The purpose of this study is to propose an approach to avoid having to trust a single entity in cloud-based applications. In cloud computing, data processing is delegated to a remote party for efficiency and flexibility reasons. A practical user requirement usually is data privacy; hence, the confidentiality and integrity of data processing needs to be protected. In the common scenarios of cloud computing today, this can only be achieved by assuming that the remote party does not in any form act maliciously.
An approach that avoids having to trust a single entity is proposed. This approach is based on two concepts: the technical abstraction of sealed computation, i.e. a technical mechanism to confine a privacy-aware processing of data within a tamper-proof hardware container, and the role of an auditing party that itself cannot add functionality to the system but is able to check whether the system (including the mechanism for sealed computation) works as expected.
Discussion and analysis of the abstract, technical and procedural requirements of these concepts and how they can be applied in practice are explained.
A preliminary version of this paper was published in the proceedings of the second International Workshop on SECurity and Privacy Requirements Engineering (SECPRE, 2018).
The authors would like to thank Felix Freiling for his comments and suggestions on previous versions of this article and Zinaida Benenson for her collaboration on the previous version of this work published at SECPRE 2018 (Abdullah et al. (2018)). The authors would also like to thank Nico Döttling, Johannes Götzfried, Tilo Müller and Hubert Jäger for useful comments and discussions.
This research was supported by the “Privacy&Us” Innovative Training Network (EU H2020 MSCA ITN, grant agreement No.675730).
Abdullah, L. and Quintero, J. (2019), "Sealed computation: a mechanism to support privacy-aware trustworthy cloud service", Information and Computer Security, Vol. 27 No. 5, pp. 601-620. https://doi.org/10.1108/ICS-11-2018-0133Download as .RIS
Emerald Publishing Limited
Copyright © 2019, Emerald Publishing Limited