A Blog dedicated to exploring privacy and technology

Research Papers & Presentations

Peer Reviewed

Cloud Provider Transparency – An Emprirical Evaluation Authors: Wayne Pauley. Date: August 2010. Pre-release IEEE Security & Privacy Magazine, Special Issue on Cloud Computing Scheduled for Publication November, 2010.


Cloud computing is quickly becoming the next wave of technological evolution as a new approach to providing IT capabilities needed by business. Driving interest and investment in cloud computing is the revolutionary change to the economic model. Cloud computing also promises to allow IT to respond more quickly to the needs of the business. Key tenets of cloud computing include being on-demand and self-service. This shift to the way that a business engages IT services creates new challenges including regulating how internal business units purchase cloud services. How does a business assess cloud providers services for security, privacy, and service levels? The purpose of this study is to develop an instrument for evaluating a cloud provider’s transparency of security, privacy, and service level competencies via its self-service web portals and web publications, and then to empirically evaluate cloud service providers to measure how transparent by using the instrument.

Towards Risk Assessment as a Service in Cloud Environments Authors: Burton S. Kaliski, Jr. & Wayne Pauley. Date: March, 2010. Conference position paper at Usenix HotCloud 2010. Accepted May 7, 2010.

Presentation: Toward_Risk_Assessment_as_a_Service_d6


Cloud computing provides a revolutionary model for the deployment of enterprise applications and Web services alike. In this new model, cloud users save on the cost of purchasing and managing base infrastructure, while the cloud providers save on the cost of maintaining underutilized CPU, memory, and network resources. In migrating to this new model, users face a variety of issues. Commercial clouds provide several support models to aid users in resolving the reported issues. This paper arises from our quest to understand how to design IaaS support models for more efficient user troubleshooting. Using a data driven approach, we start our exploration into this issue with an investigation into the problems encountered by users and the methods utilized by the cloud support’s staff to resolve these problems. We examine message threads appearing in the forum of a large IaaS provider over a 3 year period. We argue that the lessons derived from this study point to a set of principles that future IaaS offerings can implement to provide users with a more efficient support model. This data driven approach enables us to propose a set of principles that are pertinent to the experiences of users and that we believe could vastly improve the SLA observed by the users.

Speaking Engagements and Conference Presentations

Mass Business Education Association – 2011 Annual Conference (–office_2003.doc)  – Cloudy in Education – MBEA

Privacy Assessments and Cloud – UMass Lowell ColloquiumPrivacy, Assessments, and Cloud – UMass Lowell 11032010

IAPP 2010 Privacy Academy – IAPP Cloud Security and Privacy Workshop

Parental Privacy Controls – University of New Hampshire SeminarParental_Privacy_Controls

EMC World 2011 Presentation on Cloud Architect – EMC Virtual Data Center and Cloud Arhitect for EMCWorld

%d bloggers like this: