监控云中的个人数据传输

2013 IEEE 5th International Conference on Cloud Computing Technology and Science Pub Date : 2013-12-02 DOI:10.1109/CloudCom.2013.52

Anderson Santana de Oliveira, Jakub Sendor, Alexandr Garaga, Kateline Jenatton

{"title":"监控云中的个人数据传输","authors":"Anderson Santana de Oliveira, Jakub Sendor, Alexandr Garaga, Kateline Jenatton","doi":"10.1109/CloudCom.2013.52","DOIUrl":null,"url":null,"abstract":"Cloud computing brings a number of compliance risks to organisations because physical perimeters are not clearly delimited. Many regulations relate to the location of the data processing (and storage), including the EU Data protection directive. A major problem for cloud service consumers, acting as data controllers, is how to demonstrate compliance to data transfer constraints. We address the lack of tools to support accountable data localization and transfer across cloud software, platform and infrastructure services, usually run by data processors. In this paper we design a framework for automating the collection of evidence that obligations with respect to personal data handling are being carried out in what concerns personal data transfers. We experiment our approach in the Open Stack open source IaaS implementation, showing how auditors can verify whether data transfers were compliant.","PeriodicalId":198053,"journal":{"name":"2013 IEEE 5th International Conference on Cloud Computing Technology and Science","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":"{\"title\":\"Monitoring Personal Data Transfers in the Cloud\",\"authors\":\"Anderson Santana de Oliveira, Jakub Sendor, Alexandr Garaga, Kateline Jenatton\",\"doi\":\"10.1109/CloudCom.2013.52\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud computing brings a number of compliance risks to organisations because physical perimeters are not clearly delimited. Many regulations relate to the location of the data processing (and storage), including the EU Data protection directive. A major problem for cloud service consumers, acting as data controllers, is how to demonstrate compliance to data transfer constraints. We address the lack of tools to support accountable data localization and transfer across cloud software, platform and infrastructure services, usually run by data processors. In this paper we design a framework for automating the collection of evidence that obligations with respect to personal data handling are being carried out in what concerns personal data transfers. We experiment our approach in the Open Stack open source IaaS implementation, showing how auditors can verify whether data transfers were compliant.\",\"PeriodicalId\":198053,\"journal\":{\"name\":\"2013 IEEE 5th International Conference on Cloud Computing Technology and Science\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"17\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IEEE 5th International Conference on Cloud Computing Technology and Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CloudCom.2013.52\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE 5th International Conference on Cloud Computing Technology and Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CloudCom.2013.52","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 17

摘要

云计算给组织带来了许多合规风险，因为物理边界没有明确划定。许多法规与数据处理(和存储)的位置有关，包括欧盟数据保护指令。作为数据控制器的云服务消费者面临的一个主要问题是如何证明对数据传输约束的遵从性。我们解决了缺乏工具来支持负责任的数据本地化和跨云软件、平台和基础设施服务传输的问题，这些通常由数据处理器运行。在本文中，我们设计了一个框架，用于自动收集证据，这些证据表明，在涉及个人数据转移的情况下，正在执行有关个人数据处理的义务。我们在Open Stack开源IaaS实现中试验了我们的方法，展示了审计员如何验证数据传输是否符合要求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Monitoring Personal Data Transfers in the Cloud

Cloud computing brings a number of compliance risks to organisations because physical perimeters are not clearly delimited. Many regulations relate to the location of the data processing (and storage), including the EU Data protection directive. A major problem for cloud service consumers, acting as data controllers, is how to demonstrate compliance to data transfer constraints. We address the lack of tools to support accountable data localization and transfer across cloud software, platform and infrastructure services, usually run by data processors. In this paper we design a framework for automating the collection of evidence that obligations with respect to personal data handling are being carried out in what concerns personal data transfers. We experiment our approach in the Open Stack open source IaaS implementation, showing how auditors can verify whether data transfers were compliant.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 IEEE 5th International Conference on Cloud Computing Technology and Science

自引率

0.00%

发文量