privacy and security in the cloud
play

Privacy and security in the cloud Challenges and solutions for our - PowerPoint PPT Presentation

Dec 30, 2022 •528 likes •709 views

Privacy and security in the cloud Challenges and solutions for our future information society Panel Building trust the technical challenges World Summit on the Information Society Forum 25-29 May 2015 ITU, UNESCO, UNDP and UNCTAD

  1. Privacy and security in the cloud Challenges and solutions for our future information society — Panel ”Building trust – the technical challenges” World Summit on the Information Society Forum 25-29 May 2015 ITU, UNESCO, UNDP and UNCTAD Thomas L¨ anger thomas.laenger@unil.ch Swiss Cybersecurity Advisory & Research Group Universit´ e de Lausanne 28 May 2015 – 15:00-16:30 Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 1 / 17

  2. Talk outline ◮ Cloud computing is currently a ”big thing” in ICT ◮ it is a huge interdisciplinary arena with many stakeholders. ◮ Following the ITU workshop aims, I will address: ◮ cloud computing as a phenomenon and its environment ◮ its relation to the ”information infrastructure” ◮ identification of stakeholders ◮ its future between technical evolution and regulation ◮ current situation in clouds standardisation ◮ These issues are currently addressed in H2020 project PrismaCloud, which has just started in Feb. 2015 Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 2 / 17

  3. Definition of cloud computing There are no unique features or great novelties in ’cloud computing’. It is a collective term for, in the broadest sense, modern internet information systems . Widely accepted definition by the NIST (Special Publication SP800-145, 7 pages; emph. by me): Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction . This cloud model is composed of five essential characteristics, three service models, and four deployment models. Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 3 / 17

  4. This cloud model is composed of... five essential characteristics: ◮ On-demand self-service, Broad network access ◮ Resource pooling, Rapid elasticity, Measured service three service models: ◮ Software as a Service (SaaS) ◮ Platform as a Service (PaaS) ◮ Infrastructure as a Service (IaaS) four deployment models: ◮ Private cloud, Community cloud ◮ Public cloud, Hybrid cloud (all SP800-145) Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 4 / 17

  5. Cloud computing and information infrastructure One could argue whether the term ’cloud computing’ ◮ refers more to a new paradigm, or a ’clever’ marketing strategy? Cloud computing is possible and common, because of ◮ high level of computer availability facilitating ubiquity ◮ available wireless communication infrastructures ◮ with high bandwidth, especially also upstream Applications on top of advanced information infrastructures are often referred to as being ”cloud computing” Cloud computing ◮ is currently a huge market (magnitude 3-digit billion USD), ◮ with influential market participants and stakeholders Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 5 / 17

  6. Cloud market: A few figures Management consulter Accenture sees 46% of the IT spending for ’cloud-related platforms and applications’ by 2016 A Cloud Computing Forecast Summary for 2013 - 2017 from IDC, Gartner and KPMG; online: www. prweb. com/ releases/ 2013/ 11/ prweb11341594. htm , citing a study by Accenture (2013) The cloud computing market is by 2015 estimated to be in the region of USD 150 billion, and will probably grow by the year 2018 to around USD 200 billion Transparency Market Research: Cloud Computing Services Market - Global Industry Size, Share, Trends, Analysis And Forecasts 2012 - 2018, online: www. transparencymarketresearch. com/ cloud-computing-services-market. html ”Amazon Web Services is a $5 billion business and still growing fast” Amazon quaterly earnings report Q1/2015 phx. corporate-ir. net/ phoenix. zhtml? c= 97664& p= irol-newsArticle& ID= 20395989 Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 6 / 17

  7. Stakeholder groups with different interests Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 7 / 17

  8. 1: Cloud users Individuals - Administrations - Companies ◮ individuals use cloud storage with smart phones ◮ and the huge computing clouds of social and comm. networks ◮ administrations use cloud-based e-government services ◮ businesses outsource their processing and services We/They want to ◮ profit from convenience of ubiquitous cloud access ◮ get rid of backups and hardware management, ◮ consume a self-service which is: rapid, on-demand, elastic, pay-per-use ◮ they want privacy, integrity they had before the cloud Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 8 / 17

  9. 2. Corporations Cloud service providers want to offer and sell cloud services: ◮ Google-Android-YouTube: (bought 181 companies 2001-2015) ◮ Facebook (bought 53 companies 2005-2015) ◮ Microsoft-Azure-Skype, ◮ Amazon AWS etc. etc. Some of them also want to ’get a grip’ on the data or at least on the meta-data. Most public clouds reserve themselves access to ◮ who communicates with whom, ◮ and when, and where from (all these are metadata); ◮ establish detailed profiles of millions of individuals and dragnet or mine them for valuable information, ◮ identify potential ’targets’ for marketing Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 9 / 17

