Data Flow Management and Compliance in Cloud Computing

@article{Singh2015DataFM,
  title={Data Flow Management and Compliance in Cloud Computing},
  author={Jatinder Singh and Julia E. Powles and Thomas Pasquier and Jean Bacon},
  journal={IEEE Cloud Computing},
  year={2015},
  volume={2},
  pages={24-32}
}
As cloud computing becomes an increasingly dominant means of providing computing resources, the legal and regulatory issues associated with data in the cloud become more pronounced. These issues derive primarily from four areas: contract, data protection, law enforcement, and regulatory and common law protections for particularly sensitive domains such as health, finance, fiduciary relations, and intellectual property assets. From a technical perspective, these legal requirements all impose… 

Figures from this paper

Camflow: Managed Data-Sharing for Cloud Services
TLDR
The potential of cloud-deployed IFC for enforcing owners’ data flow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software is discussed.
Data-Centric Access Control for Cloud Computing
TLDR
This paper considers how IFC can be integrated with application-specific access control, transparently from application developers, while building from simple IFC primitives, access control policies that align with the data management obligations of cloud providers and tenants.
Information Flow Audit for Transparency and Compliance in the Handling of Personal Data
  • Thomas Pasquier, D. Eyers
  • Computer Science
    2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW)
  • 2016
TLDR
This paper explores how an Information Flow Audit mechanism, that provides key data regarding provenance, can be used to verify compliance with regulatory and contractual duty, and survey potential extensions.
Information Flow Audit for PaaS Clouds
TLDR
It is demonstrated how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools, which allows detailed understanding of the overall system.
On Information Flow Control and Audit for Demonstrable Compliance in the Cloud
TLDR
It is shown that information captured during DIFC enforcement allows the generation of a provenance-like directed graph representing whole-system data exchange, and it can be ascertained that there is no path in which personal data was transferred to another tenant without being anonymised.
Clouds of Things Need Information Flow Control with Hardware Roots of Trust
TLDR
An approach based on Information Flow Control (IFC) is proposed that allows for the continuous, end-to-end enforcement of data flow policy, and the generation of provenance-like audit logs to demonstrate policy adherence and contractual/regulatory compliance.
Backup Monitoring in Large Heterogeneous Business Cloud Computing Environments A Framework for the Development of a Reliable Automated Process
TLDR
The study addresses the gap by building a proof of concept software artefact and proposing a conceptual framework that may be used to guide the development of a reliable backup monitoring process and related software, particularly in large heterogeneous system environments.
Regulations and Standards in Public Cloud: A Centrally Driven Technique for Subscribers
TLDR
This work presents the prominent security standards suggested by the leading security institutions including NIST, CSA, ENISA, ISO, etc., that are applicable to the public cloud that a centrally-driven scheme is proposed in order to empower the subscriber to know the regulation and standards applicable according to their services need.
Cloud Computing and Security Issues in the Cloud
TLDR
A review on the cloud computing concepts as well as security issues inherent within the context of cloud computing and cloud infrastructure is presented.
Twenty Legal Considerations for Clouds of Things
This paper provides a survey of key legal questions arising in the EU at the intersection of cloud computing and the Internet of Things, which we term “Clouds of Things”. We consider implications for
...
1
2
3
4
...

References

SHOWING 1-10 OF 16 REFERENCES
Expressing and Enforcing Location Requirements in the Cloud Using Information Flow Control
TLDR
Information Flow Control (IFC) is investigated as a possible technical solution to expressing, enforcing and demonstrating compliance of cloud computing systems with policy requirements inspired by data protection and other laws.
Camflow: Managed Data-Sharing for Cloud Services
TLDR
The potential of cloud-deployed IFC for enforcing owners’ data flow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software is discussed.
Information Flow Control for Secure Cloud Computing
TLDR
The properties of cloud computing-Platform-as-a-Service clouds in particular- are described and a range of IFC models and implementations are reviewed to identify opportunities for using IFC within a cloud computing context.
Policy, Legal and Regulatory Implications of a Europe-Only Cloud
TLDR
This paper provides an outline of key legal and regulatory aspects arising from recent calls for establishing a Europe-only cloud by analysing what may be meant by "cloud", "Europe", and "only" in this connection.
Trustworthy geographically fenced hybrid clouds
TLDR
The vision of trustworthy geographically fenced hybrid clouds (TGHC), a generic, scalable and extensible middleware system to automatically bridge the gap between applications with their integrity and geo-fencing policies, and raw hardware infrastructure is presented.
Twenty Security Considerations for Cloud-Supported Internet of Things
TLDR
This paper focuses on security considerations for IoT from the perspectives of cloud tenants, end-users, and cloud providers, in the context of wide-scale IoT proliferation, working across the range of IoT technologies.
A decentralized model for information flow control
TLDR
This paper presents a new model for controlling information flo w in systems with mutual distrust and decentralized authority that improves on existing multilevel security models by allowing users to declassify information in a decentralized way, and by improving support for fine-grained data sharing.
The Case for VM-Based Cloudlets in Mobile Computing
TLDR
The results from a proof-of-concept prototype suggest that VM technology can indeed help meet the need for rapid customization of infrastructure for diverse applications, and this article discusses the technical obstacles to these transformations and proposes a new architecture for overcoming them.
Sticky Policies: An Approach for Managing Privacy across Multiple Parties
TLDR
The EnCoRe project has developed a technical solution for privacy management that is suitable for use in a broad range of domains, enabling users to improve control over their personal information.
Can homomorphic encryption be practical?
TLDR
A proof-of-concept implementation of the recent somewhat homomorphic encryption scheme of Brakerski and Vaikuntanathan, whose security relies on the "ring learning with errors" (Ring LWE) problem, and a number of application-specific optimizations to the encryption scheme, including the ability to convert between different message encodings in a ciphertext.
...
1
2
...