Compliance Checking of Cloud Providers: Design and Implementation
Authors: 
Masoud Barati, Kwabena Adu-Duodu, Omer Rana, Gagangeet Singh Aujla, Rajiv RanjanAuthors Info & Claims
Masoud Barati, Kwabena Adu-Duodu, Omer Rana, Gagangeet Singh Aujla, Rajiv RanjanAuthors Info & ClaimsArticle No.: 13, Pages 1 - 20
Abstract
The recognition of capabilities supplied by cloud systems is presently growing. Collecting or sharing healthcare data and sensitive information especially during the Covid-19 pandemic has motivated organizations and enterprises to leverage the upsides coming from cloud-based applications. However, the privacy of electronic data in such applications remains a significant challenge for cloud vendors to adapt their solutions with existing privacy legislation standards such as general data protection regulation (GDPR). This article first proposes a formal model and verification for data usage requests of providers in a cloud composite service using a model checking tool. A cloud pharmacy scenario is presented to illustrate the connectivity of providers in the composite service and the stream of their requests for both collection and movement of patient data. A set of verifications is then undertaken over the pharmacy service in accordance with three significant GDPR obligations, namely user consent, data access, and data transfer. Following that, the article designs and implements a cloud container virtualization based on the verified formal model realizing GDPR requirements. The container makes use of some enforcement smart contracts to only proceed with the providers’ requests that are compliant with GDPR. Finally, several experiments are provided to investigate the performance of our approach in terms of time, memory, and cost.
References
[1]
E. Fosch-Villaronga and C. Millard. 2019. Cloud robotics law and regulation: Challenges in the governance of complex and dynamic cyber–physical ecosystems. Robotics and Autonomous Systems 119 (2019), 77–91.
[2]
A. Nuno, L. Balby, F. Figueiredo, N. Lourenco, W. Meira, and W. Santos. 2018. Fairness and transparency of machine learning for trustworthy cloud services. In 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W’18). 188–193.
[3]
L. Elluri and K. P. Joshi. 2018. A knowledge representation of cloud data controls for EU GDPR compliance. In IEEE World Congress on Services (SERVICES’18). 45–46.
[4]
M. Virvou and E. Mougiakou. 2017. Based on GDPR privacy in UML: Case of e-learning program. In Proc. of the 8th International Conference on Information, Intelligence, Systems & Applications.
[5]
R. Ducato. 2016. Cloud computing for s-health and the data protection challenge: Getting ready for the General Data Protection Regulation. In IEEE International Smart Cities Conference (ISC2’16). 1–4.
[6]
B. Russo, L. Valle, G. Bonzagni, D. Locatello, M. Pancaldi, and D. Tosi. 2018. Cloud computing and the new EU general data protection regulation. IEEE Cloud Computing 5, 6 (2018), 58–68.
[7]
M. Barati, O. Rana, G. Theodorakopoulos, and P. Burnap. 2019. Privacy-aware cloud ecosystems and GDPR compliance. In IEEE 7th International Conference on Future Internet of Things and Cloud. 117–124.
[8]
M. Barati and O. Rana. 2020. Privacy–aware Cloud Ecosystems: Architecture and Performance, Concurrency and Computation: Practice and Experience. DOI:
[9]
K. Tom, J. Lambrecht, and C. Horn. 2018. A privacy-aware distributed software architecture for automation services in compliance with GDPR. In IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA’18). 1067–1070.
[10]
C. Shirley and J. Jensen. Towards a secure and gdpr-compliant fog-to-cloud platform. In IEEE/ACM International Conference on Utility and Cloud Computing Companion (UCC Companion’18). 296–301.
[11]
W. Zhou, A. B. Williams, and D. Perouli. 2019. Dependable public ledger for policy compliance, a Blockchain based approach. In 39th International Conference on Distributed Computing Systems (ICDCS’19). 1891–1900.
[12]
M. Abhishek and K. P. Joshi. 2020. Automating GDPR compliance using policy integrated blockchain. In IEEE 6th International Conference on Big Data Security on Cloud (BigDataSecurity’20), IEEE International Conference on High Performance and Smart Computing (HPSC’20), and IEEE International Conference on Intelligent Data and Security (IDS’20). 86–93.
[13]
G. S. Aujla, M. Barati, O. Rana, S. Dustdar, A. Noor, J. T. Llanos, M. Carr, and R. Ranjan. 2020. COM-PACE: Compliance-aware cloud application engineering using blockchain. IEEE Internet Computing 24, 5 (2020), 45–53.
[14]
L. Campanile, M. Iacono, F. Marulli, and M. Mastroianni. 2021. Designing a GDPR compliant blockchain-based IoV distributed information tracking system. Information Processing and Management 58 (2021), 102511.
[15]
N. B. Truong, K. Sun, G. M. Lee, and Y. Guo. 2020. GDPR-compliant personal data management: A Blockchain-based solution. IEEE Trans. on Information Forensics & Security 15 (2020), 1746–1761.
[16]
M. Barati, G. Theodorakopoulos, and O. Rana. 2020. Automating GDPR compliance verification for cloud-hosted services. In IEEE International Symposium on Networks, Computers and Communications.
[17]
M. Barati and O. Rana. 2021. Design and verification of privacy patterns for business process models. In Blockchain Technology and Innovations in Business Processes, S. Patnaik et al. (Eds.). Springer.
[18]
M. H. Onik, C.-S. Kim, N.-Y. Lee, and J. Yang. 2019. Privacy-aware blockchain for personal data sharing and tracking. Open Computer Science 9 (2019), 80–91.
