We use cookies to ensure that we give you the best experience on our website. By continuing to browse this repository, you give consent for essential cookies to be used. You can read more about our Privacy and Cookie Policy.

Durham Research Online
You are in:

Privacy-Aware Cloud Auditing for GDPR Compliance Verification in Online Healthcare

Barati, Masoud and Aujla, Gagangeet Singh and Llanos, Jose Tomas and Duodu, Kwabena Adu and Rana, Omer F. and Carr, Madeline and Rajan, Rajiv (2022) 'Privacy-Aware Cloud Auditing for GDPR Compliance Verification in Online Healthcare.', IEEE Transactions on Industrial Informatics, 18 (7). pp. 4808-4819.


Emerging multi-tenant cloud computing ecosystems allow multiple applications to share virtualised pool of computing and networking resources. As a result such ecosystems are becoming increasingly prone to data privacy concerns (personal data leakages and unauthorised access). While cloud computing providers support robust security and privacy mechanisms (e.g, public key cryptography, firewalls, virtual private networks, among many others), they lack mechanisms and frameworks to monitor, audit and verify these data privacy concerns. The emergence of data protection regulations around the world, such as General Data Protection Regulation (GDPR) in Europe and the Data Protection Act (DPA) in the UK, further emphasise the need to overcome these privacy limitations. A novel technique for monitoring, auditing and verifying the operations carried out on a users personal data in cloud computing ecosystems is proposed. Our research methodology leverages distributed ledger technologies (e.g., Blockchain, Smart Contracts) for developing an immutable recording technique, which transparently logs, monitors and verifies the operations carried out on user data. Using a healthcare pharmacy scenario and extensive real-world experiments, we validate the feasibility of the proposed technique. The proposed work handles a large pool of requests (> 13K) ensuring minimal latency (approx. 50-60 ms) and overheads for three different service packages varied with respect to the number of actors and operations).

Item Type:Article
Full text:(AM) Accepted Manuscript
Download PDF
Publisher Web site:
Publisher statement:© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Date accepted:27 July 2021
Date deposited:10 September 2021
Date of first online publication:27 July 2021
Date first made open access:10 September 2021

Save or Share this output

Look up in GoogleScholar