SlideShare a Scribd company logo

PaaSword's main idea, technical architecture and scientific challenges

PaaSword EU Project, profile picture
PaaSword EU Project

This document provides an overview of the PaaSword project, including its goals, architecture, and requirements. PaaSword aims to provide data privacy and security for cloud applications and storage by designing encryption and access policies into applications from the start. The architecture includes a central administration component, application development zone, PaaSword execution container, and tenant operational zone. Requirements were gathered from various stakeholders and include both functional and security requirements related to encryption, key management, access policies, and more.

Technology
Related topics:
Data PrivacyCloud Security Insights
1 of 63
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
www.paasword.eu Dr. Julia Vuong, Andreas Schoknecht CAS Software AG, Karlsruhe Institute of Technology PANOPTESEC Workshop September 08, 2015, Brussels
Agenda Introduction/Motivation PaaSword in a Nutshell Consortium Goals Business Challenges PaaSword Concepts Overview Basic Concepts PaaSword Requirements Methodology Functional Requirements Security Requirements PaaSword08/09/2015 2 PaaSword Architecture Overview PaaSword Policies PaaSword Scientific Challenges Searchable Encryption Access Policies Insecure APIs Conclusion
INTRODUCTION PaaSword08/09/2015 3
PaaSword in a Nutshell Holistic framework to unlock valuable business benefits of Cloud Computing by providing data privacy and security by design safeguarding both corporate and personal data for cloud infrastructures and storage services Protecting the data persistency layer and the database itself as the most critical targets PaaSword08/09/2015 4 PaaS Provider PaaSword API DB with Indexers on encrypted data Queries using Searchable Trusted IaaS Provider Adversary User Developer Publishes Application Encryption Scheme using PaaSword API encrypted data
Consortium • Industrial Partner• Scientific Partner PaaSword08/09/2015 5
Goals for PaaSword Leverage the security and trust of Cloud infrastructures and services Facilitate context-aware, ad-hoc decryption and access to encrypted and physically distributed datasets stored in Cloud infrastructures and services, Enable the engineering of data privacy and security by design Cloud services and applications Ensure the protection, privacy and integrity of the data stored in Cloud infrastructures and services Prove the applicability, usability, effectiveness and value of the PaaSword concepts, models and mechanisms in industrial, real-life Cloud infrastructures, services and applications PaaSword08/09/2015 6
Use Cases & Business Challenges PaaSword Framework outcome is demonstrated by means of 5 Use Cases situated in different application areas Secure Senors Analytics for IoT applications Cloud-based Multi-tenant CRM software Encrypted Persistency included in PaaS/SaaS Services Multi-tenant ERP Environments Platform for Cross-border Document Exchange Business Challenges are derived as a result of the analysis of the Use Cases PaaSword08/09/2015 7
Secure Sensors Data Fusion and Analytics Siemens SRL Sensor Middleware: fine grained ICT monitoring system for both static and mobile distributed critical infrastructures Public utilities (PU) or supply chains (SC) The system provides Reports in order to support the end-user in deciding whether to accept a shipment (SC) or public service (PU) through e.g. QoS monitoring Real-time alerts and early warnings in order to guarantee the quality of a provided service, i.e. enabling transporters (SC) and public service & safety providers (PU) to proactively avoiding or minimizing damages Automatic control operational states (i.e. of storage and transport conditions for SC, public services distribution and scaling for PU) in order to comply with product and service requirements Data stored in a NoSQL storage engine due to the linear scaling factor, scaling is achieved through Sharding PaaSword08/09/2015 8
Secure Sensors Data Fusion and Analytics The resulting security framework should: provide redundancy capabilities for the management, storage and processing systems in case of failures; provide support for performing failure and forensic analysis on data-storage and processing components; identify ways to detect and report security and system failures. PaaSword08/09/2015 9
Protection of Personal Data in a Multi-Tenant CRM Environment CAS Software AG CRM software stores, links and processes huge amount of personal and customer data as well as sensitive enterprise This data is an interesting target for mainly passive adversaries Another huge thread are internal adversaries who has access to unencrypted data of multi-tenants directly in the data center CRM software developers are mainly non-security experts who needs to write security-aware code. Data encryption needs to be included at the persistence layer. Performance impact needs to be limited to those data part what must be protected. Data is stored in relational databases. PaaSword08/09/2015 10
Protection of Personal Data in a Multi-Tenant CRM Environment The resulting security framework should support security as a part of the application/data lifecycle management; support tenant isolation in order to support the multiple-tenant structure of a CRM solution, especially the “one DB per tenant” approach; provide developer documentation and guidelines for security features in the platform in order to enable non-security experts to develop security-aware CRM software; provide patch management for secure platform components; provide secure key management; support permissions based on the situation of the user. PaaSword08/09/2015 11
Encrypted Persistency as PaaS/IaaS-Service- Pilot Implementation SixSq SlipStream, a cloud application management platform, facilitates management of the full cloud application lifecycle Most cloud applications are n-tier web applications that need appropriate levels of security, privacy and confidentiality. Developing the data protection infrastructure with respect to ISO standards and EU-data handling requirements is time consuming and costly. PaaSword08/09/2015 12
Encrypted Persistency as PaaS/IaaS-Service- Pilot Implementation The security framework should Produce components that can be parameterized and integrated with other application services (including external user authentication mechanisms); Provide a complete set of components that can demonstrably meet the requirements of the EU data protection legislation and similar other regulatory requirements around the world. PaaSword08/09/2015 13