[19]
S. Murthy, A. Abu Bakar, F. Abdul Rahim, and R. Ramli. 2019. A comparative study of data anonymization techniques. In Proc. of the 5th IEEE International Conference on Big Data Security on Cloud (BigDataSecurity’19), High Performance and Smart Computing (HPSC’19), and Intelligent Data and Security (IDS’19). 306–309.
[20]
X. Wang, J. He, P. Cheng, and J. Chen. 2019. Privacy preserving collaborative computing: Heterogeneous privacy guarantee and efficient incentive mechanism. IEEE Transactions on Signal Processing 67 (2019), 221–233.
[21]
E. Gaetani, L. Aniello, R. Baldoni, F. Lombardi, A. Margheri, and V. Sassone. 2017. Blockchain-based database to ensure data integrity in cloud computing environments. In Proc. of the 1st Italian Conference on Cybersecurity. 146–155.
[22]
N. Al-Zaben, M. M. H. Onik, J. Yang, N.-Y. Lee, and C.-S. Kim. 2018. General data protection regulation complied Blockchain architecture for personally identifiable information management. In Proc. of the International Conference on Computing, Electronics & Communications Engineering. 77–82.
[23]
Y. Zhang, S. Wu, B. Jin, and J. Du. 2017. A blockchain-based process provenance for cloud forensics. In Proc. of the 3rd IEEE International Conference on Computer and Communications. 2470–2473.
[24]
Q. Xia, E. B. Sifah, K. O. Asamoah, J. Gao, X. Du, and M. Guizani. 2017. MeDShare: Trust-less medical data sharing among cloud service providers via blockchain. IEEE Access 5 (2017), 14757–14767.
[25]
E. Rios, E. Iturbe, X. Larrucea, M. Rak, W. Mallouli, J. Dominiak, V. Muntés, P. Matthews, and L. Gonzalez. 2019. Service level agreement-based GDPR compliance and security assurance in (multi) Cloud-based systems. IET Software 13, 19 (2019), 213–222.
[26]
H. Desai, K. Liu, M. Kantarcioglu, and L. Kagal. 2018. Enforceable Data Sharing Agreements Using Smart Contracts, arXiv:1804.10645v1[cs.CY].
[27]
N. Kumar, G. S. Aujla, S. Garg, K. Kaur, R. Ranjan, and S. K. Garg. Renewable energy-based multi-indexed job classification and container management scheme for sustainability of cloud data centers. IEEE Transactions on Industrial Informatics 15, 5 (2019), 2947–2957.
[28]
M. U. Wasim, A. A. Z. A. Ibrahim, P. Bouvry, and T. Limba. 2017. Law as a service (LaaS): Enabling legal protection over a blockchain network. In Proc. of the 14th International Conference on Smart Cities: Improving Quality of Life Using ICT & IoT (HONET-ICT’17). 110–114.
[29]
M. Barati and O. Rana. 2020. Tracking GDPR compliance in cloud-based service delivery. IEEE Transactions on Services Computing 15 (2020), 1498–1511. DOI:
[30]
G. Behrmann, A. David, and K. G. Larsen. 2004. A tutorial on Uppaal. In Formal Methods for the Design of Real-time Systems, Lecture Notes in Computer Science, M. Bernardo, F. Corradini (Eds.). Springer, Vol. 3826, 200–236.
[31]
M. Corrales, P. Jurcys, and G. Kousiouris. 2018. Smart contracts and smart disclosure: Coding a GDPR compliance framework. SSRN Electronic Journal.
[32]
L. Richardson and S. Ruby. 2007. RESTful Web Services - Web Services for the Real World. O’Reilly Media, Inc.
[33]
Ropsten. 2021. Ropsten Testnet POW Chain. https://github.com/ethereum/ropsten.
[34]
Ganache. 2021. Nethereum Documentation. https://docs.nethereum.com/en/latest/ethereum-and-clients/ganache-cli/.
[35]
OSHI. 2021. Operating System & Hardware Information. https://github.com/oshi/oshi.
Index Terms
- Compliance Checking of Cloud Providers: Design and Implementation
Recommendations
A compliance-based architecture for supporting GDPR accountability in cloud computing
AbstractThe implementation of the General Data Protection Regulation (GDPR) in the cloud posed technical challenges for the design of compliance solutions. In particular, the accountability principle in the GDPR requires cloud providers to demonstrate ...
Highlights- Providing a requirement analysis of handling the accountability principle in cloud.
- Proposing a new practical domain model of the GDPR accountability.
- Designing a modularized architecture to provide accountability for cloud ...
Privacy and anonymization as a service: PASS
DASFAA'10: Proceedings of the 15th international conference on Database Systems for Advanced Applications - Volume Part IIThe Internet and the World Wide Web democratized the means to publish and share corporate and personal data. Many anecdotes occurred over the last decades that well illustrate the danger for privacy and confidentiality. The advent of Cloud computing ...
Information security management system challenges within a cloud computing environment
ICFNDS '18: Proceedings of the 2nd International Conference on Future Networks and Distributed SystemsCloud computing is a significant model offering dynamically scalable and redundant resources, employing the concept of software multi-tenancy, allowing elasticity and cost effectiveness. This paper hopes to explore the robustness of ISO/IEC 27000 family ...
Comments
Information & Contributors
Information
Published In
June 2023
184 pages
EISSN:2769-6480
DOI:10.1145/3603695
- Editors:
- Kim-Kwang Raymond Choo,
- Mohammad Hammoudeh
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 June 2023
Online AM: 27 February 2023
Accepted: 13 February 2023
Revised: 05 November 2022
Received: 22 June 2022
Published in DLT Volume 2, Issue 2
Check for updates
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 339Total Downloads
- Downloads (Last 12 months)191
- Downloads (Last 6 weeks)8
Reflects downloads up to 30 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in