Abstract
Privacy in cloud computing is at the moment simply a promise to be kept by the software service providers. Users are neither able to control the disclosure of personal data to third parties nor to check if the software service providers have followed the agreed-upon privacy policy. Therefore, disclosure of the users‘ data to the software service providers of the cloud raises privacy risks. In this article, we show a privacy risk by the example of using electronic health records abroad. As a countermeasure by an ex post enforcement of privacy policies, we propose to observe disclosures of personal data to third parties by using data provenance history and digital watermarking.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aura, T.: Distributed Access-Rights Managements with Delegations Certificates. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 211–235. Springer, Heidelberg (1999)
Buneman, P., Khanna, S., Tan, W.-C.: Why and Where: A Characterization of Data Provenance. In: Van den Bussche, J., Vianu, V. (eds.) ICDT 2001. LNCS, vol. 1973, pp. 316–330. Springer, Heidelberg (2000)
Casassa Mont, M., Pearson, S.: An Adaptive Privacy Management System for Data Repositories. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 236–245. Springer, Heidelberg (2005)
Chaum, D.: Blind Signatures for Untraceable Payments. In: McCurley, K.S., Ziegler, C.D. (eds.) CRYPTO 1982. LNCS, vol. 1440, pp. 199–203. Springer, Heidelberg (1999)
Cox, I.J., Miller, M.L., Bloom, J.A., Fridrich, J., Kalker, T.: Digital Watermarking and Steganography. Morgan Kaufmann, San Francisco (2008)
Li, M., Poovendran, R., Narayanan, S.: Protecting patient privacy against unauthorized release of medical images in a group communication environment. In: Comp. Medical Imaging and Graphics, vol. 29, pp. 367–383. Elsevier, Amsterdam (2005)
European Commission, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal of the European Communities, L 281, 395L0046, pp. 31–50 (October 24, 1995)
Deutscher Bundestag. Gesetz zur Modernisierung der gesetzlichen Krankenversicherung. Bundesgesetzblatt Jahrgang 2003 Teil I Nr. 55 (2003)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Computation 18(1), 186–208 (1989)
Google, Health Privacy Policy (2010), http://www.google.com/health
U.S. Department of Health & Human Services, Health Insurance Portability and Accountability Act of 1996 Privacy Rule (1996), http://www.cms.hhs.gov/HIPAAGenInfo
Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled Services for Enterprises. In: 13th Int. Workshop on Database and Expert Systems Applications, pp. 483–487. IEEE Computer Society, Los Alamitos (2002)
Mantel, H.: Information Flow Control and Applications Bridging a Gap. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 153–172. Springer, Heidelberg (2001)
Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O’Reilly Media, Sebastopol (2009)
Microsoft, HealthVault Privacy Policy (2010), http://www.healthvault.com
Müller, G., Accorsi, R., Höhn, S., Sackmann, S.: Sichere Nutzungskontrolle für mehr Transparenz in Finanzmärkten. Informatik-Spektrum 33(1) (2010)
Pfitzmann, B., Schunter, M.: Asymmetric Fingerprinting. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 84–95. Springer, Heidelberg (1996)
Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. CACM 49(9), 39–44 (2006)
Sackmann, S., Strüker, J., Accorsi, R.: Personalization in Privacy-Aware Highly Dynamic Systems. CACM 49(9), 32–38 (2006)
Sonehara, N., Echizen, I., Wohlgemuth, S., Müller, G., Tjoa, A. (eds.): Int. Workshop ISSI 2009 National Center for Sciences (2009), http://www.nii.ac.jp/issi
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Wohlgemuth, S., Echizen, I., Sonehara, N., Müller, G. (2010). Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds) Security and Privacy – Silver Linings in the Cloud. SEC 2010. IFIP Advances in Information and Communication Technology, vol 330. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15257-3_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-15257-3_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15256-6
Online ISBN: 978-3-642-15257-3
eBook Packages: Computer ScienceComputer Science (R0)