Protection of Sensible Enterprise Information on Mulit-Tenant ERP Environments Singular Logic Enterprise Resource Planning solution with single-tenant and multi- tenant scenarios relying on IaaS deployment schemes. Data being exposed to third parties in a multi-tenant environment is one of the main risks. Virtualized infrastructure includes the risk that one machine in this setting could monitor what ist neighbours are doing. Poor implementation of access management includes the risk that customer data will get exposed to other users. PaaSword08/09/2015 14
Protection of Sensible Enterprise Information on Mulit-Tenant ERP Environments The resulting security framework should Support searchable encryption of database; Be able to support encryption/decryption through all steps the application and data lifecycle; Support tenant isolation in order to support the multiple-tenant ERP solution, based on the “one DB per tenant” approach; Not introduce extreme computational overhead; Offer encryption in data transportation layer; Provide extended developer documentation and guidelines for the security features in order to be properly integrated to the existing solution; Provide secure key management. PaaSword08/09/2015 15
Intergovernmental Secure Document and Personal Data Exchange Ubitech Intergovernmental Exchange Platform facilitate international co- operation in civil-status matters and to further enable the exchange of information between civil registrars The platform needed to adhere to very high security standards for the generation and transmission of highly sensitive personal data taking under consideration that the transmission channel is going to be the Internet, a totally hostile environment for sensitive data. problem of end-to-end electronic exchange, one of the most vulnerable parts of the platform is the so-called Exchange Server where the exchange (inbound/outbound) queues and routing databases reside protection of the raw data that reside in central database PaaSword08/09/2015 16
Intergovernmental Secure Document and Personal Data Exchange The resulting security framework should Produce components that re-assure as much as possible that inter- changeable data are secure from malicious users that are either external or internal i.e. they belong to the ecosystem of the operational environment. This is very crucial since these types of applications have complex operational environment. Produce components that can apply security policies that take under consideration the specificities of cross-border exchange (e.g. restrict the interaction of users based on their location) Produce components that are in-line with the eIDAS regulation (such as electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication) while in parallel they contribute in seamless encryption of data PaaSword08/09/2015 17
Business Challenges Encryption of distributed existing databases and corresponding transaction logs Context-driven policies for accessing the stored information Object annotations modelling access rights for specific purposes, easily understood and defined by application developers, and a corresponding interpreter generating policy enforcement rules Virtualization of data storages, i.e. SQL and No-SQL, realizing the appropriate query synthesis and aposynthesis capabilities Key management mechanisms making the key usage transparent to the cloud-based applications and services Asymmetric encryption, enabling the per-user encryption of the stored data and the per-user definition of policies regarding said data PaaSword08/09/2015 18
Walkthrough PaaSword PaaSword provides an IDE-specific plug-in incorporating all PaaSword features used by the developer for his MVC-based application Developer creates annotations at the Data Access Objects referring to sensitive data that should be protected, according to the XACML-based Context-aware Policy Access Model PaaSword performs validity check of the DAO annotations According to the DAO annotations applications persistence layer is distributed and the data encrypted Each query and processing request is forwarded by the enhanced Controller to the Query Handling mechanism PaaSword08/09/2015 19
Walkthrough PaaSword Policy Enforcement Mechanism grants the incoming request access to the data or not taking into account the user-defined access policies; Query Handling mechanism submits the enhanced query to the augmented persistence layer; Database Proxy registers the distributed query to the distributed and encrypted parts and federates the respective data from the distributed parts of the database; Federated data synthesis and ad-hoc decryption utilizing the key of the end-user that is transparently (to the application) propagated to the Query Handling mechanism; Decrypted data is delivered to the application controller forwarding it to the end-user PaaSword08/09/2015 20
PAASWORD CONCEPTS
Overview of Basic Concepts PaaSword08/09/2015 22
what is this artefact? PaaSword Semantic Models is a set of Ontological models that aim to conceptualize two things: possible encryption/decryption policies that can be used during runtime by an application in order to protect specific columns in a database possible policies that can be applied in the web-endpoints of an application who is using it? They are used after their interpretation in libraries who manages it? A PaaSword Administrator is able to extend these models PaaSword Semantic Models PaaSword08/09/2015 23
Typesafe Development Libraries what is this artefact? It is a set of Java Annotation Libraries (JSR-175 compliant) that provide to developers the ability to annotate specific part of their code. These parts include @Entities. @Path(“/restendpoint”) etc Annotations will drive specific ‘business logic’ during runtime. who is using it? A Cloud Application Developer during the development of an application that will be hosted in a PaaS environment who manages it? It is autogenerated by a Semantic Model Interpreter PaaSword08/09/2015 24
PaaSword Application what is this artefact? This is not practically an actual artefact of the project. Though it is an application that uses the Typesafe Development Libraries who is using it? Upon the deployment in a JEE container the application is available to end-users. who manages it? The PaaSword Application is managed by a DevOps in the sense that it performs all apropriate steps that are needed prior to deployment PaaSword08/09/2015 25
