PaaSword Presentation - Project Overview
Download as PPTX, PDF0 likes473 views
This document describes PaaSword, an innovative security framework for cloud applications. It aims to address security concerns that are barriers to cloud adoption by [1] allowing developers to engineer secure applications, [2] leveraging security of encrypted data on outsourced infrastructure, and [3] facilitating context-aware access to distributed and encrypted datasets. Major assets developed include annotations for database privacy, a virtual database proxy to handle encrypted queries, and an authorization engine for access control. The goal is to prove the applicability, usability, and effectiveness of the PaaSword framework.
![Motivation â Security as an Enterprise
Requirement
Enterprises identify security concerns and data privacy as the most
significant barriers of Cloud adoption;
In addition:
Compliance (e.g., legal, regulatory, industry-standard compliance)
Cultural resistance
Encryption and key management as top priority requirements [3] & [4]
PaaSword 5
[3] P. Institute, â2015 Global Encryption & Key,â Thales, 2015.
[4] CipherCloud, âGlobal cloud data security report - The
authority on how to protect data in the cloud,â CipherCloud, 2015.](https://image.slidesharecdn.com/paaswordpresentationprojectoverview-161104150922/85/PaaSword-Presentation-Project-Overview-5-320.jpg)
PaaSword Presentation - Project Overview
- 1. www.paasword.eu No More Dark Clouds With PaaSword â An Innovative Security By Design Framework Project Overview
- 2. Cloud Paradigm Shift The cloud paradigm has definitely prevailed Most application are delivered following the SaaS model Many developers rely on PaaS offerings for scalablity Nearly all underlying resources (DBs, Queues etc) are outsourced at the IaaS level Attack vectors have increased âRaw dataâ are the modern hackerâs holy grail The responsibility for the protection of data has shifted to the developer PaaSword04/11/2016 2
- 3. 60% of attacks target the database PaaSword04/11/2016 3
- 5. Motivation â Security as an Enterprise Requirement Enterprises identify security concerns and data privacy as the most significant barriers of Cloud adoption; In addition: Compliance (e.g., legal, regulatory, industry-standard compliance) Cultural resistance Encryption and key management as top priority requirements [3] & [4] PaaSword 5 [3] P. Institute, â2015 Global Encryption & Key,â Thales, 2015. [4] CipherCloud, âGlobal cloud data security report - The authority on how to protect data in the cloud,â CipherCloud, 2015.
- 6. How shall we lower the barriers? Security concerns Protect confidential information Control access Trust cloud provider Secure Cloud Applications Data privacy Secure storage Encryption Trustable Key Management Control Access to data PaaSword 6 PaaSword
- 7. Problem Areas Targeted Insufficient security and trust of cloud infrastructures and services Cloud application developers have difficulties specifying appropriate level of security Appropriate context-aware access control mechanisms for cloud applications Ensure protection, privacy and integrity of data stored in the cloud Prove applicability, usability, effectiveness and value of secure cloud platforms PaaSword 7
- 9. PaaSword Features A security-by-design framework which will allow developers to engineer secure applications Leverage the security and trust of data that reside on outsourced infrastructure Facilitate context-aware access to encrypted and (even) physically distributed datasets stored in the cloud Prove applicability, usability, effectiveness and value of our framework in real-life Cloud infrastructures, services and applications 9 PaaS Provider PaaSword API DB with Indexers on encrypted data Queries using Searchable Trusted IaaS Provider Adversary User Developer Publishes Application Encryption Scheme using PaaSword API encrypted data PaaSword
- 10. Major Assets developed so far⊠A JAVA annotation library that can be used during development in order to annotate database models (using JPA) These annotations are translated during runtime to privacy constraints that drive the fragmentation of the database A virtual-database proxy that is able to handle any SQL query by translating it in the proper format based on the fragmentation scheme An XACML-compliant authorization engine that is able to perform reasoning prior to attribute-evaluation An integrated IDE environment where developers can submit and control their PaaSword-enabled applications PaaSword 10
- 11. Integration of Eclipse CHE IDE PaaSword 11
- 13. Asset: Virtual Database Architecture PaaSword 13 Data Index2Index1 SQL SQLDatabase Proxy (trusted) SQL Cloud (untrusted) User / Application Data (not encrypted) Data (encrypted)
- 15. Interested in⊠? Getting access to early results? Shaping and expanding PaaSword? Networking with leading companies & research institutes? Collaborating with us and the PaaSword Community? Join the Cloud Security Industrial Focus Group! Register at: https://www.paasword.eu/register/ 19PaaSword
- 16. PaaSword 20 Join our Industrial Focus Group Today! Visit us: www.paasword.euAcknowledgements: This project has received funding from the European Unionâs Horizon 2020 research and innovation programme under grant agreement No 644814.