  10. 3: Regulation For sensitive data , like data in critical infrastructures , or private personal data (e.g. health data) , European legislation does not only reserve ultimate control of the data to its owner (which is in the case of the health case the patient), but also requires data confidentiality for extended periods of time (like 80 years into the future). On the other hands, companies move data between jurisdictions and such prevent the enforcement of legal rights. Big corporations use loop-holes in legal systems and influence policy processes by extensive lobbying. Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 10 / 17

  11. More pending risks in cloud computing As the cloud metaphor already indicates, you put your data into a cloud – you can’t ’see’ it any longer. But that’s just what you wanted to do: Give it to somebody else who should take care of it. This may be practical (see all the advantages), but leads to a series of information risks : ◮ Policy and organisational risks ◮ lack of control ◮ lack of information on processing ◮ loss of governance (data moved to another legislation) ◮ vendor lock in ◮ Technical risks ◮ isolation failure ◮ diverse data protection risks ◮ data loss ◮ abuse, malicious outsider and insider etc. Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 11 / 17

  12. Diagnosis Confidentiality of user data is one of the most crucial problems in current cloud offerings. Confidentiality is often only guaranteed on a contractual basis between cloud customer and the service provider. ◮ The customer of the cloud has insufficient means in hands, to cryptographically protect the data, ◮ whereas the cloud provider cannot plausibly deny that the entrusted data was modified or illegally copied. This is why individuals, companies and public administration hesitate to entrust valuable data to cloud services Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 12 / 17

  13. Horizon 2020 project: PrismaCloud approach A 3.5 year project with the goal to enable end-to-end security for cloud users , and to provide tools to protect their privacy with the best technical means – by cryptography ◮ Advance cryptography to support dynamicity and agility of cloud computing ◮ Provide means to protect the results of computations ◮ Protect privacy of users ◮ Protect data at rest ◮ Infrastructure attestation ◮ Make cryptography available, usable and economically relevant for clouds ◮ Evaluate its capabilities in real-life scenarios ◮ Put a focus on usability, policy, and standardisation Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 13 / 17

  14. Standardisation in cloud computing The ’standardisation landscape’ of cloud computing reflects the fast-growing, gold-rush style market, with a lagging behind technical capability and an uneven regulation: ◮ Probably more than 20 standards organisations and consortia are active in the field (see e.g. http://cloud-standards.org ) ◮ Probably hundreds of publications are available, among them standards for portability, interoperability, security, accessibility and performance ◮ The European Commission’s Cloud Computing Strategy identifies as Key Action 1 ”Cutting through the Jungle of Standards” (European Commission: European cloud computing strategy “Unleashing the potential of cloud computing in Europe” (2012), ec.europa.eu/digital-agenda/en/european-cloud-computing-strategy ) Thomas L¨ anger (Universit´ e de Lausanne) Privacy and security in the cloud 28 May 2015 – 15:00-16:30 14 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns Hopkins University What is Cloud Computing ? Lets hear from the experts 2 What is Cloud Computing ? The infinite wisdom of the crowds (via

709 views • 38 slides
beyond the technology privacy, trust and security in the cloud disclaimers about me age of the

beyond the technology privacy, trust and security in the cloud disclaimers about me age of the

beyond the technology privacy, trust and security in the cloud disclaimers about me age of the cloud BLOOMBERG FORBES BAIN AND COMPANY the other side of the coin beyond the technology ZDNET FORTUNE beyond the technology WIRED MASHABLE

904 views • 45 slides
Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology

Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology

Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology Transactions Practice Groups November 14, 2017 Linda Rhodes Joe Pennell Brad Peterson Partner Partner Partner 202-263-3382 312-701-8354

313 views • 29 slides
Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud Computing Services for Educational Institutions Presented by: Cristina Blanton Erin Fonte Associate Systemwide Compliance and Member, Privacy

310 views • 28 slides
PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian

PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian

PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH FOC2015 Vienna / 17.06.2015 Challenges for Future ICT Systems Cloud computing will be at the heart of future ICT

426 views • 17 slides
Data Security and Privacy in the Cloud Sara Foresti Dipartimento di Informatica Universit

Data Security and Privacy in the Cloud Sara Foresti Dipartimento di Informatica Universit

Data Security and Privacy in the Cloud Sara Foresti Dipartimento di Informatica Universit degli Studi di Milano sara.foresti@unimi.it Secure Cloud Services and Storage Workshop 2017 September 10, 2017 Oslo, Norway SPDP Lab c 1/32

