Towards Tracking Data Flows in Cloud Architectures
Immanuel Kunz, Valentina Casola, Angelika Schneider, Christian Banse, and Julian Sch\"utte
TL;DR
This paper highlights the lack of comprehensive data flow tracking in current cloud architectures, demonstrating deficits through experiments and proposing a generic architecture with a Kubernetes prototype to address this gap.
Contribution
It introduces a novel architecture for cloud-wide data flow tracking and provides a prototype implementation in Kubernetes, addressing current limitations.
Findings
Current cloud providers lack holistic data flow tracking.
Experiments reveal gaps in data traceability and policy enforcement.
Proposed architecture enables effective data flow monitoring in cloud environments.
Abstract
As cloud services become central in an increasing number of applications, they process and store more personal and business-critical data. At the same time, privacy and compliance regulations such as GDPR, the EU ePrivacy regulation, PCI, and the upcoming EU Cybersecurity Act raise the bar for secure processing and traceability of critical data. Especially the demand to provide information about existing data records of an individual and the ability to delete them on demand is central in privacy regulations. Common to these requirements is that cloud providers must be able to track data as it flows across the different services to ensure that it never moves outside of the legitimate realm, and it is known at all times where a specific copy of a record that belongs to a specific individual or business process is located. However, current cloud architectures do neither provide the means…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.