Assessing Privacy in Cloud Services - Measurements and Approaches

Nowadays, data is collected, stored and disseminated to a tremendous extent. Due to their

flexibility, especially cloud services increasingly process this data, which originates from both

corporate and private users. As this data can contain sensitive and personal information, the role

of privacy has become a common concern. The various privacy dimensions, however, are difficult

to measure. This uncertainty has contributed to the lack of a common norm for privacy evaluation,

which has resulted in the introduction of a diverse landscape of privacy metrics over time. These

privacy metrics need to be accumulated and carefully categorized to enable effective privacy assessments

in a universal way.

In this thesis, we first collect and present an overview of existing metrics from various sources which

have contributed to the topic of privacy quantification. At the same time, we analyze the approaches

taken to measure privacy in general and in the cloud in particular, attributing the metrics to said approaches.

In addition, we discuss which privacy goal each metrics fulfills. Then, we identify gaps in the proposed taxonomy

and suggest new metrics in the context of access control to fill these gaps. Lastly, we demonstrate the effectivity

of our newly proposed privacy metrics with a sample use case and evaluate our contributions. With this holistic

approach, we aim to set the groundwork for a privacy metric collection used by service providers and users, unifying

and extending the landscape of privacy measurements, as well as supporting an informed metric selection.