761 views • 48 slides
Security & Privacy Issues in Mobile Cloud Computing Manmohan Chaturvedi ,1 , Sapna Malik,

Security & Privacy Issues in Mobile Cloud Computing Manmohan Chaturvedi ,1 , Sapna Malik,

Security & Privacy Issues in Mobile Cloud Computing Manmohan Chaturvedi ,1 , Sapna Malik, Preeti Aggarwal and Shilpa Bahl Ansal University, Gurgaon- 122011, India 1 mmchaturvedi@ansaluniversity.edu.in Indian Context The potential uptake

1.27k views • 28 slides
Security and Privacy at Scale Geetanjali Sampemane geta@google.com Cloud All your stuff is

Security and Privacy at Scale Geetanjali Sampemane geta@google.com Cloud All your stuff is

Security and Privacy at Scale Geetanjali Sampemane geta@google.com Cloud All your stuff is online All your stuff The cloud, aka "online" You Cloud v0? Shared multi-user computing: Multics, Unix, VMS, ... Online user

463 views • 22 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks

CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks

CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks Wei Wang ECE Dept. Worcester Polytechnic Institute (WPI) Security and Privacy Problems in the mobile and cloud computing Security and Privacy

608 views • 19 slides
Privacy-supporting cloud-based conference systems: protocol and verification Myrto Arapinis,

Privacy-supporting cloud-based conference systems: protocol and verification Myrto Arapinis,

Privacy-supporting cloud-based conference systems: protocol and verification Myrto Arapinis, Sergiu Bursuc, Mark Ryan School of Computer Science, University of Birmingham Security of cloud computing Does user have to trust the service provider?

589 views • 16 slides
PRISMACLOUD Cloud Security and Privacy by Design Horizon 2020 programme; duration 2/2015-7/2018

PRISMACLOUD Cloud Security and Privacy by Design Horizon 2020 programme; duration 2/2015-7/2018

PRISMACLOUD Cloud Security and Privacy by Design Horizon 2020 programme; duration 2/2015-7/2018 6th International Conference on eDemocracy Citizen rights in the world of the new computing paradigms Thomas L anger thomas.laenger@unil.ch

786 views • 17 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Communications and Electric Power Sectors: Need for Common Situation Awareness and Tools DIMACS

Communications and Electric Power Sectors: Need for Common Situation Awareness and Tools DIMACS

Communications and Electric Power Sectors: Need for Common Situation Awareness and Tools DIMACS Workshop on Algorithmic Decision Theory for the Smart Grid October 25, 2010 Daniel C. Hurley, Jr. Director, Critical Infrastructure

284 views • 14 slides
Attracting and Retaining Foreign Capital Flows Claude Lopez, PhD Director of International

Attracting and Retaining Foreign Capital Flows Claude Lopez, PhD Director of International

Attracting and Retaining Foreign Capital Flows Claude Lopez, PhD Director of International Finance and Macroeconomics Research Global Capital Inflows by Destination 2 The Reversal Observed Is Asset-Specific 3 And Country-Specific 4 How to

393 views • 10 slides
TRANSFORMING CITIES, TRANSPORTATION, AND AGRICULTURE WITH INTELLIGENT INFRASTRUCTURE AAAS 2018:

TRANSFORMING CITIES, TRANSPORTATION, AND AGRICULTURE WITH INTELLIGENT INFRASTRUCTURE AAAS 2018:

TRANSFORMING CITIES, TRANSPORTATION, AND AGRICULTURE WITH INTELLIGENT INFRASTRUCTURE AAAS 2018: Advancing Science Discovery to Application February 16, 2018 COMPUTING COMMUNITY CONSORTIUM The mission of the Computing Research Association's

465 views • 9 slides
Critical Information Infrastructure July 15 th 96 American president signed Executive Order

Critical Information Infrastructure July 15 th 96 American president signed Executive Order

6/21/2012 Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs 2012 Workshop on Cyber Security and Global Affairs and Global Security Forum UPC Barcelona Jun.

216 views • 9 slides
Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher

Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher

Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher Education Institutions Daniel Gelaw Alemneh, Ph.D University of North Texas Daniel.Alemneh@unt.edu AFRICA RESEARCH SYMPOSIUM Thinking and

608 views • 27 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and

RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and

Ecole Internationale de Printemps Syst` emes R epartis : METIS2008 RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and Engineering RFID Security gildas.avoine@uclouvain.be Introduction Outline

1.28k views • 95 slides

More recommend