PaaSword-enabled Container what is this artefact? It is a JEE container that is able to interpret during runtime the (PaaSword) annotations that the developer has used. A PaaSword-enabled container is able to Interpret and implement encryption/decryption policies for specific columns of a database handle policies that are declaratively defined who is using it? A DevOps user that is responsible for the operation of an application who manages it? The PaaS provider PaaSword08/09/2015 26
Outsourced Database what is this artefact? It is a plain RDBMS engine that operates in a completely untrusted IaaS zone who is using it? The PaaSword-enabled application will use this RDBMS in order to host encrypted data who manages it? The IaaS provider PaaSword08/09/2015 27
REQUIREMENTS
Requirements Methodology Capturing of Requirements was a multi-step procedure. Initially we discriminated between Functional Requirements and Security Requirements Functional requirements affected the Architecture and will affect the reference implementation Security requirements affect the Encryption/Decryption policies and the Key-Management policies that will be developed Our end-users drove this procedure As a first step, all PaaSword stakeholders have been identified PaaSword08/09/2015 29
Different Requirements per Role PaaSword08/09/2015 30
PaaSword Administrator & Developer • PaaSword08/09/2015 31
DevOps’s & PaaS Provider’s F.R. PaaSword08/09/2015 32
Application User’s FR PaaSword08/09/2015 33
Capturing Security Requirements The core asset that has to be protected is the database Following a risk-management methodology we ended up in identifying Assets, Threats and Vulnerabilities that relate to the database Based on the identified Threats, end-users raised there concrete security requirements These requirements have been collected and ranked Ranking is a guide for reference implementation PaaSword08/09/2015 34
Security Requirements Meta-model PaaSword08/09/2015 35
PaaSword08/09/2015 36 Ranking Description CAS UBI SILO SixSq SIE Ave PSw SHALL guarantee that the credentials of a user can be revoked without affecting the Transparent Data Encryption (TDE) scheme that is used at the database level 9 10 9 9 9 9.2 PSw SHALL guarantee that the revocation of the credentials of one user does not affect the credentials or the TDE scheme of the other users 9 10 9 9 9 9.2 PSw SHOULD use a key generation algorithm (for keys associated to users/roles) that should guarantee that when a user key is compromised the rest of the keys MUST not be revoked 9 10 9 9 9 9.2 PSw SHALL support symmetric TDE of sensitive data. 9 10 9 7 7 8.4 PSw SHALL be operational only if transport level encryption is configured 9 9 9 6 5 7.6 PSw SHOULD ensure that deployed applications in the Application Server are trusted using a mature trust model 8 7 8 8 9 7.6 PSw SHALL interact with its underlying persistency layer using an encrypted connection 7 8 7 7 7 7.6 TDE SHOULD be supported on top of a monolithic database 9 10 9 5 5 7.6
PAASWORD ARCHITECTURE
Overview of Architecture PaaSword08/09/2015 38
PaaSword Central Administration It is a centralized component that hosts the Semantic Models and the libraries that are autogenerated by these models. Its main sub- components include: Semantic Model Management manages semantic artefacts Design Time Library Management generates JSR-175 Annotation libraries Runtime Library Management generates runtime libraries that are deployed in the PaaS Container PaaSword User Administration manages PaaSword users (i.e. ISVs that use the libraries) PaaSword08/09/2015 39
Application Development Zone PaaSword libraries can be used by the developers of ISVs in order to create PaaSword enabled applications. Libraries can be extended using a specific methodology. There is only one component that belongs to this zone: Trusted Deployment Generator it injects the deployment archive with the proper certificates/configurations that are needed it signs the deployment archive PaaSword08/09/2015 40
PaaSword Execution Container A JEE container which is able to interpret the annotations during runtime and perform all policies. Its main components include: PaaSword Deployment Management responsible to validate the deployment archive Transparent Encryption & Decryption Mechanism responsible to bootstrap the database and handle TDE queries Key Management Mechanism responsible to perform key management operations Security Policy Evaluation and Enforcement & Security Policy Management responsible to handle the policies that are defined by annotations and possibly edited by the DevOps HTTP Request interceptor responsible to forward the HTTP request to PaaSword handlers PaaSword08/09/2015 41
Tenant Trusted Operational Zone This is a special zone which belongs to the tenant which contains some components that facilitate searchable encryption. The main components in this zone include: Trusted Key Generator responsible to generate and handle tenant keys Re-encryption Proxy it facilitates searchable encryption PaaSword08/09/2015 42
PaaSword Policy 1 – Monolithic Installation Encryption/Decryption process is performed by using a PaaS Container Encryption key exists constantly in memory. Key is generated by TKP and provided once during bootstrapping. PaaSword08/09/2015 43
PaaSword Policy 1 – Monolithic Installation Easy to implement. No operational reconditions have to be fullfilled by the application provider. Business Login can perform SCRUD operations transparently. No theoretical proof that a key can not be circumvented by a compromised container. DB's data resides in one place, so brute force attacks can be performed upon their compromisation. Key is continuously stored in memory. • Disadvantages• Advantages PaaSword08/09/2015 44
PaaSword Policy 2 – Monolithic Installation Encryption and Decryption process is performed using a PaaS Container Encryption key exists constantly in memory. In contrast to PaaSword Policy 1: Key is resynthesized on demand in every entity's usage. Key is generated by TKP which is interconnected with IDM. PaaSword08/09/2015 45
PaaSword Policy 2 – Monolithic Installation Business Logic can perform SCRUD operations transparently. Asymmetric key is not stored permanently in memory. Revocation of one key is not affecting the platform. More complex to implement than PaaSword Policy 1. No theoretical proof that a key can not be circumvented by a compromised container. DB's data resides in one place, so brute force attacks can be performed upon their compromisation. • Disadvantages• Advantages PaaSword08/09/2015 46
