Abstract

Existing cloud storage systems lack privacy aware architectures that meet accessibility goals for complex collaboration. This deficiency is fully realized in the healthcare industry, where cloud-enabling technology blurs the ownership boundary of health and wellness information. Whether among traditional `stovepiped' data silos, health information exchanges or personally controlled health information repositories, various forms of privacy neglect are common practice. We propose a paradigm shift in the interaction of users with cloud services that removes unwarranted trust in the cloud service provider and provisions accessibility for collaborators. To realize the paradigm shift, it is necessary to provide anonymity in data storage and separate the administration of access policy and authorization from the mechanisms used for enforcement. The dispensation of authorizations in the SAPPHIRE architecture bootstraps a traditional Kerberos ticket-based approach with `trust verifications'. In our evaluation, we prove the security properties of the SAPPHIRE architecture and implement a small scale prototype. Our analysis shows that SAPPHIRE is a viable extension of collaborative health information systems through the provision of anonymity and enhanced policy administration for the primary data owner.