Compliance Checking of Cloud Providers: Design and Implementation-Reference-Cited by-同舟云学术

Compliance Checking of Cloud Providers: Design and Implementation

Published:2023-06-08 Issue:2 Volume:2 Page:1-20
ISSN:2769-6472
Container-title:Distributed Ledger Technologies: Research and Practice
language:en
Short-container-title:Distrib. Ledger Technol.

Author:

Barati Masoud¹^ORCID,Adu-Duodu Kwabena²^ORCID,Rana Omer³^ORCID,Aujla Gagangeet Singh⁴^ORCID,Ranjan Rajiv²^ORCID

Affiliation:

1. Carleton University, Canada

2. Newcastle University, UK

3. Cardiff University, UK

4. Durham University, UK

Abstract

The recognition of capabilities supplied by cloud systems is presently growing. Collecting or sharing healthcare data and sensitive information especially during the Covid-19 pandemic has motivated organizations and enterprises to leverage the upsides coming from cloud-based applications. However, the privacy of electronic data in such applications remains a significant challenge for cloud vendors to adapt their solutions with existing privacy legislation standards such as general data protection regulation (GDPR). This article first proposes a formal model and verification for data usage requests of providers in a cloud composite service using a model checking tool. A cloud pharmacy scenario is presented to illustrate the connectivity of providers in the composite service and the stream of their requests for both collection and movement of patient data. A set of verifications is then undertaken over the pharmacy service in accordance with three significant GDPR obligations, namely user consent, data access, and data transfer. Following that, the article designs and implements a cloud container virtualization based on the verified formal model realizing GDPR requirements. The container makes use of some enforcement smart contracts to only proceed with the providers’ requests that are compliant with GDPR. Finally, several experiments are provided to investigate the performance of our approach in terms of time, memory, and cost.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/3585538

Reference35 articles.

1. Cloud robotics law and regulation

2. A. Nuno , L. Balby , F. Figueiredo , N. Lourenco , W. Meira , and W. Santos . 2018. Fairness and transparency of machine learning for trustworthy cloud services . In 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W’18) . 188–193. A. Nuno, L. Balby, F. Figueiredo, N. Lourenco, W. Meira, and W. Santos. 2018. Fairness and transparency of machine learning for trustworthy cloud services. In 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W’18). 188–193.

3. L. Elluri and K. P. Joshi . 2018. A knowledge representation of cloud data controls for EU GDPR compliance . In IEEE World Congress on Services (SERVICES’18) . 45–46. L. Elluri and K. P. Joshi. 2018. A knowledge representation of cloud data controls for EU GDPR compliance. In IEEE World Congress on Services (SERVICES’18). 45–46.

4. M. Virvou and E. Mougiakou . 2017. Based on GDPR privacy in UML: Case of e-learning program . In Proc. of the 8th International Conference on Information, Intelligence, Systems & Applications. M. Virvou and E. Mougiakou. 2017. Based on GDPR privacy in UML: Case of e-learning program. In Proc. of the 8th International Conference on Information, Intelligence, Systems & Applications.

5. R. Ducato . 2016 . Cloud computing for s-health and the data protection challenge: Getting ready for the General Data Protection Regulation . In IEEE International Smart Cities Conference (ISC2’16) . 1–4. R. Ducato. 2016. Cloud computing for s-health and the data protection challenge: Getting ready for the General Data Protection Regulation. In IEEE International Smart Cities Conference (ISC2’16). 1–4.