当前位置:
X-MOL 学术
›
arXiv.cs.CR
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Towards Tracking Data Flows in Cloud Architectures
arXiv - CS - Cryptography and Security Pub Date : 2020-07-10 , DOI: arxiv-2007.05212 Immanuel Kunz, Valentina Casola, Angelika Schneider, Christian Banse and Julian Sch\"utte
arXiv - CS - Cryptography and Security Pub Date : 2020-07-10 , DOI: arxiv-2007.05212 Immanuel Kunz, Valentina Casola, Angelika Schneider, Christian Banse and Julian Sch\"utte
As cloud services become central in an increasing number of applications,
they process and store more personal and business-critical data. At the same
time, privacy and compliance regulations such as GDPR, the EU ePrivacy
regulation, PCI, and the upcoming EU Cybersecurity Act raise the bar for secure
processing and traceability of critical data. Especially the demand to provide
information about existing data records of an individual and the ability to
delete them on demand is central in privacy regulations. Common to these
requirements is that cloud providers must be able to track data as it flows
across the different services to ensure that it never moves outside of the
legitimate realm, and it is known at all times where a specific copy of a
record that belongs to a specific individual or business process is located.
However, current cloud architectures do neither provide the means to
holistically track data flows across different services nor to enforce policies
on data flows. In this paper, we point out the deficits in the data flow
tracking functionalities of major cloud providers by means of a set of
practical experiments. We then generalize from these experiments introducing a
generic architecture that aims at solving the problem of cloud-wide data flow
tracking and show how it can be built in a Kubernetes-based prototype
implementation.
中文翻译:
跟踪云架构中的数据流
随着云服务成为越来越多应用程序的核心,它们处理和存储更多的个人和业务关键数据。与此同时,隐私和合规性法规(例如 GDPR、欧盟电子隐私法规、PCI 和即将出台的欧盟网络安全法案)提高了关键数据的安全处理和可追溯性。特别是提供有关个人现有数据记录的信息以及按需删除它们的能力是隐私法规的核心。这些要求的共同点是,云提供商必须能够在数据在不同服务之间流动时对其进行跟踪,以确保它永远不会移出合法领域,并且始终知道属于位于特定的个人或业务流程。然而,当前的云架构既不提供全面跟踪跨不同服务的数据流的方法,也不提供对数据流实施策略的方法。在本文中,我们通过一组实际实验指出了主要云提供商在数据流跟踪功能方面的不足。然后,我们从这些实验中进行概括,引入旨在解决云范围数据流跟踪问题的通用架构,并展示如何在基于 Kubernetes 的原型实现中构建它。
更新日期:2020-07-13
中文翻译:
跟踪云架构中的数据流
随着云服务成为越来越多应用程序的核心,它们处理和存储更多的个人和业务关键数据。与此同时,隐私和合规性法规(例如 GDPR、欧盟电子隐私法规、PCI 和即将出台的欧盟网络安全法案)提高了关键数据的安全处理和可追溯性。特别是提供有关个人现有数据记录的信息以及按需删除它们的能力是隐私法规的核心。这些要求的共同点是,云提供商必须能够在数据在不同服务之间流动时对其进行跟踪,以确保它永远不会移出合法领域,并且始终知道属于位于特定的个人或业务流程。然而,当前的云架构既不提供全面跟踪跨不同服务的数据流的方法,也不提供对数据流实施策略的方法。在本文中,我们通过一组实际实验指出了主要云提供商在数据流跟踪功能方面的不足。然后,我们从这些实验中进行概括,引入旨在解决云范围数据流跟踪问题的通用架构,并展示如何在基于 Kubernetes 的原型实现中构建它。