Designing privacy-aware systems in the cloud

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 9264, Issue , 2015, Pages 113-123

  Kalloniatis, Christos ^a  

^a UNIVERSITY OF THE AEGEAN   (Greece)

Author keywords

Cloud computing; Conceptual model; Design; Privacy; Process; Requirements

Indexed keywords

CLOUD COMPUTING; DATA PRIVACY; DESIGN; INTERNET; PROCESSING; WEB SERVICES; WORLD WIDE WEB;

CLOUD ENVIRONMENTS; CLOUD SERVICES; CONCEPTUAL MODEL; DESIGN AND IMPLEMENTATIONS; INTERNET USERS; PAY AS YOU GO; PRIVACY ISSUE; REQUIREMENTS;

DISTRIBUTED DATABASE SYSTEMS;

EID: 84943635770     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-319-22906-5_9     Document Type: Conference Paper

References (33)

1. Rainie, L, Kiesler, S., Kang, R, Madden, M: Anonymity, Privacy and Security Online, Carnegie Mellon University. http://www.pewinternet.org/2013/09/05/anonymity-privacyand- security-online/. Accessed 19 April 2015
2. TRUSTe: US Consumer Confidence Privacy Report. http://www.truste.com/us-consumerconfidence-index-2014/. Accessed 19 April 2015
3. Gritzalis, S.: Enhancing web privacy and anonymity in the digital era. Inf. Manage. Comput. Secur. 12(3), 255–288 (2004). Emerald Group Publishing Limited
4. Koorn, R., van Gils, H., Hart, J., Overbeek, P., Tellegen, R.: Privacy Enhancing Technologies, White paper for Decision Makers. Ministry of the Interior and Kingdom Relations, The Netherlands (2004)
5. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: The PriS method. Requirements Eng. J. 13(3), 241–255 (2008)
6. Mouratidis, H., Kalloniatis, C., Islam, S., Huget, M.P., Gritzalis, S.: Aligning security and privacy to support the development of secure information systems. J. Univ. Comput. Sci. 18 (12), 1608–1627 (2012)
7. Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management, white paper, v.0.34. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml. Accessed 19 April 2015
8. Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4, 1–13 (2013)
9. ITU Technology Watch: Privacy in Cloud Computing. International Telecommuni cations Union, Geneva, Switzerland (2012)
10. Manousakis, V., Kalloniatis, C., Kavakli, E., Gritzalis, S.: Privacy in the cloud: bridging the gap between design and implementation. In: Franch, X., Soffer, P. (eds.) CAiSE Workshops 2013. LNBIP, vol. 148, pp. 455–465. Springer, Heidelberg (2013)
11. Kalloniatis, C., Manousakis, V., Mouratidis, H., Gritzalis, S.: Migrating into the cloud: identifying themajor security and privacy concerns. In: Douligeris, C., Polemi, N., Karantjias, A., Lamersdorf, W. (eds.) Collaborative, Trusted and Privacy-Aware e/m-Services. IFIP AICT, vol. 399, pp. 73–87. Springer, Heidelberg (2013)
12. CSA Threats: Top Threats to Cloud Computing Results update 2012, Cloud Se-curity Alliance, Seattle, WA, USA (2012)
13. Pearson, S.: Privacy, security and trust in cloud computing. In: Pearson, S., Yee, G. (eds.) Computer Communications and Networks. Springer-Verlag, London (2013)
14. Kalloniatis, C., Mouratidis, H., Manousakis, V., Islam, S., Gritzalis, S., Kavakli, E.: Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Comput. Stan. Interfaces 36, 759–775 (2014)
15. EU Draft: EU Directive for Security issues in Cloud Computing. European Commission, Brussels, Belgium
16. Article 29 Data Protection Working Party, Opinion 05/2012 on Cloud Computing (2012). Accessed 09 December 2014
17. Microsoft Technical report: Privacy in the cloud computing era, a Microsoft perspective, Microsoft Corp, Redmond, USA, November 2009. Accessed 10 January 2015
18. Wei, J., Zhang, X., Ammons, G., Bala, V., Ning, P.: Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW 2009), pp. 91–96. ACM, New York (2009). doi: 10.1145/1655008.1655021 http://doi.acm.org/10.1145/1655008.1655021
19. Cannon, J.C.: Privacy: What Developers and IT Professionals Should Know. Addison-Wesley, Reading (2004)
20. Fischer-Hübner, S.: IT-Security and Privacy: Design and Use of Privacy Enhancing Security Mechanisms. LNCS, vol. 1958. Springer, Heidelberg (2001)
21. Kalloniatis, C., Kavakli, E., Kontellis, E.: PriS tool: a case tool for privacy-oriented RE. In: Doukidis, G., et al. (eds.) Proceedings of the MCIS 2009 4th Mediterranean Conference on Information Systems, Athens, Greece, pp. 913–925 (e-version), September 2009
22. Kalloniatis, C., Kavakli, E., Gritzalis, S.: PriS Methodology: incorporating privacy requirements into the system design process. In: Mylopoulos, J., Spafford, G. (eds.) Proceedings of the 13th IEEE International Requirements Engineering Conference–SREIS 2005 Symposium on Requirements Engineering for Information Security, Paris, France. IEEE CPS Conference Publishing Services, August 2005
23. Mouratidis, H., Giorgini, G.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Software Eng. Knowl. Eng. 17, 285–309 (2007)
24. Houmb, S.H., Islam, S., Knauss, E., Jürjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: an integration of common criteria, heuristics, and UMLsec. Requirements Eng. J. 15, 63–93 (2010)
25. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. J. 10, 34–44 (2005)
26. Romanosky, S., Acquisti, A., Hong, J., Cranor, L.F., Friedman, B.: Privacy patterns for online interactions. In: Proceedings of the 2006 Conference on Pattern Languages of Programs (PloP 2006), Portland, Oregon, pp. 12:1–12:9. ACM, New York, 21–23 October 2006
27. Hafiz, M.: A Pattern Language for Developing Privacy Enhancing Technologies. Software Practice and Experience. 43, 769–787 (2013)
28. Islam, S., Mouratidis, H., Wagner, S.: Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In: Wieringa, R., Persson, A. (eds.) REFSQ 2010. LNCS, vol. 6182, pp. 255–261. Springer, Heidelberg (2010)
29. Massey, A.K., Otto, P.N., Hayward, L.J., Antón, A.I.: Evaluating existing secu-rity and privacy requirements for legal compliance. Requirements Eng. J. 15, 119–137 (2010)
30. Mulazzani, M., Schrittwieser, S., Leithner, M., Huber, M., Weippl, E.: Dark clouds on the horizon: using cloud storage as attack vector and online slack space. In: Proceedings of the 20th USENIX Conference on Security, San Fransisco, CA, p. 5. USENIX Association, Berkeley, 8–12 August 2011
31. Gong, C., Liu, J., Zhang, Q., Chen, H., Gong, Z.: The characteristics of cloud computing. In: Proceedings of the 2010 39th International Conference on Parallel Processing Workshop, San Diego, CA, pp. 275–279. IEEE Computer Society, Washington, DC, 13-16 September 2010
32. Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: Proceedings of the 2nd IEEE International Conference on Cloud Computing Technology and Science, Indianapolis, Indiana, USA, pp. 693–702. IEEE Computer Society, UK, 30 November–3 December 2010
33. Islam, S., Mouratidis, H., Weippl, E.: A goal-driven risk management approach to support security and privacy analysis of cloud-based system. In: Security Engineering for Cloud Computing: Approaches and Tools. IGI global publication (2012)