Privacy, Security, and trust in cloud computing

  • Published on

  • View

  • Download

Embed Size (px)


Privacy, Security, and trust in cloud computing. By: Siani Pearson Presented by: Kia Manoochehri. Contents. Introduction Privacy Issues Security Issues Trust Issues Addressing these issues. Introduction. What is cloud computing? - PowerPoint PPT Presentation


<p>Privacy, Security, and trust issues arising from cloud computing</p> <p>Privacy, Security, and trust in cloud computingBy: Siani PearsonPresented by: Kia ManoochehriContentsIntroductionPrivacy IssuesSecurity IssuesTrust IssuesAddressing these issues</p> <p>IntroductionWhat is cloud computing?Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.</p> <p>Keep in mind hardware or software resources and also internet applications are included in this explanationPrivacy, Security, and TrustPrivacy and Trust have no standard universally accepted definitionThis is an intrinsic problem that we will discuss</p> <p>We defined security last time as the following:the ability of a system to protect information and system resources with respect to confidentiality and integrityExpand the definition this time to: Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.Privacy, Security, and TrustPersonal Information and Personal Data are used by European and Asian vendors but the USA uses Personally Identifiable InformationName, Address, SS#, CC#s, email address, passwords, DOB.</p> <p>personal data shall mean any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.Privacy, Security, and TrustImportant Terms:Data controller: An entity (whether a natural or legal person, public authority, agency or other body) which alone, jointly or in common with others determines the purposes for which and the manner in which any item of personal information is processedData processor: An entity (whether a natural or legal person, public authority, agency or any other body) which processes personal information on behalf and upon instructions of the Data ControllerData subject: An identified or identifiable individual to whom personal information relates, whether such identification is direct or indirect (for example, by reference to an identification number or to one or more factors specific to physical, physiological, mental, economic, cultural or social identity)PrivacyAccording to the United Nations, privacy is a fundamental human rightEuropean Convention on Human Rights also affirms this (1948)</p> <p>UK Human Rights act of 1998 also affirms this</p> <p>PrivacyThe United States of America disagrees with their NSAWe know they keep records of the following:All calls made in the USContent of some of these callsEmail, Facebook, and instant messagesRaw Internet Traffic</p> <p>PrivacyGenerally speaking, privacy concerns deal with:Personal informationParticularly concerned with keeping it out of the hands of the government</p> <p>The right to be left alone</p> <p>control information about ourselves</p> <p>PrivacyAdditional concerns:the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personally identifiable information</p> <p>focus on the harms that arise from privacy violationsPrivacy IssuesLack of User ControlFundamentally counter-intuitive to the cloud concept</p> <p>Leads to potential theft, misuse, and unauthorized resale by the vendors</p> <p>Privacy IssuesUnauthorized Secondary UsageCSP may gain revenue from authorized secondary uses of users data, most commonly the targeting of advertisements</p> <p>Risk of vendor demise; what happens if CPS goes bankrupt???Privacy IssuesData Proliferation and Transborder Data FlowDifficult to ascertain privacy compliance requirements in the cloud</p> <p>Difficult to ascertain WHERE our data actually isPrivacy IssuesDynamic ProvisioningUnclear what rights in the data will be acquired by data processors and their sub-contractors</p> <p>Unclear WHO is actually responsible for the dataTrustNo universally accepted scholarly definition yay!</p> <p>Trust is a psychological state comprising the intention to accept vulnerability based upon positive expectations of the intentions or behavior of anotherTrustPrevious definition is poor and doesnt cover the following concernsLetting the trustees take care of something the trustor cares about The subjective probability with which the trustor assesses that the trustee will perform a particular action The expectation that the trustee will not engage in opportunistic behavior A belief, attitude, or expectation concerning the likelihood that the actions or outcomes of the trustee will be acceptable or will serve the trustors interestsTrust IssuesFundamentally, trust is a difficult concept for users to grasptrust is hard to build and easy to lose: a single violation of trust can destroy years of slowly accumulated credibility</p> <p>Need to consider both social and technological aspects Trust IssuesBarriers to cloudadoption</p> <p>Addressing these issuesNeed consistent and coordinated development in three major categoriesInnovative regulatory frameworks</p> <p>Responsible company governance</p> <p>Supporting technologies</p> <p>Addressing these issuesInnovative regulatory frameworksAccountability which can allow global business and provide redress within cloud environments</p> <p>Addressing these issuesResponsible company governanceOrganizations act as a responsible steward of the data which is entrusted to them within the cloud, ensuring responsible behavior via accountability mechanisms and balancing innovation with individuals expectationsPrivacy by Design being a way of achieving this.Addressing these issuesPrivacy by Design 7 Key ConceptsProactive not Reactive; Preventative not RemedialPrivacy as the Default SettingPrivacy Embedded into DesignFull Functionality Positive-Sum, not Zero-SumEnd-to-End Security Full Lifecycle ProtectionVisibility and Transparency Keep it OpenRespect for User Privacy Keep it User-Centric</p> <p>Addressing these issuesSupporting technologiesthese include privacy enhancing technologies, security mechanisms, encryption, anonymization</p> <p>Privacy, Security, and trust in cloud computingBy: Siani PearsonPresented by: Kia Manoochehri</p>


View more >