Automating GDPR Compliance Verification for Cloud-hosted Services

Barati, Masoud; Theodorakopoulos, George; Rana, Omer

doi:10.1109/isncc49221.2020.9297309

Cited by 1 publication

(1 citation statement)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [4], we formally verified a cloud-based order system via Uppaal in accordance with a GDPR obligations under which processing activities violating the obligations were detected at design time. However, the implementation of such verification through practical technologies/ tools (e.g., Blockchain and container) was not discussed.…”

Section: Experimental Setup and Validation Resultsmentioning

confidence: 99%

Privacy-Aware Cloud Auditing for GDPR Compliance Verification in Online Healthcare

Barati

Aujla

Llanos

et al. 2022

IEEE Trans. Ind. Inf.

Self Cite

View full text Add to dashboard Cite

Emerging multi-tenant cloud computing ecosystems allow multiple applications to share virtualised pool of computing and networking resources. As a result such ecosystems are becoming increasingly prone to data privacy concerns (personal data leakages and unauthorised access). While cloud computing providers support robust security and privacy mechanisms (e.g, public key cryptography, firewalls, virtual private networks, among many others), they lack mechanisms and frameworks to monitor, audit and verify these data privacy concerns. The emergence of data protection regulations around the world, such as General Data Protection Regulation (GDPR) in Europe and the Data Protection Act (DPA) in the UK, further emphasise the need to overcome these privacy limitations. A novel technique for monitoring, auditing and verifying the operations carried out on a user's personal data in cloud computing ecosystems is proposed. Our research methodology leverages distributed ledger technologies (e.g., Blockchain, Smart Contracts) for developing an immutable recording technique, which transparently logs, monitors and verifies the operations carried out on user data. Using a healthcare pharmacy scenario and extensive real-world experiments, we validate the feasibility of the proposed technique. The proposed work handles a large pool of requests (> 13K) ensuring minimal latency (≈50-60 ms) and overheads for three different service packages varied with respect to the number of actors and operations).

show abstract

Section: Experimental Setup and Validation Resultsmentioning

confidence: 99%