Abstract
SummaryWith an increasing number of cloud providers offering services made use of by both individual users and other providers, there is a realization that service provision now involves an “ecosystem” of providers. Some providers may be directly visible to a user, while others may be contributors to composite services and not directly known to the user—as only the provider offering the composite service is visible. Such services may include: domain specific services (eg, simulation), advertising services, or profiling/analytics services. Understanding the impact on data privacy of a user for such a composite service remains a challenge, and providing transparency (and obtaining user consent for data use) remains a key requirement of the European General Data Protection Regulation (GDPR). An architecture that makes use of blockchains and smart contracts is proposed that addresses this requirement. An implementation of the architecture is used to demonstrate how access control can be managed and audited. The scalability and cost of undertaking access control, as the number of actors (both service providers and “voters”) increases, is also described. The proposed approach can be used to support service aggregation across both private and public clouds.
Highlights
With increasing number of on-line services, often hosted over cloud infrastructure, there is a realization that such services can involve an interlinked set of cloud providers
When detecting violations in general data protection regulation (GDPR) rules identified in the case study, experiments are carried out to show the rate of violation detection under different threshold levels determined by voters
The technique provides a reactive mechanism so that the providers violating GDPR rules are detected—the likelihood of detection increasing as the voters increase in number
Summary
With increasing number of on-line services, often hosted over cloud infrastructure, there is a realization that such services can involve an interlinked set of cloud providers. Access uses the boolean auth_access variable, to identify whether the service supplied by the actor supports encryption of personal data or not; Transfer gets the country name of the provider receiving customer data; Profiling requests the age of the customer whose personal data are under an automated profiling operation (eg, obtaining some statistical results on customer data) This smart contract is deployed by predefined voters to verify GDPR rules on actors. These operations are used to support data processing (on personal user data) by service providers and their execution can be directly monitored and verified This smart contract is deployed by the agreement builder and collects the votes returned by voters in order to check whether a violation is committed by actors or not. Given Definition 2, if at least m voters report a violation, the actor is reported
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Concurrency and Computation: Practice and Experience
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
