Nowadays, data sharing through Cloud platforms is widespread among the Internet users, think for example to services such as Dropbox and Google Drive, and it is also facilitated by the availability of such sharing tools on mobile devices .
However, in some scenarios, in particular when organizations are involved (e.g., companies or public bodies), this data sharing must be regulated by real digital contracts, called Data Sharing Agreements (DSA), which must be paired with data.
The researchers of the Trustworthy and Secure Future Internet group have been studying for several years the security and privacy problems resulting from the adoption of Cloud services for virtual computing infrastructure provision and for data storage and sharing.
In particular, the group is the scientific coordinator of the European project CoCo Cloud, which aims to design and develop a framework that allows writing, comprehension, analysis, management, application and dissolution of the data sharing arrangements, from high level descriptions (close to natural language) to data usage control policies directly applicable from the system to the data.
Coco Cloud also addresses key challenges for legally compliant data sharing in the cloud. By taking a "compliance by design" approach, the project places an early emphasis on understanding and incorporating legal and regulatory requirements into the data sharing agreements.
Finally, CoCo Cloud will provide the most appropriate mechanisms to enforce data usage policies according to the underneath infrastructure and to the context, focusing on mobile devices.
References:
[1] A. Lazouski, F. Martinelli, P. Mori, A. Saracino: Stateful Usage Control for Android Mobile Devices. In Proceedings of the 10th International Workshop on Security and Trust Management (STM 2014), in conjunction with ESORICS 2014, Lecture Notes in Computer Science 8473, Springer (2014), 97-112
[2] A. Lazouski, G. Mancini F. Martinelli, P. Mori: Architecture, Workflows, and Prototype for Stateful Data Usage Control in Cloud. In Proceedings of the 5th International Workshop on Data Usage Management (IEESP-DUMA14) , An IEEE CS Security & Privacy Workshop (SPW 2014), co-located with the IEEE Symposium on Security and Privacy (SP), IEEE Computer Society (2014), 23-30
[3] M. Casassa-Mont, I. Matteucci, M. Petrocchi, M. L. Sbodio: Towards safer information sharing in the cloud. Journal of Information Security, Springer Berlin Heidelberg, (2014), to appear
Focus