Nick Wainwright

An interdisciplinary approach to accountability for future internet service provision

Accountability is an important but complex notion that encompasses the obligation to act as a responsible steward of the personal information of others, to take responsibility for the protection and appropriate use of that information beyond mere legal requirements and to provide remediation. This notion is increasingly seen as key in easing business constraints in global environments and in helping overcome barriers to cloud service adoption. However, the relative complexity of the service provision chain makes it very challenging both legally and technically to provide accountability for the cloud. We propose a co-designed approach that encompasses legal and regulatory mechanisms and a range of technological enhancements that can provide the necessary basis for trust.

Bringing Accountability to the Cloud: Addressing Emerging Threats and Legal Perspectives

This paper is concerned with accountability in cloud ecosystems. The separation between data and data subjects as well as the exchange of data between cloud consumers and providers increases the complexity of data governance in cloud ecosystems, a problem which is exacerbated by emerging threats and vulnerabilities. This paper discusses how accountability addresses emerging issues and legal perspectives in cloud ecosystems. In particular, it introduces an accountability model tailored to the cloud. It presents on-going work within the Cloud Accountability Project, highlighting both legal and technical aspects of accountability.

Sampling ISP Backbone Topologies

Large computer networks are too large to emulate or actually reproduce in conventional lab environments. Graph generation/reduction techniques have been a valuable tool to solve this limitation. However, current techniques focus on local features (e.g. router out-degree, clustering coefficient, traffic difference between edges for building a hierarchy) that do not preserve router-level backbone geographical/hierarchical features or the end-to-end delay between any arbitrary points. This letter proposes a geographical-based reduction mechanism that enables emulation in lab settings while preserving the global features of typical backbone networks. The performance evaluation is based on six inferred ISP backbone maps.

An Integrated Framework for Innovation Management in Cyber Security and Privacy

This paper is concerned with increasing the impact of publicly funded research and development (R&D) in cyber security and privacy. In the context of a high level of threat, there is a pressing need for firms and institu- tions to implement innovative and robust cyber security and privacy technolo- gies. This particular challenge requires a systematic coordinated approach across both the public and private sectors. The innovation ecosystem involves complex interactions between key actors such as policy makers, incumbent service pro- viders, and new innovators, each with their own view of how to increase the impact of R&D in cyber security and privacy. Drawing on R&D literature and roadmapping theory, this paper presents a framework and research tool for establishing an integrated view of innovation management in cyber security and privacy.

Implementing Privacy Policies in the Cloud

The provision of a cloud service must fulfil policies to comply with requirements coming from different sources. One of the main sources is the European Data Protection Directive that sets out legal obligations for the cloud adoption and provision. Cloud providers that rely on the use of additional cloud services need to make sure that the level of protection offered by these is adequate. Implementing privacy policies in the cloud requires taking into account the privacy related practices adopted by service providers even during the procurement phase. Moving towards a transparency-based service provision approach, additional information that cloud customers need to evaluate is evidence of compliance with privacy policies that CSPs are able to provide. This paper gives an overview of the processes entailed for the implementation of privacy policies.

What's New in the Economics of Cybersecurity?: Observational and Empirical Studies

The articles in this special issue, together with those in the companion issue, highlight the need for large, complex observational and empirical studies and represent the kind of studies that will advance our understanding of cybersecurity economics.