Accountability as a way forward for privacy protection in the cloud

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5931 LNCS, Issue , 2009, Pages 131-144

  Pearson, Siani ^a   Charlesworth, Andrew ^b  

^a HEWLETT PACKARD LABORATORIES   (United Kingdom)

^b UNIVERSITY OF BRISTOL   (United Kingdom)

Author keywords

Accountability; Cloud computing; Privacy

Indexed keywords

CLOUD COMPUTING; PRIVACY AND SECURITY; PRIVACY PROTECTION; TECHNICAL SOLUTIONS;

COMPUTER SCIENCE;

EID: 71749090060     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-10665-1_12     Document Type: Conference Paper

References (57)

1. HP cloud website, http://h71028.www7.hp.com/enterprise/us/en/ technologies/cloud-computing.html?jumpid=ex-r2858-us/en/large/tsg/go-cloud
2. Pearson, S.: Taking Account of Privacy when Designing Cloud Computing Services. In: ICSE-Cloud 2009, Vancouver. IEEE, Los Alamitos (2009); HP Labs Technical Report, HPL-2009-54 (2009), http://www.hpl.hp.com/techreports/2009/ HPL-2009-54.html
3. Solove, D.J.: A Taxonomy of Privacy. University of Pennsylvania Law Review 154(3), 477-564 (2006)
4. Council Directive 95/46/EC: On the protection of individuals with regard to the processing of personal data and on the free movement of such data. OJ, L281, pp. 31-50 (1995)
5. Ackerman, M., Darrell, T., Weitzner, D.: Privacy in Context. Human Computer Interaction 16(2), 167-176 (2001)
6. Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing (2009), http://www.cloudsecurityalliance.org/guidance/csaguide. pdf
7. Gellman, R.: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing. World Privacy Forum (2009), http://www.worldprivacyforum. org/pdf/WPF-Cloud-Privacy-Report.pdf
8. Abrams, M.: A Perspective: Data Flow Governance in Asia Pacific & APEC Framework (2008), http://ec.europa.eu/justice-home/news/information- dossiers/personal-data-workshop/speeches-en.htm
9. Kohl, U.: Jurisdiction and the Internet. Cambridge University Press, Cambridge (2007)
10. Mowbray, M.: The Fog over the Grimpen Mire: Cloud Computing and the Law. Script-ed Journal of Law, Technology and Society 6(1) (April 2009)
11. Hall, J.A., Liedtka, S.L.: The Sarbanes-Oxley Act: implications for large-scale IT outsourcing. Communications of the ACM 50(3), 95-100 (2007)
12. McKinley, P.K., Samimi, F.A., Shapiro, J.K., Chiping, T.: Service Clouds: A Distributed Infrastructure for Constructing Autonomic Communication Services. In: Dependable, Autonomic and Secure Computing, pp. 341-348. IEEE, Los Alamitos (2006)
13. Microsoft Corporation: Privacy Guidelines for Developing Software Products and Services, v2.1a (2007), http://www.microsoft.com/Downloads/details. aspx?FamilyID=c48cf80f-6e87-48f5-83ec-a18d1ad2fc1f&displaylang=en
14. Information Commissioners Office: Privacy by Design, Report (2008), http://www.ico.gov.uk
15. Bamberger, K., Mulligan, D.: Privacy Decision-making in Administrative Agencies. University of Chicago Law Review 75(1) (2008)
16. Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review 79(1), 119-158 (2004)
17. 6, P.: Who wants privacy protection, and what do they want? Journal of Consumer Behaviour 2(1), 80-100 (2002)
18. Cederquist, J.G., Conn, R., Dekker, M.A.C., Etalle, S., den Hartog, J.I.: An audit logic for accountability. In: Policies for Distributed Systems and Networks, pp. 34-43. IEEE, Los Alamitos (2005)
19. UK Information Commissioner's Office A Report on the Surveillance Society (2006)
20. Charlesworth, A.: The Future of UK Data Protection Regulation. Information Security Technical Report 11(1), 46-54 (2006)
21. Charlesworth, A.: Information Privacy Law in the European Union: E. Pluribus Unum. or Ex. Uno. Plures. Hastings Law Review 54, 931-969 (2003)
22. Weitzner, D., Abelson, H., Berners-Lee, T., Hanson, C., Hendler, J.A., Kagal, L., McGuinness, D.L., Sussman, G.J., Waterman, K.K.: Transparent Accountable Data Mining: New Strategies for Privacy Protection. In: Proceedings of AAAI Spring Symposium on The Semantic Web meets eGovernment. AAAI Press, Menlo Park (2006)
23. Crompton, M., Cowper, C., Jefferis, C.: The Australian Dodo Case: an insight for data protection regulation. World Data Protection Report 9(1) (2009)
24. Dolnicar, S., Jordaan, Y.: Protecting Consumer Privacy in the Company's Best Interest. Australasian Marketing Journal 14(1), 39-61 (2006)
25. Tweney, A., Crane, S.: Trustguide2: An exploration of privacy preferences in an online world. In: Cunningham, P., Cunningham, M. (eds.) Expanding the Knowledge Economy. IOS Press, Amsterdam (2007)