PaaSword Policy 3 – Monolithic Installation Encryption and Decryption process is performed using an Encryption Proxy Key is based on a tenant key that is generated by the TKP Key is generated by the TKP PaaSword08/09/2015 47
PaaSword Policy 3 – Monolithic Installation Container has no access to plain text. Business Logic can not perform all SCRUD operations. • Disadvantage• Advantage PaaSword08/09/2015 48
PaaSword Policy 4 – Distributed Installation PaaSword08/09/2015 49 Hardware of data owner Certified cloud provider Storage cloud provider Fully trusted zone Trusted zone Semi-trusted zone Untrusted zone Data Index Index Data base proxy Zone Model
Secure Database Proxy PaaSword08/09/2015 50 Data Index2Index1 (no)SQL (no)SQLDB-Proxy (trusted) SQL Cloud (untrusted) User/Application Data (not encrypted) Data/Indexes (encrypted)
Transformation PaaSword08/09/2015 51 ID First Name Last Name Town Date Of Birth 1 Paul Fischer Hannover 01.01.1979 2 Hans Müller Karlsruhe 02.02.1974 3 Frank Schmidt Stuttgart 03.03.1972 4 Frank Maier Hamburg 04.04.1983 ID encrypted Data 1 Enc(Paul,Fischer, Hannover,01.01.1979) 2 Enc(Hans,Müller,Karlsruhe,02.02.1974) 3 Enc(Frank,Schmidt,Stuttgart,03.03.1972) 4 Enc(Frank,Maier,Hamburg,04.04.1983) Data Keyword IDs FirstName:Paul Enc(1) FirstName:Hans Enc(2) FirstName:Frank Enc(3,4) Index1 Keyword IDs LastName:Fischer Enc(1) LastName:Müller Enc(2) LastName:Schmidt Enc(3) LastName:Maier Enc(4) Index2 Attributes are lost in the crowd Original hidden association
Example (1/4) PaaSword08/09/2015 52 Data Index2Index1 SELECT ID FROM Index1 WHERE Keyword =‘FirstName:Frank’ SELECT ID FROM Index2 WHERE Keyword =‘LastName:Maier’ Transform query DB-Proxy SELECT * FROM Person WHERE FirstName = ‘Frank’ AND LastName = ‘Maier’ SELECT * FROM Personen WHERE FirstName = ‘Frank’ AND LastName = ‘Maier’ ID First Name Last Name Town Date Of Birth 1 Paul Fischer Hannover 01.01.1979 2 Hans Müller Karlsruhe 02.02.1974 3 Frank Schmidt Stuttgart 03.03.1972 4 Frank Maier Hamburg 04.04.1983
Example (2/4) PaaSword08/09/2015 53 Data Index2Index1 Decrypt and compose DB-Proxy SELECT * FROM Personen WHERE FirstName = ‘Frank’ AND LastName = ‘Maier’ ID First Name Last Name Town Date Of Birth 1 Paul Fischer Hannover 01.01.1979 2 Hans Müller Karlsruhe 02.02.1974 3 Frank Schmidt Stuttgart 03.03.1972 4 Frank Maier Hamburg 04.04.1983 IDs Enc(3,4) IDs Enc(4) ID 4
Example (3/4) PaaSword08/09/2015 54 Data Index2Index1 Fetch Data DB-Proxy SELECT * FROM Personen WHERE FirstName = ‘Frank’ AND LastName = ‘Maier’ ID First Name Last Name Town Date Of Birth 1 Paul Fischer Hannover 01.01.1979 2 Hans Müller Karlsruhe 02.02.1974 3 Frank Schmidt Stuttgart 03.03.1972 4 Frank Maier Hamburg 04.04.1983 SELECT * FROM Data WHERE ID in {4}
Example (4/4) PaaSword08/09/2015 55 Data Index2Index1 Decrypt and send result DB-Proxy SELECT * FROM Personen WHERE FirstName = ‘Frank’ AND LastName = ‘Maier’ ID First Name Last Name Town Date Of Birth 1 Paul Fischer Hannover 01.01.1979 2 Hans Müller Karlsruhe 02.02.1974 3 Frank Schmidt Stuttgart 03.03.1972 4 Frank Maier Hamburg 04.04.1983 Frank, Maier, Hamburg, 04.04.1983 Enc(Frank, Maier, Hamburg, 04.04.1983)
PAASWORD SCIENTIFIC CHALLENGES PaaSword08/09/2015 56
Searchable Encryption Scheme Define a Searchable Encryption (SE) scheme which is able to work with encrypted data basd on defined policies SE needs to allow multi-read, multi-write and needs to provide keywords privacy SE needs to offer revocation functionalities in order to tackle misbehaving users SE needs to be efficient and able to run on multiple devices with different resources Possible offer of different SE schemes with different functionalities/security level PaaSword08/09/2015 57
Access Control Policies Access Control Policies are based on the Access Control Model Developer choose the applied Access Control Model Key-Police Attribute Based Encryption – Ciphertext-Policy Attribute Based Encryption Which one can be applied in the PaaSword setting? Move to revocable version? Access Control Policies are Context-Aware by using a Context Model Context Model is based on LinkedUSDL taking into account context attributes, i.e. geolocation, device, … Each data type has its own context attributes PaaSword08/09/2015 58
Insecure APIs Transport Security Protect APIs carrying sensitive data within a secure channel Use SSL/TLS How to generate/manage valid certificates from internal/external certificate authority? Issues with configuring platform services and software integration Issues with end-to-end protection if any prxying platforms are required as intermediaries Code and Development Practices Test any API that pass JSON/XML messages or accept input from users/applications for standard injection flaws and cross-site request forgery attacks PaaSword08/09/2015 59
Insecure APIs Authentication & Authorization Open Issues Can APIs manage the encryption of usernames and password? Is it possible to manage two-factor authentication attributes? Can fine-grained authorization policies be created and maintained? Is there continuity between internal identity management systems and attributes, and those extended by APIs from cloud providers? Reusable tokens/password? API dependencies? Limited monitoring/logging capabilities? Inflexible access control? PaaSword08/09/2015 60
Conclusion I PaaSword provides a holisitic framework providing data privacy and security by design Added value exemplified on 5 business demonstrations Based on the concepts of PaaSword Semantic Models Typesafe Development Libraries PaaSword Application PaaSword-enabled Container Outsourced Database Architecture and Reference Implementation defined with the help of Requirements & Security Requirements from Stakeholders PaaSword08/09/2015 61
Conclusion II Architecture consists of PaaSword Central Administration Application Development Zone PaaSword Execution Container Tenant Trusted Operational Zone PaaSword Policies for Security 1,2,3,4 PaaSword Scientific Challenges Searchable Encryption working with encrypted data based on defined policies – Combine Seachable Encryption with Access Control Policies Insecure APIs PaaSword08/09/2015 62
PaaSword08/09/2015 63 Questions? Visit us: www.paasword.euAcknowledgements: This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644814.

