TUM Logo

Assessing Privacy in Cloud Services

Assessing Privacy in Cloud Services

Supervisor(s): Immanuel Kunz
Status: open
Topic: Others
Type of Thesis: Masterthesis Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Lehrstuhl für Sicherheit in der Informatik Prof. Dr. Claudia Eckert

In cooperation with Fraunhofer AISEC

BA/MA:
Assessing Privacy in Cloud Services

Motivation and Topic

Cloud backends are often used for hosting data-collecting services, such as backends of mobile apps. Operating such a service in a dynamic environment, like the cloud, entails keeping track of personal data that is collected and continuously assessing privacy and security risks.

A thesis in this subject area may deal with one or more of the following research questions:

  • One interesting question is how to conduct privacy impact assessments in the cloud and how to perform them continuously and (semi-)automatically. To that end, existing risk assessment approaches may be adapted to the cloud and to privacy threats, e.g. de-anonymization and linkability.

  • A further research question can be how to trace privacy and security requirements that have been identified at design-time during deployment and operations. This may,e.g., be achieved by statically analyzing Infrastructure-as-Code templates or by monitoring cloud systems at runtime.

  • Finally, over the whole lifecycle of a cloud service, privacy needs to be measured somehow, i.e. the question of how to quantify privacy. This involves, for instance, mesuring several privacy aspects like indistinguishability, attack success proababilities, differential privacy and others, and applying them appropriately to data flows and data sets.

    A thesis in this subject area should have a methodological contribution as well as a supporting prototype implementation.

    Requirements

    Basic programming skills
    A preliminary understanding of abstract interpretation or the motivation to get into the topic

    An interest in transferring challenging theories into practical applications
    Ability to work self-directed and systematically

    Contact

    Fraunhofer Institute for Applied and Integrated Security (AISEC) Immanuel Kunz
    E-Mail: immanuel.Kunz@aisec.fraunhofer.de
    Phone: +49 89 322-9986-179