This paper proposes a novel highly decentralized information accountability framework to keep track of the actual usage of the users’ data in the cloud, and proposes an object centred approach that enables enclosing the authors' logging mechanism together with users' data and policies.
Cloud computing provides highly efficient services to be easily accessed or used over the Internet on as needed basis. An important feature of the cloud services is that users’ data are usually processed remotely in unknown machines that users do not own or operate. This convenience brought by this new emerging technology, users’ fears of losing control of their own data (particularly, financial and health data) can become a significant barrier to the wide adoption of cloud services. To address this problem, in this paper, we propose a novel highly decentralized information accountability framework to keep track of the actual usage of the users’ data in the cloud. In particular, we propose an object centred approach that enables enclosing our logging mechanism together with users’ data and policies. We leverage the JAR programmable capabilities to both create a dynamic and travelling object, and to ensure that any access to users’ data will trigger authentication and automated logging local to the JARs. To strengthen user’s control, we also provide distributed auditing mechanisms. We provide extensive experimental studies that demonstrate the efficiency and effectiveness of the proposed approaches. Keywords— Cloud computing, accountability, data sharing.