检查基于云的服务的GDPR合规性

2021 IEEE World Congress on Services (SERVICES) Pub Date : 2021-09-01 DOI:10.1109/services51467.2021.00013

M. Barati, Omer F. Rana

{"title":"检查基于云的服务的GDPR合规性","authors":"M. Barati, Omer F. Rana","doi":"10.1109/services51467.2021.00013","DOIUrl":null,"url":null,"abstract":"Accessing a cloud-hosted service may involve executing a number of sub-services which are unknown to the user. A user is only aware of the service they directly invoke, not the sub-services which may be hosted across other cloud providers (including advertising and data processing services). Each service in this chain may collect and process personal user data via read, write and transfer operations. The European General Data Protection Regulation (GDPR) enforces cloud providers to receive explicit consent from their users prior to executing any such operations. We present a Blockchain-based architecture that supports GDPR compliance verification (especially in the context of such a service chain) for enhancing the data privacy of cloud users. The architecture supports a factory of smart contracts, including user consent , GDPR compliance , container and verification , each of which is activated by an actor within a cloud environment. Figure 1 illustrates the interactions between the different components that make up our system – classified into three different phases:","PeriodicalId":210534,"journal":{"name":"2021 IEEE World Congress on Services (SERVICES)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Checking GDPR Compliance for Cloud-based Services\",\"authors\":\"M. Barati, Omer F. Rana\",\"doi\":\"10.1109/services51467.2021.00013\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Accessing a cloud-hosted service may involve executing a number of sub-services which are unknown to the user. A user is only aware of the service they directly invoke, not the sub-services which may be hosted across other cloud providers (including advertising and data processing services). Each service in this chain may collect and process personal user data via read, write and transfer operations. The European General Data Protection Regulation (GDPR) enforces cloud providers to receive explicit consent from their users prior to executing any such operations. We present a Blockchain-based architecture that supports GDPR compliance verification (especially in the context of such a service chain) for enhancing the data privacy of cloud users. The architecture supports a factory of smart contracts, including user consent , GDPR compliance , container and verification , each of which is activated by an actor within a cloud environment. Figure 1 illustrates the interactions between the different components that make up our system – classified into three different phases:\",\"PeriodicalId\":210534,\"journal\":{\"name\":\"2021 IEEE World Congress on Services (SERVICES)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE World Congress on Services (SERVICES)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/services51467.2021.00013\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE World Congress on Services (SERVICES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/services51467.2021.00013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

访问云托管服务可能涉及执行许多用户不知道的子服务。用户只知道他们直接调用的服务，而不知道可能跨其他云提供商托管的子服务(包括广告和数据处理服务)。这条链上的每一项服务都可能通过读、写和传输操作来收集和处理用户个人数据。欧洲通用数据保护条例(GDPR)强制要求云提供商在执行任何此类操作之前获得用户的明确同意。我们提出了一个基于区块链的架构，支持GDPR合规性验证(特别是在这样一个服务链的背景下)，以增强云用户的数据隐私。该架构支持智能合约工厂，包括用户同意、GDPR合规性、容器和验证，每一个都由云环境中的参与者激活。图1说明了组成我们系统的不同组件之间的交互——分为三个不同的阶段:

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Checking GDPR Compliance for Cloud-based Services

Accessing a cloud-hosted service may involve executing a number of sub-services which are unknown to the user. A user is only aware of the service they directly invoke, not the sub-services which may be hosted across other cloud providers (including advertising and data processing services). Each service in this chain may collect and process personal user data via read, write and transfer operations. The European General Data Protection Regulation (GDPR) enforces cloud providers to receive explicit consent from their users prior to executing any such operations. We present a Blockchain-based architecture that supports GDPR compliance verification (especially in the context of such a service chain) for enhancing the data privacy of cloud users. The architecture supports a factory of smart contracts, including user consent , GDPR compliance , container and verification , each of which is activated by an actor within a cloud environment. Figure 1 illustrates the interactions between the different components that make up our system – classified into three different phases:

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 IEEE World Congress on Services (SERVICES)

自引率

0.00%

发文量

期刊最新文献

An End-to-end Attention Transfer Network for Cross-domain Service Recommendation Multi-view Scenario-based Service Resource Description Modeling and Application Method Message from Congress General Chairs Microservices Monitoring with Event Logs and Black Box Execution Tracing A Decentralized Runtime Environment for Service Collaboration: the Architecture and a Case Study