Data protection-aware design for cloud services

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5931 LNCS, Issue , 2009, Pages 119-130

  Creese, Sadie ^a   Hopkins, Paul ^a   Pearson, Siani ^b   Shen, Yun ^b  

^a UNIVERSITY OF WARWICK   (United Kingdom)

^b HEWLETT PACKARD LABORATORIES   (United Kingdom)

Author keywords

Capability maturity model; Cloud computing; Data protection; Design pattern; Information security; Privacy

Indexed keywords

CAPABILITY MATURITY MODELS; CLOUD COMPUTING; DATA PROTECTION; DESIGN PATTERNS; INFORMATION ASSURANCE; NETWORK SECURITY AND PRIVACY; NEW CONCEPT; PRIVACY CONTROL; SERVICE LEVEL AGREEMENTS; THIRD PARTIES;

DESIGN; INTERNET; NETWORK SECURITY; SOFTWARE ENGINEERING;

DATA PRIVACY;

EID: 71849115601     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-10665-1_11     Document Type: Conference Paper

References (40)

1. Gartner: Forecast: Sizing the Cloud; Understanding the Opportunities in Cloud Services (March 2009)
2. Pearson, S.: Taking Account of Privacy when Designing Cloud Computing Services. In: ICSE-Cloud 2009, Vancouver. IEEE, Los Alamitos (2009); HP Labs Technical Report, HPL-2009-54 (2009), http://www.hpl.hp.com/techreports/2009/ HPL-2009-54.html
3. Solove, D.J.: A Taxonomy of Privacy. University of Pennyslavania Law Review 154(3), 477 (2006), http://papers.ssrn.com/sol3/papers.cfm?abstract-id= 667622
4. Council Directive 95/46/EC. On the protection of individuals with regard to the processing of personal data and on the free movement of such data. OJ, L281, pp. 31-50 (1995)
5. Wikipedia (2009), http://en.wikipedia.org/wiki/Capability-Maturity-Model
6. Smith, R.: Cloud Maturity Models Don't Make Sense (2008), http://www.informationweek.com/blog/main/archives/2008/12/cloud-maturity. html;jsessionid=OL1NSZLUOGDMCQSNDLPCKHSCJUNN2JVN
7. Urquhart, J.: A maturity model for cloud computing (2009), http://news.cnet.com/8301-19413-3-10122295-240.html
8. Sorofman, J.: The cloud computing adoption model (2009), http://www.ddj.com/architect/211201818
9. Wardley, S.: Maturity models for the cloud (2009), http://blog. gardeviance.org/2008/12/maturity-models-for-cloud.html
10. OpenGroup: A Maturity Model for SOA (2009), http://www.opengroup.org/ projects/soa-book/page.tpl?CALLER=faq.tpl&ggid=1319
11. Microsoft Corporation: Privacy Guidelines for Developing Software Products and Services, Version 2.1a (2007), http://www.microsoft.com/Downloads/ details.aspx?FamilyID=c48cf80f-6e87-48f5-83eca18d1ad2fc1f&displaylang=en
12. Cannon, J.C.: Privacy: What Developers and IT Professionals Should Know. Addison-Wesley, Reading (2004)
13. Patrick, A., Kenny, S.: From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interactions. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 107-124. Springer, Heidelberg (2003)
14. Belloti, V., Sellen, A.: Design for Privacy in Ubiquitous Computing Environments. In: Proc. 3rd conference on European Conference on Computer-Supported Cooperative Work, pp. 77-92 (1993)
15. Information Commissioner's Office: PIA handbook (2007), http://www.ico.gov.uk/
16. Office of the Privacy Commissioner of Canada: Fact sheet: Privacy impact assessments (2007), http://www.privcom.gc.ca/
17. Information Commissioners Office: Privacy by Design. Report (2008), http://www.ico.gov.uk
18. Jutla, D.N., Bodorik, P.: Sociotechnical architecture for online privacy. IEEE Security and Privacy 3(2), 29-39 (2005)
19. Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Transactions on Software Engineering, 1-42 (2008)
20. Alexander, C., Ishikawa, S., Silverstein, M., Jacobson, M., Fiksdahl-King, I., Angel, S.: A Pattern Language: Towns, Buildings, Construction. Oxford University Press, Oxford (1977)
21. Arista, Cloud Networking: Design Patterns for 'Cloud Centric' Application Environments (2009), http://www.aristanetworks.com/en/ CloudCentricDesignPatterns.pdf
22. Hafiz, M.: A collection of privacy design patterns. Pattern Languages of Programs, 1-13 (2006)
23. Pearson, S., Sander, T., Sharma, R.: A Privacy Management Tool for Global Outsourcing. In: DPM 2009. LNCS, vol. 5939. Springer, Heidelberg (2009)
24. The Institute of Internal Auditors: Managing and Auditing Privacy Risks, http://www.theiia.org/download.cfm?file=33917
25. Casassa Mont, M.: Dealing with privacy obligations: Important aspects and technical approaches. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 120-131. Springer, Heidelberg (2004)
26. Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. In: Mařík, V., Štěpánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, pp. 377-382. Springer, Heidelberg (2003)
27. IBM, The Enterprise Privacy Authorization Language (EPAL), EPAL specification, v1.2 (2004), http://www.zurich.ibm.com/security/enterprise- privacy/epal/
28. OASIS, eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/tc-home.php?wg-abbrev=xacml
29. Cranor, L.: Web Privacy with P3P. O'Reilly & Associates, Sebastopol (2002)
30. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001), http://wwwdse.doc.ic.ac.uk/research/policies/ index.shtml
31. Tang, Q.: On Using Encryption Techniques to Enhance Sticky Policies Enforcement, Technical Report TR-CTIT-08-64, Centre for Telematics and Information Technology, University of Twente, Enschede (2008)
32. Pöhls, H.C.: Verifiable and Revocable Expression of Consent to Processing of Aggregated Personal Data. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 279-293. Springer, Heidelberg (2008)
33. Schunter, M., Waidner, M.: Simplified privacy controls for aggregated services - suspend and resume of personal data. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 218-232. Springer, Heidelberg (2007)
34. Clarke, I., Miller, S.G.: Protecting Free Expression Online with Freenet. IEEE Computing (2002)
35. Rhea, S., Eaton, P., Geels, D., Weatherspoon, H., Zhao, B., Kubiatowicz. J.: Pond: the OceanStore Prototype. In: FAST 2003 (2003)
36. Huang, C.D., Goo, J.: Rescuing IT Outsourcing- Strategic Use of Service Level Agreements, IT Pro. (2009)
37. Yearworth, M., Monahan, B., Pym, D.: Predictive Modelling for Security Operations Economics, HPL-2006-125 (2006)
38. EU FP7 Network of Excellence(2009) , http://www.coregrid.net/
39. EU FP7 Project SLA Aware Infrastructure (2009), http://sla-at-soi.eu/
40. EnCoRe: Ensuring Consent and Revocation project (2008), http://www.encore-project.info