Protecting Personal Information in Cloud Computing

  • Miranda Mowbray
  • Siani Pearson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7566)


This paper gives an overview of issues in privacy protection of personal information in the cloud, and describes a variety of approaches that may be used to address these issues. Some of these approaches are available for use now; others are relatively immature, but look promising. The most appropriate approach varies according to the type of data to be processed or application to be run in the cloud.


cloud computing encryption hybrid cloud privacy security technology trusted computing virtual private cloud 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Warren, S., Brandeis, L.: The Right to Privacy. Harvard Law Review 4, 193 (1890)CrossRefGoogle Scholar
  2. 2.
    Westin, A.: Privacy and Freedom. Atheneum, New York (1967)Google Scholar
  3. 3.
    American Institute of Certified Public Accountants (AICPA) and CICA, Generally Accepted Privacy Principles (August 2009),
  4. 4.
    Solove, D.J.: A Taxonomy of Privacy. University of Pennyslavania Law Review 154(3), 477 (2006), CrossRefGoogle Scholar
  5. 5.
    European Commission (EC): Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)Google Scholar
  6. 6.
    Organization for Economic Co-operation and Development (OECD): Guidelines for the Protection of Personal Data and Transborder Data Flows (1980),,3746,en_2649_34223_1815186_1_1_1_1,00.html
  7. 7.
    Safe Harbor website,
  8. 8.
    The White House: Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (February 2012),
  9. 9.
    European Commission (EC): Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (January 2012),
  10. 10.
    Manyika, J., Chui, M., Brown, B., Bughin, J., Dobbs, R., Roxburgh, C. Byers, A.H.: Big Data: The next frontier for innovation, competition and productivity, McKinsey Global Insitute Report (May 2011),
  11. 11.
    Mell, P., Grance, T.: A NIST definition of cloud computing. National Institute of Standards and Technology. NIST Special Publication 800-145 (2009),
  12. 12.
    Narayanan, A., Shmatikov, V.: Robust Deanonymization of Large Sparse Datasets. In: IEEE Symposium on Security and Privacy (S&P), pp. 111–125. IEEE (2008)Google Scholar
  13. 13.
    Lyon, C., Retzer, K.: Privacy in the Cloud: A Legal Framework for Moving Personal Data to the Cloud. Corporate Counselor (February 14, 2011) Google Scholar
  14. 14.
    Gellman, R.: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing. World Privacy Forum (2009),
  15. 15.
    Grance, T., Jansen, W.: Guidelines on Security and Privacy in Public Cloud Computing. NIST Special Publication 800-144 (December 2011) Google Scholar
  16. 16.
    Catteddu, D., Hogben, G. (eds.): Cloud Computing: Benefits, Risks and Recommendations for Information Security. ENISA Report (2009),
  17. 17.
    Cloud Security Alliance (CSA): Security Guidance for Critical Areas of Focus in Cloud Computing. v2.1, English language version (December 2009),
  18. 18.
    Pearson, S.: Privacy, Security and Trust in Cloud Computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, Computer Communications and Networks. Springer, London (2012)Google Scholar
  19. 19.
  20. 20.
    Mowbray, M.: The Fog over the Grimpen Mire: Cloud Computing and the Law. Scripted Journal of Law, Technology and Society 6(1) (April 2009)Google Scholar
  21. 21.
    Kamara, S., Lauter, K.: Cryptographic Cloud Storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) FC 2010 Workshops. LNCS, vol. 6054, pp. 136–149. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Cusack, M.: Information Preservation: Structured Data Archiving: Key Issues. Cloud Camp London (2009),
  23. 23.
    Trusted Computing Group,
  24. 24.
