Towards trustworthy cloud service selection: monitoring and assessing data privacy
Resumo
Cloud services consumers deal with a major challenge in selecting services from several providers. Facilitating these choices has become critical, and an important factor is the service trustworthiness. To be trusted by users, cloud providers should explicitly communicate their capabilities to ensure important functional and non-functional requirements (such as security, privacy, dependability, fairness, among others). Thus, models and mechanisms are required to provide indicators that can be used to support clients on choosing high quality services. This paper presents a solution to support privacy measurement and analysis, which can help the computation of trustworthiness scores. The solution is composed of a reference model for trustworthiness, a privacy model instance, and a privacy monitoring and assessment component. Finally, we provide an implementation capable of monitoring privacy-related information and performing analysis based on privacy scores for eight different datasets.
Palavras-chave:
Computação em Nuvem, Segurança, Monitoramento, Privacidade
Referências
Ahmed, M. and Hossain, M. A. (2014). Cloud computing and security issues in the cloud. International Journal of Network Security & Its Applications, 6(1):25.
Alvim, M. S., Andrés, M. E., Chatzikokolakis, K., Degano, P., and Palamidessi, C. (2011). Differential privacy: on the trade-off between utility and information leakage. In International Workshop on Formal Aspects in Security and Trust, pages 39-54. Springer.
Artz, D. and Gil, Y. (2007). A survey of trust in computer science and the semantic web. Journal of Web Semantics, 5(2):58 -71. Software Engineering and the Semantic Web.
Basso, T., Matsunaga, R., Moraes, R., and Antunes, N. (2016). Challenges on anonymity, privacy, and big data. In Dependable Computing (LADC), 2016 Seventh Latin-American Symposium on, pages 164-171. IEEE.
Bedi, P., Kaur, H., and Gupta, B. (2012). Trustworthy service provider selection in cloud computing environment. In Communication Systems and Network Technologies (CSNT), 2012 International Conference on, pages 714-719. IEEE.
Bernardi, S., Merseguer, J., and Petriu, D. C. (2011). A dependability profile within marte. Software & Systems Modeling, 10(3):313-336.
Biggs, G., Sakamoto, T., and Kotoku, T. (2016). A profile and tool for modelling safety information with design information in sysml. Software & Systems Modeling, 15(1):147-178.
Brickell, J. and Shmatikov, V. (2008). The cost of privacy: destruction of data-mining utility in anonymized data publishing. In Proceedings of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 70-78. ACM.
Cho, J.-H., Chan, K., and Adali, S. (2015). A survey on trust modeling. ACM Computing Surveys (CSUR), 48(2):28.
Douglas Miller (2017). Think cloud compliance: an introduction to cloud computing for legal and compliance professionals. https://download.microsoft.com/download/0/D/6/0D68AE95-6414-4074-B4B8-34039831E2BF/Introduction-to-Cloud-Computing-for-Legal-and-Compliance-Professionals.pdf.
Dujmovic, J. and Elnicki, R. (1982). A dms cost/benefit decision model: mathematical models for data management system evaluation, comparison, and selection. National Bureau of Standards, Washington DC, No. GCR, pages 82-374.
Dwork, C. (2008). Differential privacy: A survey of results. In International Conference on Theory and Applications of Models of Computation, pages 1-19. Springer.
ElEmam, K., Paton, D., Dankar, F., and Koru, G. (2011). De-identifying a public use microdata file from the canadian national discharge abstract database. BMC medical informatics and decision making, 11(1):53.
GDPR.ORG (2017). Eu general data protection regulation (gdpr) portal: Site overview. http://www.eugdpr.org/.
Habib, S. M., Ries, S., and Muhlhauser, M. (2011). Towards a trust management system for cloud computing. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on, pages 933-939. IEEE.
IBM Corporation (2006). An architectural blueprint for autonomic computing. IBM White Paper, 31:1-6.
