Abstract
Companies are taking more and more advantage of cloud architectures for their IT systems. By combining private and public cloud resources, it is possible to facilitate data submissions by customers and processing with third parties, among other advantages. But this represents also a potential threat to personal data’s privacy and confidentiality. Even if legal obligations regulate the usage of personal data, for example requiring to disclose them in anonymised form, users do not have any visibility or control on data disclosure operations, nor on anonmymisation policies used by companies. To this extent, we propose a solution to establish and enforce data-centric security policies, in order to enable secure and compliant data processing operations. Our proposal is particularly fit for cloud architectures as it supports multiple actors with different roles, responsibilities and obligations. We also present a use case to demonstrate the peculiarities of our proposition.
Author supplied keywords
Cite
CITATION STYLE
Di Cerbo, F., & Trabelsi, S. (2014). Re-identification risk based security controls. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. LNCS 8842, pp. 99–107). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-662-45550-0_14
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
