Addressing the Terms-of-Service Threat - Client-side Security and Policy Control for Free File Storage Services

Geir M. Køien, Vladimir A. Oleshchuk

2013

Abstract

In this paper we describe and identify the so-called terms-of-service (ToS) threat. This threat is concerned with asymmetry in the power between a service producer (SP) and the service consumer (SC) and is expressed in ToS which allows the SC to change the ToS at will. Our context is the free file synchronization services, and we will analyze the relationships between the service producer and the service consumer. There are pronounced control asymmetries and potential conflicts of interest between the parties, including user privacy and content ownership control. Our proposal for addressing these problems hinges on a two pronged approach, including defining a service policy manager surveillance tool and a client side presentation manager to enforce local security and privacy policies. Our Umbrella Architecture is still very much work in progress, but we are optimistic about usefulness the approach.

References

1. Bernsmed, K., Jaatun, M., Meland, P., and Undheim, A. (2011). Security slas for federated cloud services. In Availability, Reliability and Security (ARES), 2011 Sixth International Conference on, pages 202-209.
2. Binmore, K. (2007). Playing for real: a text on game theory. Oxford University Press, USA.
3. Bowers, K. D., Juels, A., and Oprea, A. (2009). Hail: a high-availability and integrity layer for cloud storage. In Proceedings of the 16th ACM conference on Computer and communications security, CCS 7809, pages 187-198, New York, NY, USA. ACM.
4. Braman, S. and Roberts, S. (2003). Advantage isp: Terms of service as media law. New media & society, 5(3):422- 448.
5. Burgess, H. and Burgess, G. M. (1997). Encyclopedia of conflict resolution. Abc-Clio Santa Bárbaraˆ eCalifornia California.
6. Camerer, C. F. (2011). Behavioral game theory: Experiments in strategic interaction. Princeton University Press.
7. Dhingra, M., Lakshmi, J., and Nandy, S. K. (2012). Resource usage monitoring in clouds. In Grid Computing (GRID), 2012 ACM/IEEE 13th International Conference on, pages 184-191.
8. Emeakaroha, V., Ferreto, T., Netto, M., Brandic, I., and De Rose, C. (July). Casvid: Application level monitoring for sla violation detection in clouds. In Computer Software and Applications Conference (COMPSAC), 2012 IEEE 36th Annual, pages 499-508.
9. Grandison, T. and Sloman, M. (2000). A survey of trust in internet applications. Communications Surveys & Tutorials, IEEE, 3(4):2-16.
10. HP (2010). HP ProtectTools Security Software; technical white paper.
11. ISO/IEC 7498-1 (1994). Information technology - Open Systems Interconnection - Basic Reference Model: The Basic Model. In ISO/IEC 7498-1:1994. ISO, Geneva, Switzerland.
12. ISO/IEC 9576-1 (1995). Information technology - Open Systems Interconnection - Connectionless Presentation protocol: Protocol specification. In ISO/IEC 7498-1:1994. ISO, Geneva, Switzerland.
13. Jøsang, A. (2010). Subjective logic. CA: University of Oslo.
14. Jøsang, A., Ismail, R., and Boyd, C. (2007). A survey of trust and reputation systems for online service provision. Decision Support Systems, 43(2):618-644.
15. Juels, A. and Oprea, A. (2013). New approaches to security and availability for cloud data. Commun. ACM, 56(2):64-73.
16. Køien, G. M. (2011). Reflections on trust in devices: An informal survey of human trust in an internet-of-things context. Wireless Personal Communications, 61:495- 510.
17. Meng, S. and Liu, L. (2012). Enhanced monitoring-as-aservice for effective cloud management.
18. Oleshchuk, V. A. and Køien, G. M. (2011). Security and privacy in the cloud a long-term view. In Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), 2011 2nd International Conference on, pages 1-5. IEEE.
19. Pelechrinis, K., Zadorozhny, V., and Oleshchuk, V. (2011). Automatic evaluation of information provider reliability and expertise. SIS-2011-04-TELE-001-Technical report.
20. Rajbhandari, L. and Snekkenes, E. (2012). Intended actions: Risk is conflicting incentives. In Gollmann, D. and Freiling, F., editors, Information Security, volume 7483 of Lecture Notes in Computer Science, pages 370-386. Springer Berlin Heidelberg.
21. Schneier, B. (2013). Terms of service as a security threat.
22. Subashini, S. and Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1):1 - 11.
23. Thomson, I. (2012). Instagram back-pedals in face of user outrage.
24. Zhao, G., Rong, C., Jaatun, M., and Sandnes, F.-E. (2010). Deployment models: Towards eliminating security concerns from cloud computing. In High Performance Computing and Simulation (HPCS), 2010 International Conference on, pages 189-195.

Paper Citation

in Harvard Style

M. Køien G. and A. Oleshchuk V. (2013). Addressing the Terms-of-Service Threat - Client-side Security and Policy Control for Free File Storage Services . In Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CloudSecGov, (CLOSER 2013) ISBN 978-989-8565-52-5, pages 562-569. DOI: 10.5220/0004520205620569

in Bibtex Style

@conference{cloudsecgov13,
author={Geir M. Køien and Vladimir A. Oleshchuk},
title={Addressing the Terms-of-Service Threat - Client-side Security and Policy Control for Free File Storage Services},
booktitle={Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CloudSecGov, (CLOSER 2013)},
year={2013},
pages={562-569},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004520205620569},
isbn={978-989-8565-52-5},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CloudSecGov, (CLOSER 2013)
TI - Addressing the Terms-of-Service Threat - Client-side Security and Policy Control for Free File Storage Services
SN - 978-989-8565-52-5
AU - M. Køien G.
AU - A. Oleshchuk V.
PY - 2013
SP - 562
EP - 569
DO - 10.5220/0004520205620569