Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Privacy smells: Detecting privacy problems in cloud architectures

 
: Kunz, I.; Schneider, A.; Banse, C.

:

Wang, G. ; Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020. Proceedings : 29 December 2020 - 1 January 2021, Guangzhou, China
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2020
ISBN: 978-1-6654-0393-1
ISBN: 978-1-6654-0392-4
S.1324-1331
International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) <19, 2020, Online>
Englisch
Konferenzbeitrag
Fraunhofer AISEC ()

Abstract
Many organizations are still reluctant to move sensitive data to the cloud. Moreover, data protection regulations have established considerable punishments for violations of privacy and security requirements. Privacy, however, is a concept that is difficult to measure and to demonstrate. While many privacy design strategies, tactics and patterns have been proposed for privacy-preserving system design, it is difficult to evaluate an existing system with regards to whether these strategies have or have not appropriately been implemented. In this paper we propose indicators for a system's non-compliance with privacy design strategies, called privacy smells. To that end we first identify concrete metrics that measure certain aspects of existing privacy design strategies. We then define smells based on these metrics and discuss their limitations and usefulness. We identify these indicators on two levels of a cloud system: the data flow level and the access control level. Using a cloud system built in Microsoft Azure we show how the metrics can be measured technically and discuss the differences to other cloud providers, namely Amazon Web Services and Google Cloud Platform. We argue that while it is difficult to evaluate the privacy-awareness in a cloud system overall, certain privacy aspects in cloud systems can be mapped to useful metrics that can indicate underlying privacy problems. With this approach we aim at enabling cloud users and auditors to detect deep-rooted privacy problems in cloud systems.

: http://publica.fraunhofer.de/dokumente/N-639272.html