Privacy, Security, and trust in cloud computing

  • Published on
    22-Feb-2016

  • View
    41

  • Download
    0

DESCRIPTION

Privacy, Security, and trust in cloud computing. By: Siani Pearson Presented by: Kia Manoochehri. Contents. Introduction Privacy Issues Security Issues Trust Issues Addressing these issues. Introduction. What is cloud computing? - PowerPoint PPT Presentation

Transcript

Privacy, Security, and trust issues arising from cloud computingPrivacy, Security, and trust in cloud computingBy: Siani PearsonPresented by: Kia ManoochehriContentsIntroductionPrivacy IssuesSecurity IssuesTrust IssuesAddressing these issuesIntroductionWhat is cloud computing?Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.Keep in mind hardware or software resources and also internet applications are included in this explanationPrivacy, Security, and TrustPrivacy and Trust have no standard universally accepted definitionThis is an intrinsic problem that we will discussWe defined security last time as the following:the ability of a system to protect information and system resources with respect to confidentiality and integrityExpand the definition this time to: Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.Privacy, Security, and TrustPersonal Information and Personal Data are used by European and Asian vendors but the USA uses Personally Identifiable InformationName, Address, SS#, CC#s, email address, passwords, DOB.personal data shall mean any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.Privacy, Security, and TrustImportant Terms:Data controller: An entity (whether a natural or legal person, public authority, agency or other body) which alone, jointly or in common with others determines the purposes for which and the manner in which any item of personal information is processedData processor: An entity (whether a natural or legal person, public authority, agency or any other body) which processes personal information on behalf and upon instructions of the Data ControllerData subject: An identified or identifiable individual to whom personal information relates, whether such identification is direct or indirect (for example, by reference to an identification number or to one or more factors specific to physical, physiological, mental, economic, cultural or social identity)PrivacyAccording to the United Nations, privacy is a fundamental human rightEuropean Convention on Human Rights also affirms this (1948)UK Human Rights act of 1998 also affirms thisPrivacyThe United States of America disagrees with their NSAWe know they keep records of the following:All calls made in the USContent of some of these callsEmail, Facebook, and instant messagesRaw Internet TrafficPrivacyGenerally speaking, privacy concerns deal with:Personal informationParticularly concerned with keeping it out of the hands of the governmentThe right to be left alonecontrol information about ourselvesPrivacyAdditional concerns:the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personally identifiable informationfocus on the harms that arise from privacy violationsPrivacy IssuesLack of User ControlFundamentally counter-intuitive to the cloud conceptLeads to potential theft, misuse, and unauthorized resale by the vendorsPrivacy IssuesUnauthorized Secondary UsageCSP may gain revenue from authorized secondary uses of users data, most commonly the targeting of advertisementsRisk of vendor demise; what happens if CPS goes bankrupt???Privacy IssuesData Proliferation and Transborder Data FlowDifficult to ascertain privacy compliance requirements in the cloudDifficult to ascertain WHERE our data actually isPrivacy IssuesDynamic ProvisioningUnclear what rights in the data will be acquired by data processors and their sub-contractorsUnclear WHO is actually responsible for the dataTrustNo universally accepted scholarly definition yay!Trust is a psychological state comprising the intention to accept vulnerability based upon positive expectations of the intentions or behavior of anotherTrustPrevious definition is poor and doesnt cover the following concernsLetting the trustees take care of something the trustor cares about The subjective probability with which the trustor assesses that the trustee will perform a particular action The expectation that the trustee will not engage in opportunistic behavior A belief, attitude, or expectation concerning the likelihood that the actions or outcomes of the trustee will be acceptable or will serve the trustors interestsTrust IssuesFundamentally, trust is a difficult concept for users to grasptrust is hard to build and easy to lose: a single violation of trust can destroy years of slowly accumulated credibilityNeed to consider both social and technological aspects Trust IssuesBarriers to cloudadoptionAddressing these issuesNeed consistent and coordinated development in three major categoriesInnovative regulatory frameworksResponsible company governanceSupporting technologiesAddressing these issuesInnovative regulatory frameworksAccountability which can allow global business and provide redress within cloud environmentsAddressing these issuesResponsible company governanceOrganizations act as a responsible steward of the data which is entrusted to them within the cloud, ensuring responsible behavior via accountability mechanisms and balancing innovation with individuals expectationsPrivacy by Design being a way of achieving this.Addressing these issuesPrivacy by Design 7 Key ConceptsProactive not Reactive; Preventative not RemedialPrivacy as the Default SettingPrivacy Embedded into DesignFull Functionality Positive-Sum, not Zero-SumEnd-to-End Security Full Lifecycle ProtectionVisibility and Transparency Keep it OpenRespect for User Privacy Keep it User-CentricAddressing these issuesSupporting technologiesthese include privacy enhancing technologies, security mechanisms, encryption, anonymizationPrivacy, Security, and trust in cloud computingBy: Siani PearsonPresented by: Kia Manoochehri

Recommended

View more >