Data security issues in cloud scenarios

The amount of data created, stored, and processed has enormously increased in the last years. Today, millions of devices are connected to the Internet and generate a huge amount of (personal) data that need to be stored and processed using scalable, efficient, and reliable computing infrastructures. Cloud computing technology can be used to respond to these needs. Although cloud computing brings many benefits to users and companies, security concerns about the cloud still represent the major impediment for its wide adoption. We briefly survey the main challenges related to the storage and processing of data in the cloud. In particular, we focus on the problem of protecting data in storage, supporting fine-grained access, selectively sharing data, protecting query privacy, and verifying the integrity of computations

Empowering Owners with Control in Digital Data Markets

We propose an approach for allowing data owners to trade their data in digital data market scenarios, while keeping control over them. Our solution is based on a combination of selective encryption and smart contracts deployed on a blockchain, and ensures that only authorized users who paid an agreed amount can access a data item. We propose a safe interaction protocol for regulating the interplay between a data owner and subjects wishing to purchase (a subset of) her data, and an audit process for counteracting possible misbehaviors by any of the interacting parties. Our solution aims to make a step towards the realization of data market platforms where owners can benefit from trading their data while maintaining control

Minimizing disclosure of private information in credential-based interactions : a graph-based approach

We address the problem of enabling clients to regulate disclosure of their credentials and properties when interacting with servers in open scenarios. We provide a means for clients to specify the sensitivity of information in their portfolio at a fine-grain level and to determine the credentials and properties to disclose to satisfy a server request while minimizing the sensitivity of the information disclosed. Exploiting a graph modeling of the problem, we develop a heuristic approach for determining a disclosure minimizing released information, that offers execution times compatible with the requirements of interactive access to Web resources

Open world reasoning in semantics-aware access control: A preliminary study

We address the relationships between theoretical foundations of Description Logics and practical applications of security-oriented Semantic Web techniques. We first describe the advantages of semantics-aware Access Control and review the state of the art; we also introduce the basics of Description Logics and the novel semantics they share. Then we translate the principle underlying the Little House Problem of DL into a real-world use case: by applying Open World Reasoning to the Knowledge Base modelling a Virtual Organization, we derive information not achievable with traditional Access Control methodologies. With this example, we also show that a general problem such as ontology mapping can take advantage of the enhanced semantics underlying OWL Lite and OWL DL to handle under-specified concepts

Privacy in Microdata Release: Challenges, Techniques, and Approaches

Releasing and disseminating useful microdata while ensuring that no personal or sensitive information is improperly exposed is a complex problem, heavily investigated by the scientific community in the past couple of decades. Various microdata protection approaches have then been proposed, achieving different privacy requirements through appropriate protection techniques. This chapter discusses the privacy risks that can arise in microdata release and illustrates some well-known privacy-preserving techniques and approaches

Towards privacy-aware identity management

The overall goal of the PRIME project (Privacy and Identity Management for Europe) is the development of a privacy-enhanced identity management system that allows users to control the release of their personal information. The PRIME architecture includes an Access Control component allowing the enforcement of protection requirements on personal identifiable information (PII). The overall goal of the PRIME project (Privacy and Identity Management for Europe) is the development of a privacy-enhanced identity management system that allows users to control the release of their personal information. The PRIME architecture includes an Access Control component allowing the enforcement of protection requirements on personal identifiable information (PII)

Dynamic Allocation for Resource Protection in Decentralized Cloud Storage

Decentralized Cloud Storage (DCS) networks represent an interesting solution for data storage and management. DCS networks rely on the voluntary effort of a considerable number of (possibly untrusted) nodes, which may dynamically join and leave the network at any time. To profitably rely on DCS for data storage, data owners therefore need solutions that guarantee confidentiality and availability of their data. In this paper, we present an approach enabling data owners to keep data confidentiality and availability under control, limiting the owners intervention with corrective actions when availability or confidentiality is at risk. Our approach is based on the combined adoption of AONT (All-Or-Nothing-Transform) and fountain codes. It provides confidentiality of outsourced data also against malicious coalitions of nodes, and guarantees data availability even in case of node failures. Our experimental evaluation clearly shows the benefits of using fountain codes with respect to other approaches adopted by current DCS networks

Practical techniques building on encryption for protecting and managing data in the Cloud

Companies as well as individual users are adopting cloud solutions at an over-increasing rate for storing data and making them accessible to others. While migrating data to the cloud brings undeniable benefits in terms of data availability, scalability, and reliability, data protection is still one of the biggest concerns faced by data owners. Guaranteeing data protection means ensuring confidentiality and integrity of data and computations over them, and ensuring data availability to legitimate users. In this chapter, we survey some approaches for protecting data in the cloud that apply basic cryptographic techniques, possibly complementing them with additional controls, to the aim of producing efficient and effective solutions that can be used in practice

A WOWA-based aggregation technique on trust values connected to metadata

Metadata produced by members of a diverse community of peers tend to contain low-quality or even mutually inconsistent assertions. Trust values computed on the basis of users' feedback can improve metadata quality and reduce inconsistency, eliminating untrustworthy assertions. In this paper, we describe an approach to metadata creation and improvement, where community members express their opinions on the trustworthiness of each assertion. Our technique aggregates individual trustworthiness values to obtain a community-wide assessment of each assertion. We then apply a global trustworthiness threshold to eliminate some assertions to reduce the metadatabase's overall inconsistency