More Related Content

PDF
PLEDGE: A POLICY-BASED SECURITY PROTOCOL FOR PROTECTING CONTENT ADDRESSABLE S...
IJNSA Journal
 
PDF
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Project
 
PDF
Service Compositions: Curse or Blessing for Security?
Achim D. Brucker
 
PDF
How much can I trust my cloud services?
ATMOSPHERE .
 
PDF
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET Journal
 
PDF
paper
Gustavo El Khoury
 
PDF
Cloud Security POV_Final (by KM)
Khiro Mishra
 
PDF
Isaca journal - bridging the gap between access and security in big data...
Ulf Mattsson
 
PLEDGE: A POLICY-BASED SECURITY PROTOCOL FOR PROTECTING CONTENT ADDRESSABLE S...
IJNSA Journal
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Project
 
Service Compositions: Curse or Blessing for Security?
Achim D. Brucker
 
How much can I trust my cloud services?
ATMOSPHERE .
 
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET Journal
 
paper
Gustavo El Khoury
 
Cloud Security POV_Final (by KM)
Khiro Mishra
 
Isaca journal - bridging the gap between access and security in big data...
Ulf Mattsson
 

What's hot (17)

PDF
Paper1
Vikas Khairnar
 
PDF
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
IRJET Journal
 
PDF
Cloud Auditing
Jonathan Sinclair
 
PPT
Privacy Preserving Public Auditing for Data Storage Security in Cloud.ppt
Girish Chandra
 
PDF
A Survey on Different Techniques Used in Decentralized Cloud Computing
Editor IJCATR
 
DOCX
IEEE 2014 JAVA MOBILE COMPUTING PROJECTS Cloud assisted mobile-access of heal...
IEEEFINALYEARSTUDENTPROJECTS
 
PDF
IRJET- A Novel and Secure Approach to Control and Access Data in Cloud St...
IRJET Journal
 
PPTX
(ISC)2 CCSP - Certified Cloud Security Professional
Hatem ElSahhar
 
PDF
L04302088092
ijceronline
 
PDF
Pega_0625_Pega_Cloud_Security_Reliability_19
Douglas Kim
 
PDF
A robust and verifiable threshold multi authority access control system in pu...
IJARIIT
 
PPTX
Managing Cloud Security Risks in Your Organization
Charles Lim
 
PDF
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
PDF
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet
 
PPTX
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
PPTX
Cloud Security 2014 AASNET
Farrukh Shahzad
 
PDF
Enhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Editor IJMTER
 
Paper1
Vikas Khairnar
 
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
IRJET Journal
 
Cloud Auditing
Jonathan Sinclair
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud.ppt
Girish Chandra
 
A Survey on Different Techniques Used in Decentralized Cloud Computing
Editor IJCATR
 
IEEE 2014 JAVA MOBILE COMPUTING PROJECTS Cloud assisted mobile-access of heal...
IEEEFINALYEARSTUDENTPROJECTS
 
IRJET- A Novel and Secure Approach to Control and Access Data in Cloud St...
IRJET Journal
 
(ISC)2 CCSP - Certified Cloud Security Professional
Hatem ElSahhar
 
L04302088092
ijceronline
 
Pega_0625_Pega_Cloud_Security_Reliability_19
Douglas Kim
 
A robust and verifiable threshold multi authority access control system in pu...
IJARIIT
 
Managing Cloud Security Risks in Your Organization
Charles Lim
 
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet
 
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
Cloud Security 2014 AASNET
Farrukh Shahzad
 
Enhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Editor IJMTER
 
Ad

Viewers also liked (20)

PDF
Daten unter Kontrolle
PaaSword EU Project
 
PDF
Towards Trusted eHealth Services in the Cloud
PaaSword EU Project
 
PPT
The history of social networks
Knut Linke
 
PPS
El arte-de-isabel-guerra
abelenguer
 
PPTX
ElDar Marble and Granite
a2zdecor
 
PDF
Preparing Life Insurers for the Future of Distribution
Cognizant
 
PDF
Acs ss ice_led
rini dwiandriani
 
PDF
Ifam lounge bilanzpolitik
Werner Drizhal
 
PDF
Videos baratos en la red
jaquepublicidad
 
PDF
New Riverside Green Sand MSDS
New Riverside Ochre
 
PDF
E - Sweet Tale
BurtonSchool1
 
PDF
A&B Catalog 2011
nancygrav
 
PPTX
Prádena
inesperezmolano
 
PPTX
Student net iwmw 2010 presentation upload
Josef Lapka
 
DOCX
Formato para referencia de documento electrónico copia
Daniel Kintero
 
PDF
El Ayuntamiento de La Roda de Andalucía incentiva la contratación de personas...
JdJuan Guadalinfo
 