Kim, S.-H., Ko, I.-Y., and Kim, S.-H. (2017). Quality of private information (qopi) model for effective representation and prediction of privacy controls in mobile computing. Computers & Security, 66:1-19.
Kuehnhausen, M., Frost, V. S., and Minden, G. J. (2012). Framework for assessing the trustworthiness of cloud resources. In Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2012 IEEE International Multi-Disciplinary Conference on, pages 142-145. IEEE.
Martinez, M., De Andres, D., and Ruiz, J.-C. (2014). Gaining confidence on dependability benchmarks' conclusions through"back-to-back"testing (practical experience report). In Dependable Computing Conference (EDCC), 2014 Tenth European, pages 130-137. IEEE.
Office of the Privacy Commissioner of Canada (2018). The personal information protection and electronic documents act. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/.
Planalto.gov.br (2018). Lei geral de proteo de dados (lgpd). http://www.planalto.gov.br/ccivil 03/ Ato2015-2018/2018/Mpv/mpv869.htm.
Prasser, F. and Kohlmayer, F. (2015). Putting statistical disclosure control into practice: The arx data anonymization tool. In Medical Data Privacy Handbook, pages 111-148. Springer.
Saaty, T. (1988). What is the analytic hierarchy process? Mathematical Models for Decision Support, 48:109-121.
Sedayao, J. (2012). Enhancing cloud security using data anonymization. White Paper, Intel Coporation.
Silva, H., Basso, T., Moraes, R., Elia, D., and Fiore, S. (2018). A re-identification risk-based anonymization framework for data analytics platforms. In 2018 14th European Dependable Computing Conference (EDCC), pages 101-106. IEEE.
U.S. Department of Health & Human Services 2017] U.S. Department of Health & Human Services (2017). Health information privacy. https://www.hhs.gov/hipaa/index.html.
Xiao, Z., Meng, X., and Xu, J. (2007). Quality aware privacy protection for location-based services. In International Conference on Database Systems for Advanced Applications, pages 434-446. Springer.
Zarrabi, F., Pavlidis, M., Mouratidis, H., Islam, S., and Preston, D. (2012). A meta-model for legal compliance and trustworthiness of information systems. In International Conference on Advanced Information Systems Engineering, pages 46-60. Springer.
Alvim, M. S., Andrés, M. E., Chatzikokolakis, K., Degano, P., and Palamidessi, C. (2011). Differential privacy: on the trade-off between utility and information leakage. In International Workshop on Formal Aspects in Security and Trust, pages 39-54. Springer.
Artz, D. and Gil, Y. (2007). A survey of trust in computer science and the semantic web. Journal of Web Semantics, 5(2):58 -71. Software Engineering and the Semantic Web.
Basso, T., Matsunaga, R., Moraes, R., and Antunes, N. (2016). Challenges on anonymity, privacy, and big data. In Dependable Computing (LADC), 2016 Seventh Latin-American Symposium on, pages 164-171. IEEE.
Bedi, P., Kaur, H., and Gupta, B. (2012). Trustworthy service provider selection in cloud computing environment. In Communication Systems and Network Technologies (CSNT), 2012 International Conference on, pages 714-719. IEEE.
Bernardi, S., Merseguer, J., and Petriu, D. C. (2011). A dependability profile within marte. Software & Systems Modeling, 10(3):313-336.
Biggs, G., Sakamoto, T., and Kotoku, T. (2016). A profile and tool for modelling safety information with design information in sysml. Software & Systems Modeling, 15(1):147-178.
Brickell, J. and Shmatikov, V. (2008). The cost of privacy: destruction of data-mining utility in anonymized data publishing. In Proceedings of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 70-78. ACM.
Cho, J.-H., Chan, K., and Adali, S. (2015). A survey on trust modeling. ACM Computing Surveys (CSUR), 48(2):28.
