Abstract
The rise of cloud computing has changed the way of using computing services and resources. Consciously or unconsciously, people are enjoying the services provided by the cloud when they access Gmail, Google Calendar, Dropbox, Microsoft Office Live, or run hundreds of Amazon Elastic Compute Cloud (EC2) instances for processing large-scale data. Due to the high demand for cloud-based services, cloud computing has emerged as the dominant computing paradigm in recent years. Besides that, the flexibility and cost savings made possible through migration to the cloud infrastructure, have encouraged many companies to use cloud computing for their critical applications. However, the advantages of clouds come with increased security and privacy risks. Today’s cloud computing platforms face important challenges for protecting the confidentiality and privacy of data and applications outsourced to cloud infrastructures. Multi-tenancy and other inherent properties of the cloud computing model have introduced novel attack surfaces and threats to users’ privacy. Unless the privacy issues are resolved, cloud computing cannot and should not be used for sensitive applications, such as financial transactions or medical records, where privacy and confidentiality of users are crucial. In this chapter, we present the privacy issues in cloud computing systems and discuss the state-of-the-art solutions and open problems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Khajeh-Hosseini A, Greenwood D, Sommerville I (2010) Cloud migration: a case study of migrating an enterprise it system to IaaS. In: Proceedings of the 3rd international conference on cloud computing (CLOUD). IEEE, pp 450–457
Market Research Media. Global cloud computing market forecast 2015–2020. http://www.marketresearchmedia.com/?p=839
Gartner (2010) Worldwide cloud services market to surpass $68 billion in 2010. http://www.gartner.com/it/page.jsp?id=1389313
INPUT (2009) Evolution of the cloud: the future of cloud computing in government. http://goo.gl/KrKexK
Balduzzi M, Zaddach J, Balzarotti D, Kirda E, Loureiro S (2012) A security analysis of amazon’s elastic compute cloud service. In: Proceedings of the 27th annual ACM symposium on applied computing. ACM, pp 1427–1434
Brodkin J (2008) Gartner: seven cloud-computing security risks. Infoworld 1–3
Kandukuri BR, Paturi VR, Rakshit A (2009) Cloud security issues. In: Proceedings of IEEE international conference on services computing (SCC’09). IEEE, pp 517–520
Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11
Zissis D, Lekkas D (2012) Addressing cloud computing security issues. Future Gener Comput Syst 28(3):583–592
Clavister. Security in the cloud. http://goo.gl/Hs4N0V
Amazon. Zeus botnet controller. http://aws.amazon.com/security/security-bulletins/zeus-botnet-controller/
Cavoukian A (2008) Privacy in the clouds. Identity in the Information Society 1(1):89–108
George Danezis and Seda Gürses (2010) A critical review of 10 years of privacy technology. In: Proceedings of surveillance cultures: a global surveillance society
Mell P, Grance T (2009) Draft NIST working definition of cloud computing-v15. Accessed 21 Aug 2009
Open Cloud (2009) Open cloud manifesto. The Open Cloud Manifesto Consortium
salesforce (2012) Social enterprise and crm in the cloud—salesforce.com. http://www.salesforce.com/
Google. Google drive. https://drive.google.com/start#home
Google. Google calendar. https://www.google.com/calendar/
GAE. Google app engine. http://appengine.google.com
Azure. Windows azure. http://www.windowsazure.com
Amazon EC2. Amazon elastic compute cloud (amazon ec2). http://aws.amazon.com/ec2/
Motahari-Nezhad HR, Stephenson B, Singhal S (2009) Outsourcing business to cloud computing services: opportunities and challenges. IEEE Internet Computing, Palo Alto, 10, 2009
Amazon. Amazon simpledb (2012) http://aws.amazon.com/simpledb/
Chang F, Dean J, Ghemawat S, Hsieh WC, Wallach DA, Burrows M, Chandra T, Fikes A, Gruber RE (2008) Bigtable: a distributed storage system for structured data. ACM Trans Comput Syst (TOCS) 26(2):1–26, article no. 4
Robinson N, Valeri L, Cave J, Starkey T, Graux H, Creese S, Hopkins PP (2010) The cloud: understanding the security, privacy and trust challenges. Privacy and Trust Challenges (November 30, 2010)
Alliance C (2011) Security guidance for critical areas of focus in cloud computing v3.0. Cloud Security Alliance
Ray I, Belyaev K, Strizhov M, Mulamba D, Rajaram M (2013) Secure logging as a service—delegating log management to the cloud. IEEE Syst J 7:323–334
Jansen W, Grance T et al (2011) Guidelines on security and privacy in public cloud computing. NIST Spec Publ 800:144
Dedicated Cloud. http://www.ovh.co.uk/dedicated-cloud/
Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on computer and communications security. ACM, pp 199–212
Zhang Y, Juels A, Reiter MK, Ristenpart T (2012) Cross-vm side channels and their use to extract private keys. In: ACM conference on computer and communications security, pp 305–316
Cloud computing security risk assessment (2009) Technical report, European Union Agency for Network and Information Security
Privacy in cloud computing (2012) Organized by ITU-T Technology Watch. http://goo.gl/NplPxC
Gellman R (2012) Privacy in the clouds: risks to privacy and confidentiality from cloud computing. In: Proceedings of the World privacy forum
Congress of the United States (1999) Gramm-leach-bliley financial services mod-ernization act. public law no. 106–102, 113 stat. 1338
www.hhs.gov. Health Information Privacy. http://goo.gl/NxgkMi
Privacy level agreement outline for the sale of cloud services in the european union (2013) http://goo.gl/fyKOmk
Duncan AJ, Creese S, Goldsmith M (2012) Insider attacks in cloud computing. In: Proceedings of the 11th international conference on trust, security and privacy in computing and communications (TrustCom). IEEE, pp 857–862
Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D (2007) Provable data possession at untrusted stores. In: Proceedings of the 14th ACM conference on computer and communications security. ACM, pp 598–609
Wang C, Wang Q, Ren K, Lou W (2010) Privacy-preserving public auditing for data storage security in cloud computing. In: Proceedings of the 29th conference on computer communications (INFOCOM). IEEE, pp 1–9
Chen Y, Paxson V, Katz RH (2010) What’s new about cloud computing security. University of California, Berkeley Report No. UCB/EECS-2010-5 January, 20(2010):2010–5
Krautheim FJ (2009) Private virtual infrastructure for cloud computing. In: Conference on hot topics in cloud computing. USENIX Association
Santos N, Gummadi KP, Rodrigues R (2009) Towards trusted cloud computing. In: Proceedings of the 2009 conference on Hot topics in cloud computing. USENIX Association, pp 3–7
Bouchenak S, Chockler G, Chockler H, Gheorghe G, Santos N, Shraer A (2013) Verifying cloud services: present and future. ACM SIGOPS operating systems review 47(2):6–19
Zhang F, Chen J, Chen H, Zang B (2011) Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the 23rd ACM symposium on operating systems principles. ACM, pp 203–216
Santos N, Rodrigues R, Gummadi KP, Saroiu S (2012) Policy-sealed data: a new abstraction for building trusted cloud services. In: Proceedings of the USENIX security, pp 175–188
Sean W (1999) Smith and Steve Weingart. Building a high-performance, programmable secure coprocessor. Comput Netw 31(8):831–860
Gentry C (2009) A fully homomorphic encryption scheme. PhD Thesis, Stanford University
Sadeghi AR, Schneider T, Winandy M (2010) Token-based cloud computing. In: Trust and trustworthy computing. Springer, pp 417–429
Roy I, Setty STV, Kilzer A, Shmatikov V, Witchel E (2010) Airavat: security and privacy for mapreduce. In: Proceedings of the 7th USENIX conference on networked systems design and implementation. USENIX Association, pp 20–20
Zhang K, Zhou X, Chen Y, Wang XF, Ruan Y (2011) Sedic: privacy-aware data intensive computing on hybrid clouds. In: Proceedings of the 18th ACM conference on computer and communications security. ACM, pp 515–526
Zhou L, Varadharajan V, Hitchens M (2013) Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans Inf Forensics Secur 8(12):1947–1960
Ruj S, Stojmenovic M, Nayak A (2012) Privacy preserving access control with authentication for securing data in clouds. In: Proceedings of the 12th IEEE/ACM international symposium on cluster, cloud and grid computing (CCGrid). IEEE, pp 556–563
Wang G, Liu Q, Wu J (2010) Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of the 17th ACM conference on computer and communications security. ACM, pp 735–737
Yu S, Wang C, Ren K, Lou W (2010) Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM symposium on information, computer and communications security. ACM, pp 261–270
Amit Sahai and Brent Waters. Fuzzy identity-based encryption. In: Advances in cryptology–EUROCRYPT 2005. Springer, pp 457–473
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security. ACM, pp 89–98
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE symposium on security and privacy, (SP’07). IEEE, pp 321–334
Siani Pearson and Marco Casassa Mont (2011) Sticky policies: An approach for managing privacy across multiple parties. Computer 44(9):60–68
Pearson S, Mont MC, Chen L, Reed A (2011) End-to-end policy-based encryption and management of data in the cloud. In: 2011 IEEE third international conference on cloud computing technology and science (CloudCom). IEEE, pp 764–771
IBM. Identity Mixer. http://www.zurich.ibm.com/security/idemix/
Brands SA (2000) Rethinking public key infrastructures and digital certificates: building in privacy’mit press
OpenID. http://openid.net/
Zawoad S, Dutta AK, Hasan R (2013) SecLaaS: secure logging-as-a-service for cloud forensics. In: Proceedings of the 8th ACM symposium on information, computer and communications security (ASIACCS). ACM, pp 219–230
Zawoad S, Hasan R (2012) Towards building proofs of past data possession in cloud forensics. ASE Sci J 1(4):195–207
Bloom BH (1970) Space/time trade-offs in hash coding with allowable errors. Commun ACM 13(7):422–426
Shah MA, Baker M, Mogul JC, Swaminathan R et al (2007) Auditing to keep online storage services honest. In: Proceedings of the workshop on hot topics in operating systems (HotOS)
Grobauer B, Schreck T (2010) Towards incident handling in the cloud: challenges and approaches. In: Proceedings of the 2010 ACM workshop on cloud computing security workshop, CCSW ‘10, New York, NY, USA. ACM, pp 77–86
Acknowledgments
This research was supported by the National Science Foundation CAREER Award #CNS-1351038.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Hasan, R., Zawoad, S. (2015). Privacy in the Cloud. In: Zeadally, S., Badra, M. (eds) Privacy in a Digital, Networked World. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-08470-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-08470-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08469-5
Online ISBN: 978-3-319-08470-1
eBook Packages: Computer ScienceComputer Science (R0)