PDF
imPacT 2016-PT & PTA
Ashley Mahaffey
 
PPT
Visual kei
Ruth Sanzana
 
PDF
Crowdar - Introducción a BDD
Javier Re
 
PDF
Concordia university-guide firstyear
iamprosperous
 
Daten unter Kontrolle
PaaSword EU Project
 
Towards Trusted eHealth Services in the Cloud
PaaSword EU Project
 
The history of social networks
Knut Linke
 
El arte-de-isabel-guerra
abelenguer
 
ElDar Marble and Granite
a2zdecor
 
Preparing Life Insurers for the Future of Distribution
Cognizant
 
Acs ss ice_led
rini dwiandriani
 
Ifam lounge bilanzpolitik
Werner Drizhal
 
Videos baratos en la red
jaquepublicidad
 
New Riverside Green Sand MSDS
New Riverside Ochre
 
E - Sweet Tale
BurtonSchool1
 
A&B Catalog 2011
nancygrav
 
Prádena
inesperezmolano
 
Student net iwmw 2010 presentation upload
Josef Lapka
 
Formato para referencia de documento electrónico copia
Daniel Kintero
 
El Ayuntamiento de La Roda de Andalucía incentiva la contratación de personas...
JdJuan Guadalinfo
 
imPacT 2016-PT & PTA
Ashley Mahaffey
 
Visual kei
Ruth Sanzana
 
Crowdar - Introducción a BDD
Javier Re
 
Concordia university-guide firstyear
iamprosperous
 
Ad

Similar to PaaSword's main idea, technical architecture and scientific challenges (20)

PDF
PaaSword-Business Cases
PaaSword EU Project
 
PDF
PaaSword - No More Dark Clouds with PaaSword
PaaSword EU Project
 
PDF
No More Dark Clouds With PaaSword - An Innovative Security By Design Framework
PaaSword EU Project
 
PPTX
PaaSword Presentation - Project Overview
PaaSword EU Project
 
PDF
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
PaaSword EU Project
 
PDF
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
PaaSword EU Project
 
PDF
PaaSword - Technology Baseline
PaaSword EU Project
 
PDF
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword EU Project
 
PPT
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
Yiannis Verginadis
 
PDF
saassecurity-230424030940-08314322.pdf
SahilSingh316535
 
PPTX
SaaS Security.pptx
chelsi33
 
PDF
SaaS Platform Securing
Leo TechnoSoft
 
PDF
Critical_Review_of_Openstack_Security_Is.pdf
ArvindThakur69
 
PPTX
Cloud security and services
Jas Preet
 
PDF
Data Security Issues in Cloud Computing
Asad Ali
 
PPTX
Paas
NikunjPansari
 
PDF
A Novel Computing Paradigm for Data Protection in Cloud Computing
IJMER
 
PDF
Lecture27 cc-security2
Ankit Gupta
 
PPTX
A Blueprint for Cloud-Native Financial Institutions
Angelo Agatino Nicolosi
 
PPTX
Public cloud
Dr.Neeraj Kumar Pandey
 
PaaSword-Business Cases
PaaSword EU Project
 
PaaSword - No More Dark Clouds with PaaSword
PaaSword EU Project
 
No More Dark Clouds With PaaSword - An Innovative Security By Design Framework
PaaSword EU Project
 
PaaSword Presentation - Project Overview
PaaSword EU Project
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
PaaSword EU Project
 
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
PaaSword EU Project
 
PaaSword - Technology Baseline
PaaSword EU Project
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword EU Project
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
Yiannis Verginadis
 
saassecurity-230424030940-08314322.pdf
SahilSingh316535
 
SaaS Security.pptx
chelsi33
 
SaaS Platform Securing
Leo TechnoSoft
 
Critical_Review_of_Openstack_Security_Is.pdf
ArvindThakur69
 
Cloud security and services
Jas Preet
 
Data Security Issues in Cloud Computing
Asad Ali
 
Paas
NikunjPansari
 
A Novel Computing Paradigm for Data Protection in Cloud Computing
IJMER
 
Lecture27 cc-security2
Ankit Gupta
 
A Blueprint for Cloud-Native Financial Institutions
Angelo Agatino Nicolosi
 
Public cloud
Dr.Neeraj Kumar Pandey
 

Recently uploaded (20)

PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
KodekX | Application Modernization Development
KodekX
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Encapsulation theory and applications.pdf
gurumoop
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Approach and Philosophy of On baking technology
30anthuong17
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Cloud computing and distributed systems.
kkkkkhan
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
A Presentation on Artificial Intelligence
memembruh336
 