Douglas Miller (2017). Think cloud compliance: an introduction to cloud computing for legal and compliance professionals. https://download.microsoft.com/download/0/D/6/0D68AE95-6414-4074-B4B8-34039831E2BF/Introduction-to-Cloud-Computing-for-Legal-and-Compliance-Professionals.pdf.
Dujmovic, J. and Elnicki, R. (1982). A dms cost/benefit decision model: mathematical models for data management system evaluation, comparison, and selection. National Bureau of Standards, Washington DC, No. GCR, pages 82-374.
Dwork, C. (2008). Differential privacy: A survey of results. In International Conference on Theory and Applications of Models of Computation, pages 1-19. Springer.
ElEmam, K., Paton, D., Dankar, F., and Koru, G. (2011). De-identifying a public use microdata file from the canadian national discharge abstract database. BMC medical informatics and decision making, 11(1):53.
GDPR.ORG (2017). Eu general data protection regulation (gdpr) portal: Site overview. http://www.eugdpr.org/.
Habib, S. M., Ries, S., and Muhlhauser, M. (2011). Towards a trust management system for cloud computing. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on, pages 933-939. IEEE.
IBM Corporation (2006). An architectural blueprint for autonomic computing. IBM White Paper, 31:1-6.
Kim, S.-H., Ko, I.-Y., and Kim, S.-H. (2017). Quality of private information (qopi) model for effective representation and prediction of privacy controls in mobile computing. Computers & Security, 66:1-19.
Kuehnhausen, M., Frost, V. S., and Minden, G. J. (2012). Framework for assessing the trustworthiness of cloud resources. In Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2012 IEEE International Multi-Disciplinary Conference on, pages 142-145. IEEE.
Martinez, M., De Andres, D., and Ruiz, J.-C. (2014). Gaining confidence on dependability benchmarks' conclusions through"back-to-back"testing (practical experience report). In Dependable Computing Conference (EDCC), 2014 Tenth European, pages 130-137. IEEE.
Office of the Privacy Commissioner of Canada (2018). The personal information protection and electronic documents act. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/.
Planalto.gov.br (2018). Lei geral de proteo de dados (lgpd). http://www.planalto.gov.br/ccivil 03/ Ato2015-2018/2018/Mpv/mpv869.htm.
Prasser, F. and Kohlmayer, F. (2015). Putting statistical disclosure control into practice: The arx data anonymization tool. In Medical Data Privacy Handbook, pages 111-148. Springer.
Saaty, T. (1988). What is the analytic hierarchy process? Mathematical Models for Decision Support, 48:109-121.
Sedayao, J. (2012). Enhancing cloud security using data anonymization. White Paper, Intel Coporation.
Silva, H., Basso, T., Moraes, R., Elia, D., and Fiore, S. (2018). A re-identification risk-based anonymization framework for data analytics platforms. In 2018 14th European Dependable Computing Conference (EDCC), pages 101-106. IEEE.
U.S. Department of Health & Human Services 2017] U.S. Department of Health & Human Services (2017). Health information privacy. https://www.hhs.gov/hipaa/index.html.
Xiao, Z., Meng, X., and Xu, J. (2007). Quality aware privacy protection for location-based services. In International Conference on Database Systems for Advanced Applications, pages 434-446. Springer.
Zarrabi, F., Pavlidis, M., Mouratidis, H., Islam, S., and Preston, D. (2012). A meta-model for legal compliance and trustworthiness of information systems. In International Conference on Advanced Information Systems Engineering, pages 46-60. Springer.
Publicado
24/09/2019
Como Citar
BASSO, Tania ; SILVA, Hebert de Oliveira; MONTECCHI, Leonardo ; DE FRANÇA, Breno Bernard Nicolau; MORAES, Regina Lúcia de Oliveira.
Towards trustworthy cloud service selection: monitoring and assessing data privacy. In: WORKSHOP DE TESTES E TOLERÂNCIA A FALHAS (WTF), 20. , 2019, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 6-19.
ISSN 2595-2684.
DOI: https://doi.org/10.5753/wtf.2019.7711.
