Jump to Navigation


Latest articles

How to Govern the Cloud? Characterizing the Optimal Enforcement Institution that Supports Accountability in Cloud Computing

This paper applies economic governance theory to the cloud computing industry. We analyze which governance institution may be best suited to solve the problems stemming from asymmetric information about the true level of data protection, security, and accountability offered by cloud service providers. We conclude that certification agencies - private, independent organizations which award certificates to cloud service providers meeting certain technical and organizational criteria - are the optimal institution available.

Monitoring Personal Data Transfers in the Cloud

Cloud computing brings a number of compliance risks to organisations because physical perimeters are not clearly delimited. Many regulations relate to the location of the data processing (and storage), including the EU Data protection directive. A major problem for cloud service consumers, acting as data controllers, is how to demonstrate compliance to data transfer constraints. We address the lack of tools to support accountable data localization and transfer across cloud software, platform and infrastructure services, usually run by data processors.

Modeling and simulation as a cloud service: A Survey

Modelling and simulation as a service (MSaaS) is defined, and the differences between MSaaS and Software as a Service are clarified. MSaaS architectures and deployment strategies are surveyed. The top threats to cloud computing and MSaaS, the other security challenges and technical requirements are explained. Accountability, risk and trust modelling are related to each other and also to security and privacy. Those notions and their relations are presented.

ClouDedup: Secure Deduplication with Encrypted Data for Cloud Storage

With the continuous and exponential increase of the number of users and the size of their data, data deduplication becomes more and more a necessity for cloud storage providers. By storing a unique copy of duplicate data, cloud providers greatly reduce their storage and data transfer costs. The advantages of deduplication unfortunately come with a high cost in terms of new security and privacy challenges. We propose ClouDedup, a secure and efficient storage service which assures block-level deduplication and data confidentiality at the same time.

Supporting Cloud Accountability by Collecting Evidence Using Audit Agents

Today's cloud services process data and let it often unclear to customers, how and by whom data is collected, stored and processed. This hinders the adoption of cloud computing by businesses. One way to address this problem is to make clouds more accountable, which has to be provable by third parties through audits. In this paper we present a cloud-adopted evidence collection process, possible evidence sources and discuss privacy issues in the context of audits. We introduce an agent based architecture, which is able to perform audit processing and reporting continuously.

A Metamodel for Measuring Accountability Attributes in the Cloud

Cloud governance, and in particular data governance in the cloud, relies on different technical and organizational practices and procedures, such as policy enforcement, risk management, incident management and remediation. The concept of accountability encompasses such practices, and is essential for enhancing security and trustworthiness in the cloud. Besides this, proper measurement of cloud services, both at a technical and governance level, is a distinctive aspect of the cloud computing model.

Enhancing Transparency with Distributed Privacy-Preserving Logging

Transparency of data processing is often a requirement for compliance to legislation and/or business requirements. Furthermore, it has recognised as a key privacy principle, for example in the European Data Protection Directive. At the same time, transparency of the data processing should be limited to the users involved in order to minimise the leakage of sensitive business information and privacy of the employees (if any) performing the data processing.

Distributed Privacy-Preserving Transparency Logging

We present a transparency-enhancing tool in the form of a cryptographic scheme that enables data processors to inform users about the actual data processing that takes place on their personal data. Our proposed solution can handle arbitrary processes while offloading storage and interactions with users to dedicated log servers. On top of strong integrity and confidentiality properties, our scheme takes users' privacy one step further by making it impossible to link multiple log entries for the same user or user identifiers across multiple data processors (for distributed processes).

Control as a Means towards Accountable Services in the Cloud

Accountability provides the necessary assurance to different stakeholders (customers, auditors, regulators) about the correct execution of the obligations of each party involved in a cloud service. It requires rigorous orchestration of several security mechanisms across services, such as authentication, authorisation, logging, etc. In this paper we advocate that providing control to cloud consumers mitigates a series of risks related to the correct data handling in the cloud.

Toward Accountability in the Cloud

Accountability is likely to become a core concept in both the cloud and in new mechanisms that help increase trust in cloud computing. These mechanisms must be applied in an intelligent way, taking context into account and avoiding a one-size-fits-all approach.

Read more in A4Cloud Publications.