Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Privacy-aware cloud auditing for GDPR compliance verification in online healthcare

Barati, Masoud, Aujla, Gagangeet Singh, Llanos, Jose Tomas, Duodu, Kwabena Adu, Rana, Omer F. ORCID:, Carr, Madeline and Rajan, Rajiv 2022. Privacy-aware cloud auditing for GDPR compliance verification in online healthcare. IEEE Transactions on Industrial Informatics 18 (7) , pp. 4808-4819. 10.1109/TII.2021.3100152

[thumbnail of PACE_IEEE_TII_revision2.pdf] PDF - Accepted Post-Print Version
Download (1MB)


Emerging multi-tenant cloud computing ecosystems allow multiple applications to share virtualised pool of computing and networking resources. As a result such ecosystems are becoming increasingly prone to data privacy concerns (personal data leakages and unauthorised access). While cloud computing providers support robust security and privacy mechanisms (e.g, public key cryptography, firewalls, virtual private networks, among many others), they lack mechanisms and frameworks to monitor, audit and verify these data privacy concerns. The emergence of data protection regulations around the world, such as General Data Protection Regulation (GDPR) in Europe and the Data Protection Act (DPA) in the UK, further emphasise the need to overcome these privacy limitations. A novel technique for monitoring, auditing and verifying the operations carried out on a users personal data in cloud computing ecosystems is proposed. Our research methodology leverages distributed ledger technologies (e.g., Blockchain, Smart Contracts) for developing an immutable recording technique, which transparently logs, monitors and verifies the operations carried out on user data. Using a healthcare pharmacy scenario and extensive real-world experiments, we validate the feasibility of the proposed technique. The proposed work handles a large pool of requests (> 13K) ensuring minimal latency (approx. 50-60 ms) and overheads for three different service packages varied with respect to the number of actors and operations).

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Publisher: Institute of Electrical and Electronics Engineers
ISSN: 1551-3203
Funders: EPSRC
Date of First Compliant Deposit: 28 July 2021
Date of Acceptance: 27 July 2021
Last Modified: 09 Nov 2022 20:11

Citation Data

Cited 4 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item


Downloads per month over past year

View more statistics