    Pearson, S.: Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy. In: Herrmann, P., Issarny, V., Shiu, S. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 305–320. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Pearson, S., Casassa Mont, M., Novoa, M.: Securing Information Transfer within Distributed Computing Environments. IEEE Security & Privacy Magazine 6(1), 34–42 (2008)CrossRefGoogle Scholar
  26. 26.
    Yao, A.C.: How to Generate and Exchange Secrets. In: 27th Symposium of Foundations of Computer Science (FoCS), pp. 162–167. IEEE Press, New York (1986)Google Scholar
  27. 27.
    Gentry, C.: Fully Homomorphic Encryption Using Ideal Lattices. In: 41st ACM Symposium on Theory of Computing, Bethesda, Maryland, USA, May 31-June 2, pp. 169–178 (2009)Google Scholar
  28. 28.
    Mowbray, M., Pearson, S., Shen, Y.: Enhancing Privacy in Cloud Computing via Policy-based Obfuscation. J. Supercomputing 61(2), 267–291 (2012)CrossRefGoogle Scholar
  29. 29.
    Amazon Web Services LLC, TC3 Health (2009),
  30. 30., Inc.: Sales Force Automation,
  31. 31.
    Pearson, S., Casassa Mont, M., Chen, L., Reed, A.: End-to-End Policy-Based Encryption and Management of Data in the Cloud. In: Proc. CloudCom 2011. IEEE (2011)Google Scholar
  32. 32.
    Irwin, K., Yu, T.: Determining user privacy preferences by asking the right questions: an automated approach. In: WPES 2005: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pp. 47–50. ACM, New York (2005)CrossRefGoogle Scholar
  33. 33.
    Cavoukian, A.: Privacy in the Clouds. Identity Journal Ltd. (2008)Google Scholar
  34. 34.
    Chaum, D.: Security without Identification: Card Computers to make Big Brother Obsolete. Communications of the ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  35. 35.
  36. 36.
    Gentry, C., Halevi, S., Smart, N.P.: Fully Homomorphic Encryption with Polylog Overhead. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 465–482. Springer, Heidelberg (2012), CrossRefGoogle Scholar
  37. 37.
  38. 38.
    Pate, S., Tambay, T.: Securing the Cloud – Using Encryption and Key Management to Solve Today’s Security Challenges, Storage Networking Industry Association (SNIA) (2011),
  39. 39.
  40. 40.
  41. 41.
    Barker, E., Smid, M., Branstad, D., Chockhani, S.: A Framework for Designing Cryptographic Key Management Systems, NIST Special Publication 800-130 (April 2012),
  42. 42.
    Cavoukian, A.: Privacy by Design: The 7 Foundational Principles (January 2011) (revised),
  43. 43.
    Information Commissioners Office, Privacy by Design, Report (2008),
  44. 44.
    Information Commissioner’s Office (ICO): Data protection guidance note: Privacy enhancing technologies (2007),
  45. 45.
    Shen, Y, Pearson, S.: Privacy-enhancing Technologies: A Review. HP Labs Technical Report, HPL-2011-113 (2011),
  46. 46.
    Pearson, S.: Taking Account of Privacy when Designing Cloud Computing Services. In: Proc. ICSE-Cloud 2009. IEEE, Vancouver (2009), Also available as HP Labs Technical Report, HPL-2009-54,
  47. 47.
    NEC Company Ltd. and Information and Privacy Commissioner, Ontorio, Canada: Modelling cloud computing architecture without compromising privacy: A privacy by design approach (June 2010) Google Scholar
  48. 48.
    Office of the Information and Privacy Commissioner of Alberta, Office of the Privacy Commissioner of Canada, Office of the Information and Privacy Commissioner for British Colombia: Getting Accountability Right with a Privacy Management Program (April 2012) Google Scholar
  49. 49.
    Cavoukian, A., Taylor, S., Abrams, M.: Privacy by Design: Essential for Organizational Accountability and Strong Business Practices. Identity in the Information Society 3(2), 405–413 (2010)CrossRefGoogle Scholar
  50. 50.
    Pearson, S.: Toward Accountability in the Cloud. IEEE Internet Computing 15(4), 64–69 (2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Miranda Mowbray
    • 1
  • Siani Pearson
    • 1
  1. 1.Cloud and Security LabHP LabsBristolUK

Personalised recommendations