26. Organization for Economic Co-operation and Development: Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data. OECD, Geneva (1980)
27. Truste: Website (2009), http://www.truste.org/
28. SLA@SOI: Website (2009), http://sla-at-soi.eu/
29. Creative Commons: Creative Commons Home Page (2009), http:// creativecommons.org
30. Casassa Mont, M.: Dealing with privacy obligations: Important aspects and technical approaches. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 120-131. Springer, Heidelberg (2004)
31. Mowbray, M., Pearson, S.: A Client-Based Privacy Manager for Cloud Computing. In: Proc. COMSWARE 2009. ACM, New York (2009)
32. Yao, A.C.: How to Generate and Exchange Secrets. In: Proc. FoCS, pp. 162-167. IEEE, Los Alamitos (1986)
33. IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL specification, v1.2 (2004), http://www.zurich.ibm.com/security/enterprise- privacy/epal/
34. OASIS: XACML, http://www.oasis-open.org/committees/tc-home.php?wg-abbrev= xacml
35. Cranor, L.: Web Privacy with P3P. O'Reilly & Associates, Sebastopol (2002)
36. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001), http://wwwdse.doc.ic.ac.uk/research/policies/ index.shtml
37. Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. In: Mařík, V., Štěpánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, pp. 377-382. Springer, Heidelberg (2003)
38. Pearson, S.: Trusted computing: Strengths, weaknesses and further opportunities for enhancing privacy. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 305-320. Springer, Heidelberg (2005)
39. Kenny, S., Korba, L.: Applying Digital Rights Management Systems to Privacy Rights Management Computers & Security 21(7) (2002)
40. Tang, Q.: On Using Encryption Techniques to Enhance Sticky Policies Enforcement. TRCTIT-08-64, Centre for Telematics and Information Technology, Uni. Twente (2008)
41. Golle, P., McSherry, F., Mironov, I.: Data Collection with self-enforcing privacy. In: CCS 2006, Alexandria, Virginia, USA. ACM, New York (2006)
42. Cavoukian, A., Crompton, M.: Web Seals: A review of Online Privacy Programs. In: Privacy and Data Protection (2000), http://www.privacy.gov.au/ publications/seals.pdf
43. Elahi, T., Pearson, S.: Privacy Assurance: Bridging the Gap between Preference and Practice. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds.) TrustBus. LNCS, vol. 4657, pp. 65-74. Springer, Heidelberg (2007)
44. Casassa Mont, M., Thyne, R.: A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 118-134. Springer, Heidelberg (2006)
45. Kenny, S., Borking, J.: The Value of Privacy Engineering. JILT, 1 (2002), http://elj.warwick.ac.uk/jilt/02-1/kenny.html
46. IBM: Sparcle project, http://domino.research.ibm.com/comm/research- projects.nsf/pages/sparcle.index.html
47. IBM: REALM project, http://www.zurich.ibm.com/security/publications/2006/ REALM-at-IRIS2006-20060217.pdf
48. Travis, D., Breaux, T.D., Antón, A.I.: Analyzing Regulatory Rules for Privacy and Security Requirements. Transactions on Software Engineering 34(1), 5-20 (2008)
49. OASIS: eContracts Specification v1.0 (2007), http://www.oasis-open.org/ apps/org/workgroup/legalxml-econtracts
50. EnCoRe: Ensuring Consent and Revocation project (2008), http://www.encore-project.info
51. Flegel, U.: Pseudonymising Unix Log Files. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 162-179. Springer, Heidelberg (2002)
52. Gritzalis, D., Moulinos, K., Kostis, K.: A Privacy-Enhancing e-Business Model Based on Infomediaries. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 72-83. Springer, Heidelberg (2001)
53. Pearson, S., Sander, T., Sharma, R.: A Privacy Management Tool for Global Outsourcing. In: DPM 2009 (2009)
54. Warren, A., Bayley, R., Charlesworth, A., Bennett, C., Clarke, R., Oppenheim, C.: Privacy Impact Assessments: international experience as a basis for UK guidance. Computer Law and Security Report 24(3), 233-242 (2008)
55. Trusted Computing Group (2009), https://www.trustedcomputinggroup.org
56. Pearson, S., Casassa Mont, M.: A System for Privacy-aware Resource Allocation and Data Processing in Dynamic Environments. In: I-NetSec 2006, vol. 201, pp. 471-482. Springer, Heidelberg (2006)
57. Dalton, C., Plaquin, D., Weidner, W., Kuhlmann, D., Balacheff, B., Brown, R.: Trusted virtual platforms: a key enabler for converged client devices. Operating Systems Review 43(1), 36-43 (2009)