Ramokapane, Kopo Marvin and Rashid, Awais and Such, Jose M. and Baron, Alistair (2019) Usable assured deletion in the cloud. PhD thesis, Lancaster University.
2019RamokapanePhD.pdf - Published Version
Available under License Creative Commons Attribution-NoDerivs.
Download (4MB)
Abstract
The prevalence of cloud and storage-as-a-service has led to users storing and sharing data through such services. However, little is understood about one key element of data management in this new landscape, i.e., data deletion and more critically assured deletion. With regards to deletion, existing research has not explored the deletion needs of users, their preferences and the challenges they face. Nor is there any understanding of the challenges faced by cloud providers should they want to offer assured deletion. Users’ deletion needs and their preferences are diverse and vary depending on the context. However, satisfying these needs may be limited to the properties of the infrastructure - what the infrastructure permits and does not. For instance, the cloud infrastructure has various features that may pose different challenges to meeting the needs of users and providing assured deletion. These features include virtualization, multi-tenancy, high availability and On-demand elasticity. The work presented in this thesis is the first to investigate these issues. Thus, it finds that users’ motivation to delete are: privacy-, policy-, expertise- and storage-driven. They fail to delete because of the poorly designed interfaces, the way they perceive cloud deletion and lack of information about cloud deletion. Users want to have a choice in how their data is deleted, they want to be able to specify the type of deletion. Their deletion preferences are complex and may always change depending on the context of deletion, i.e., individually or socially. Regarding information about deletion, they want important information that may help them to delete or recover from failures to be easily accessible through the interface. They do not want essential information only to be restricted to privacy policies. Using these findings, this thesis provides a conceptual framework for the design of usable assured deletion in the cloud and then formulates user requirements for usable assured deletion. With regards to providers, by analysing the cloud infrastructure, this work provides a systematization of the challenges that providers face while attempting to assure deletion. It also identifies the cloud provider requirements for usable assured deletion. By considering both sets of requirements, i.e., user and provider requirements, this work provides user requirements and principles for usable assured deletion. Overall, the findings of this work formulate a solid grounding for the design and the development of cloud systems that assure deletion in a usable way. More importantly, it helps in the empowerment of users with regards to assured deletion.