PaaSword's main idea, technical architecture and scientific challenges

  • 1. www.paasword.eu Dr. Julia Vuong, Andreas Schoknecht CAS Software AG, Karlsruhe Institute of Technology PANOPTESEC Workshop September 08, 2015, Brussels
  • 2. Agenda Introduction/Motivation PaaSword in a Nutshell Consortium Goals Business Challenges PaaSword Concepts Overview Basic Concepts PaaSword Requirements Methodology Functional Requirements Security Requirements PaaSword08/09/2015 2 PaaSword Architecture Overview PaaSword Policies PaaSword Scientific Challenges Searchable Encryption Access Policies Insecure APIs Conclusion
  • 4. PaaSword in a Nutshell Holistic framework to unlock valuable business benefits of Cloud Computing by providing data privacy and security by design safeguarding both corporate and personal data for cloud infrastructures and storage services Protecting the data persistency layer and the database itself as the most critical targets PaaSword08/09/2015 4 PaaS Provider PaaSword API DB with Indexers on encrypted data Queries using Searchable Trusted IaaS Provider Adversary User Developer Publishes Application Encryption Scheme using PaaSword API encrypted data
  • 5. Consortium • Industrial Partner• Scientific Partner PaaSword08/09/2015 5
  • 6. Goals for PaaSword Leverage the security and trust of Cloud infrastructures and services Facilitate context-aware, ad-hoc decryption and access to encrypted and physically distributed datasets stored in Cloud infrastructures and services, Enable the engineering of data privacy and security by design Cloud services and applications Ensure the protection, privacy and integrity of the data stored in Cloud infrastructures and services Prove the applicability, usability, effectiveness and value of the PaaSword concepts, models and mechanisms in industrial, real-life Cloud infrastructures, services and applications PaaSword08/09/2015 6
  • 7. Use Cases & Business Challenges PaaSword Framework outcome is demonstrated by means of 5 Use Cases situated in different application areas Secure Senors Analytics for IoT applications Cloud-based Multi-tenant CRM software Encrypted Persistency included in PaaS/SaaS Services Multi-tenant ERP Environments Platform for Cross-border Document Exchange Business Challenges are derived as a result of the analysis of the Use Cases PaaSword08/09/2015 7
  • 8. Secure Sensors Data Fusion and Analytics Siemens SRL Sensor Middleware: fine grained ICT monitoring system for both static and mobile distributed critical infrastructures Public utilities (PU) or supply chains (SC) The system provides Reports in order to support the end-user in deciding whether to accept a shipment (SC) or public service (PU) through e.g. QoS monitoring Real-time alerts and early warnings in order to guarantee the quality of a provided service, i.e. enabling transporters (SC) and public service & safety providers (PU) to proactively avoiding or minimizing damages Automatic control operational states (i.e. of storage and transport conditions for SC, public services distribution and scaling for PU) in order to comply with product and service requirements Data stored in a NoSQL storage engine due to the linear scaling factor, scaling is achieved through Sharding PaaSword08/09/2015 8
  • 9. Secure Sensors Data Fusion and Analytics The resulting security framework should: provide redundancy capabilities for the management, storage and processing systems in case of failures; provide support for performing failure and forensic analysis on data-storage and processing components; identify ways to detect and report security and system failures. PaaSword08/09/2015 9
  • 10. Protection of Personal Data in a Multi-Tenant CRM Environment CAS Software AG CRM software stores, links and processes huge amount of personal and customer data as well as sensitive enterprise This data is an interesting target for mainly passive adversaries Another huge thread are internal adversaries who has access to unencrypted data of multi-tenants directly in the data center CRM software developers are mainly non-security experts who needs to write security-aware code. Data encryption needs to be included at the persistence layer. Performance impact needs to be limited to those data part what must be protected. Data is stored in relational databases. PaaSword08/09/2015 10
  • 11. Protection of Personal Data in a Multi-Tenant CRM Environment The resulting security framework should support security as a part of the application/data lifecycle management; support tenant isolation in order to support the multiple-tenant structure of a CRM solution, especially the “one DB per tenant” approach; provide developer documentation and guidelines for security features in the platform in order to enable non-security experts to develop security-aware CRM software; provide patch management for secure platform components; provide secure key management; support permissions based on the situation of the user. PaaSword08/09/2015 11
  • 12. Encrypted Persistency as PaaS/IaaS-Service- Pilot Implementation SixSq SlipStream, a cloud application management platform, facilitates management of the full cloud application lifecycle Most cloud applications are n-tier web applications that need appropriate levels of security, privacy and confidentiality. Developing the data protection infrastructure with respect to ISO standards and EU-data handling requirements is time consuming and costly. PaaSword08/09/2015 12
  • 13. Encrypted Persistency as PaaS/IaaS-Service- Pilot Implementation The security framework should Produce components that can be parameterized and integrated with other application services (including external user authentication mechanisms); Provide a complete set of components that can demonstrably meet the requirements of the EU data protection legislation and similar other regulatory requirements around the world. PaaSword08/09/2015 13
  • 14. Protection of Sensible Enterprise Information on Mulit-Tenant ERP Environments Singular Logic Enterprise Resource Planning solution with single-tenant and multi- tenant scenarios relying on IaaS deployment schemes. Data being exposed to third parties in a multi-tenant environment is one of the main risks. Virtualized infrastructure includes the risk that one machine in this setting could monitor what ist neighbours are doing. Poor implementation of access management includes the risk that customer data will get exposed to other users. PaaSword08/09/2015 14
  • 15. Protection of Sensible Enterprise Information on Mulit-Tenant ERP Environments The resulting security framework should Support searchable encryption of database; Be able to support encryption/decryption through all steps the application and data lifecycle; Support tenant isolation in order to support the multiple-tenant ERP solution, based on the “one DB per tenant” approach; Not introduce extreme computational overhead; Offer encryption in data transportation layer; Provide extended developer documentation and guidelines for the security features in order to be properly integrated to the existing solution; Provide secure key management. PaaSword08/09/2015 15
  • 16. Intergovernmental Secure Document and Personal Data Exchange Ubitech Intergovernmental Exchange Platform facilitate international co- operation in civil-status matters and to further enable the exchange of information between civil registrars The platform needed to adhere to very high security standards for the generation and transmission of highly sensitive personal data taking under consideration that the transmission channel is going to be the Internet, a totally hostile environment for sensitive data. problem of end-to-end electronic exchange, one of the most vulnerable parts of the platform is the so-called Exchange Server where the exchange (inbound/outbound) queues and routing databases reside protection of the raw data that reside in central database PaaSword08/09/2015 16
