Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
XML privacy protection model based on cloud storage
Guo L., Wang J., Du H. Computer Standards & Interfaces36 (3):454-464,2014.Type:Article
Date Reviewed: Aug 5 2014

Data security in the cloud remains an active area of research. This paper provides a novel approach to protecting data privacy by leveraging the separation of Extensible Markup Language (XML) document content from its document format. A different document type definition (DTD) is created and encrypted based on a user’s access, purpose, and permissions. By using a trusted third party (TTP) instead of just encrypting portions of a document, the actual format of the document is tailored specifically for varying end uses. The authors state that an XML document without the format (DTD) is unusable, and even having a past valid key won’t help in future malicious access. The TTP manages users describing their privacy purpose and manages individual recipient user constraints. A data cloud module is then responsible for creating and encrypting the content of document leaf nodes, and also the corresponding structure. The paper provides test results that show how the XML document without structure information is stored in the cloud, providing high efficiency in both storage and management time. The paper describes numerous examples of tailored DTD sub-views and the XML formatted structure. As this represents a tree-like structure, they also provide coding examples for efficiently traversing these views.

The authors provide a compelling case for their approach by using the hot topic of electronic medical records (EMRs). Here, the security scheme for patient records must be accessible using the cloud, but it should also be secure and directed to the purpose of use. Appropriate information is provided by pruning the information tree, removing or adding based on the user’s permissions. Thus, a billing client wouldn’t get information about an operation that only the doctor should see.

In all, the paper is interesting. The authors describe an approach with good performance in terms of storage space and execution time, although their approach is only for data querying. They note that future work is needed to address adding and updating information. Addressing privacy concerns through custom documents matching custom formats could help alleviate data privacy concerns.

Reviewer:  Scott Moody Review #: CR142589 (1411-0960)
Bookmark and Share
  Featured Reviewer  
 
Cloud Computing (C.2.4 ... )
 
 
Medical Information Systems (J.3 ... )
 
 
Privacy (K.4.1 ... )
 
 
XML (I.7.2 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Cloud Computing": Date
Cloud security and privacy: an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009.  336, Type: Book (9780596802769), Reviews: (1 of 3)
Dec 14 2009
Cloud security and privacy: an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009.  336, Type: Book (9780596802769), Reviews: (2 of 3)
Jan 26 2010
Cloud security and privacy: an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009.  336, Type: Book (9780596802769), Reviews: (3 of 3)
Mar 18 2010
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy