
    Rath, M. / Rothe, B. (2012) Vorsicht vor Clouds im Ausland. Computerwoche, 07.02.2012, www.computerwoche.de/2504448
  32. [32]
    Rocha, F. / Correia, M. (2011) Lucy in the Sky without Diamonds: Stealing Confidential Data in the Cloud. 1st Int. Workshop on Dependability of Cloud, Data Centers and Virtual Computing Environments (DCDV)Google Scholar
  33. [33]
    Rost, M. / Pfitzmann, A. (2009) Datenschutz-Schutzziele — revisited. DuD 33(6):353–358CrossRefGoogle Scholar
  34. [34]
    Smart, N. (Hrsg.) (2011) ECRYPT II Yearly Report on Algorithms and Keysizes (2010–2011), www.ecrypt.eu.org/documents/D.SPA.17.pdf
  35. [35]
    Somorovsky, J. (2011) All your clouds are belong to us: Security analysis of cloud management interfaces. 3rd ACM Workshop on Cloud Computing Security (CCSW’ 11)Google Scholar
  36. [36]
    Strauch, S. et al. (2012) Cloud Data Patterns for Confidentiality. 2nd Int. Conference on Cloud Computing and Service Science (CLOSER 2012)Google Scholar
  37. [37]
    ULD (2011) Inanspruchnahme des Patriot Acts und anderer US-rechtlicher Regelungen zur Beschaffung von personenbezogenen Daten aus dem Raum der Europäischen Union durch US-Behörden. Positionspapier, 15.11.2011, www.datenschutzzentrum.de/internationales/20111115-patriot-act.html
  38. [38]
    Whittaker, Z. (2011) Microsoft admits Patriot Act can access EU-based cloud data. ZDNet, 28.06.2011, www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225
  39. [39]
    Yau, S.S. / An, H.G. (2010) Confidentiality Protection in Cloud Computing Systems. Int. J. Software and Informatics 4(4):351–365Google Scholar

Copyright information

© Springer Fachmedien Wiesbaden 2012

Authors and Affiliations

  • Marit Hansen

There are no affiliations available

Personalised recommendations