Privacy-by-Design Regulatory Compliance Automation in Cloud Environment

The proposed Master's thesis revolves around the development of a privacy-preserving Attribute Verifier for regulatory compliance, first designed cryptographically, and then implemented in a Cloud Environment. The Attribute Verifier makes use of the Attribute Verification Protocol and its underlying encryption scheme, composed of Decentralized Attribute-Based Encryption (DABE) combined with a Zero- Knowledge Proof (ZKP) approach. The contribution of this work was integrating a ticketing system, concerning tickets of compliance, with the existing protocol, and automating the whole workflow, simulating all the actors involved, in AWS Cloud Environment. The major goal was to improve the security and privacy of sensitive data kept in the cloud as well as to comply with Cloud Regulatory, Standards, and different Data Protection Regulations. In particular, the use case covered in this Thesis refers to the General Protection Data Regulation (GDPR), specifically the compliance with Article 32. The word "Automation" in the title refers to the achievement of having automated in AWS Cloud Environment, through code, three main security objectives: Privacy, Identity and Access Management, and Attribute-based Access Control. A goal that was pursued because, in the majority of the cases, adherence to a Regulatory still requires heavy manual effort, especially when it's about pure Data Protection Regulations, i.e. in a legal setting. And when the manual effort is not required, confidentiality can be still heavily affected, and that's where the need for a privacy-by-design solution comes from. The Attribute Verifier was developed to verify the attributes of a Prover (e.g. a company, an institution, a healthcare provider, etc.) without revealing the actual attributes or assets and to grant access to encrypted data only if the verification is successful. The proposed example, among many applicable, it's the one a National Bank attempting to demonstrate to a Verifier, i.e. the European Central Bank, compliance with Article 32 of the GDPR

A Novel Fingerprinting Technique for Data Storing and Sharing through Clouds

With the emerging growth of digital data in information systems, technology faces the challenge of knowledge prevention, ownership rights protection, security, and privacy measurement of valuable and sensitive data. On-demand availability of various data as services in a shared and automated environment has become a reality with the advent of cloud computing. The digital fingerprinting technique has been adopted as an effective solution to protect the copyright and privacy of digital properties from illegal distribution and identification of malicious traitors over the cloud. Furthermore, it is used to trace the unauthorized distribution and the user of multimedia content distributed through the cloud. In this paper, we propose a novel fingerprinting technique for the cloud environment to protect numeric attributes in relational databases for digital privacy management. The proposed solution with the novel fingerprinting scheme is robust and efficient. It can address challenges such as embedding secure data over the cloud, essential to secure relational databases. The proposed technique provides a decoding accuracy of 100%, 90%, and 40% for 10% to 30%, 40%, and 50% of deleted record

Advanced Cloud Privacy Threat Modeling

Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat modeling as a part of requirements engineering in secure software development provides a structured approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities in a system . This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in relation to processing sensitive data in cloud computing environments. It describes the modeling methodology that involved applying Method Engineering to specify characteristics of a cloud privacy threat modeling methodology, different steps in the proposed methodology and corresponding products. We believe that the extended methodology facilitates the application of a privacy-preserving cloud software development approach from requirements engineering to design

Authentication and authorisation in entrusted unions

This paper reports on the status of a project whose aim is to implement and demonstrate in a real-life environment an integrated eAuthentication and eAuthorisation framework to enable trusted collaborations and delivery of services across different organisational/governmental jurisdictions. This aim will be achieved by designing a framework with assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption to address the security and confidentiality requirements of large distributed infrastructures. The framework supports collaborative secure distributed storage, secure data processing and management in both the cloud and offline scenarios and is intended to be deployed and tested in two pilot studies in two different domains, viz, Bio-security incident management and Ambient Assisted Living (eHealth). Interim results in terms of security requirements, privacy preserving authentication, and authorisation are reported

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors