IIT Home Page CNR Home Page

Towards Safer Information Sharing in the Cloud

Web interactions usually require the exchange of personal and confidential information for a variety of purposes, including enabling business transactions and the provisioning of services. A key issue affecting these interactions is the lack of trust and control on how data is going to be used and processed by the entities that receive it. In the traditional world, this problem is addressed by using contractual agreements, those are signed by the involved parties, and law enforcement. This could be done electronically as well but, in ad- dition to the trust issue, there is currently a major gap between the definition of legal contracts regulat- ing the sharing of data, and the software infrastructure required to support and enforce them. How to enable organisations to provide more automation in this pro- cess? How to ensure that legal contracts can be actually enforced by the underlying IT infrastructure? How to enable end-users to express their preferences and con- straints within these contracts? This article describes our R&D work to make progress towards addressing this gap via the usage of electronic Data Sharing Agree- ments (e-DSA). The aim is to share our vision, discuss the involved challenges and stimulate further research and development in this space. We specifically focus on a cloud scenario because it provides a rich set of use cases involving interactions and information shar- ing among multiple stakeholders, including users and service providers. 

 


International Journal of Information Security, 2015

External authors: Marco Casassa-Mont (HP Labs Bristol), Marco Luca Sbodio (IBM Dublin)
IIT authors:

Type: Article in ISI Journal
Field of reference: Information Technology and Communication Systems
Available online: http://link.springer.com/article/10.1007/s10207-014-0258-5 Da pagina 319 a pagina 334

Activity: Architetture, protocolli e meccanismi di sicurezza per sistemi e servizi distribuiti
Sicurezza nel Cloud Computing
Aspetti legali in sicurezza e riservatezza