  • 17. Intergovernmental Secure Document and Personal Data Exchange The resulting security framework should Produce components that re-assure as much as possible that inter- changeable data are secure from malicious users that are either external or internal i.e. they belong to the ecosystem of the operational environment. This is very crucial since these types of applications have complex operational environment. Produce components that can apply security policies that take under consideration the specificities of cross-border exchange (e.g. restrict the interaction of users based on their location) Produce components that are in-line with the eIDAS regulation (such as electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication) while in parallel they contribute in seamless encryption of data PaaSword08/09/2015 17
  • 18. Business Challenges Encryption of distributed existing databases and corresponding transaction logs Context-driven policies for accessing the stored information Object annotations modelling access rights for specific purposes, easily understood and defined by application developers, and a corresponding interpreter generating policy enforcement rules Virtualization of data storages, i.e. SQL and No-SQL, realizing the appropriate query synthesis and aposynthesis capabilities Key management mechanisms making the key usage transparent to the cloud-based applications and services Asymmetric encryption, enabling the per-user encryption of the stored data and the per-user definition of policies regarding said data PaaSword08/09/2015 18
  • 19. Walkthrough PaaSword PaaSword provides an IDE-specific plug-in incorporating all PaaSword features used by the developer for his MVC-based application Developer creates annotations at the Data Access Objects referring to sensitive data that should be protected, according to the XACML-based Context-aware Policy Access Model PaaSword performs validity check of the DAO annotations According to the DAO annotations applications persistence layer is distributed and the data encrypted Each query and processing request is forwarded by the enhanced Controller to the Query Handling mechanism PaaSword08/09/2015 19
  • 20. Walkthrough PaaSword Policy Enforcement Mechanism grants the incoming request access to the data or not taking into account the user-defined access policies; Query Handling mechanism submits the enhanced query to the augmented persistence layer; Database Proxy registers the distributed query to the distributed and encrypted parts and federates the respective data from the distributed parts of the database; Federated data synthesis and ad-hoc decryption utilizing the key of the end-user that is transparently (to the application) propagated to the Query Handling mechanism; Decrypted data is delivered to the application controller forwarding it to the end-user PaaSword08/09/2015 20
  • 22. Overview of Basic Concepts PaaSword08/09/2015 22
  • 23. what is this artefact? PaaSword Semantic Models is a set of Ontological models that aim to conceptualize two things: possible encryption/decryption policies that can be used during runtime by an application in order to protect specific columns in a database possible policies that can be applied in the web-endpoints of an application who is using it? They are used after their interpretation in libraries who manages it? A PaaSword Administrator is able to extend these models PaaSword Semantic Models PaaSword08/09/2015 23
  • 24. Typesafe Development Libraries what is this artefact? It is a set of Java Annotation Libraries (JSR-175 compliant) that provide to developers the ability to annotate specific part of their code. These parts include @Entities. @Path(“/restendpoint”) etc Annotations will drive specific ‘business logic’ during runtime. who is using it? A Cloud Application Developer during the development of an application that will be hosted in a PaaS environment who manages it? It is autogenerated by a Semantic Model Interpreter PaaSword08/09/2015 24
  • 25. PaaSword Application what is this artefact? This is not practically an actual artefact of the project. Though it is an application that uses the Typesafe Development Libraries who is using it? Upon the deployment in a JEE container the application is available to end-users. who manages it? The PaaSword Application is managed by a DevOps in the sense that it performs all apropriate steps that are needed prior to deployment PaaSword08/09/2015 25
  • 26. PaaSword-enabled Container what is this artefact? It is a JEE container that is able to interpret during runtime the (PaaSword) annotations that the developer has used. A PaaSword-enabled container is able to Interpret and implement encryption/decryption policies for specific columns of a database handle policies that are declaratively defined who is using it? A DevOps user that is responsible for the operation of an application who manages it? The PaaS provider PaaSword08/09/2015 26
  • 27. Outsourced Database what is this artefact? It is a plain RDBMS engine that operates in a completely untrusted IaaS zone who is using it? The PaaSword-enabled application will use this RDBMS in order to host encrypted data who manages it? The IaaS provider PaaSword08/09/2015 27
  • 29. Requirements Methodology Capturing of Requirements was a multi-step procedure. Initially we discriminated between Functional Requirements and Security Requirements Functional requirements affected the Architecture and will affect the reference implementation Security requirements affect the Encryption/Decryption policies and the Key-Management policies that will be developed Our end-users drove this procedure As a first step, all PaaSword stakeholders have been identified PaaSword08/09/2015 29
  • 30. Different Requirements per Role PaaSword08/09/2015 30
  • 31. PaaSword Administrator & Developer • PaaSword08/09/2015 31
  • 32. DevOps’s & PaaS Provider’s F.R. PaaSword08/09/2015 32
  • 34. Capturing Security Requirements The core asset that has to be protected is the database Following a risk-management methodology we ended up in identifying Assets, Threats and Vulnerabilities that relate to the database Based on the identified Threats, end-users raised there concrete security requirements These requirements have been collected and ranked Ranking is a guide for reference implementation PaaSword08/09/2015 34
  • 36. PaaSword08/09/2015 36 Ranking Description CAS UBI SILO SixSq SIE Ave PSw SHALL guarantee that the credentials of a user can be revoked without affecting the Transparent Data Encryption (TDE) scheme that is used at the database level 9 10 9 9 9 9.2 PSw SHALL guarantee that the revocation of the credentials of one user does not affect the credentials or the TDE scheme of the other users 9 10 9 9 9 9.2 PSw SHOULD use a key generation algorithm (for keys associated to users/roles) that should guarantee that when a user key is compromised the rest of the keys MUST not be revoked 9 10 9 9 9 9.2 PSw SHALL support symmetric TDE of sensitive data. 9 10 9 7 7 8.4 PSw SHALL be operational only if transport level encryption is configured 9 9 9 6 5 7.6 PSw SHOULD ensure that deployed applications in the Application Server are trusted using a mature trust model 8 7 8 8 9 7.6 PSw SHALL interact with its underlying persistency layer using an encrypted connection 7 8 7 7 7 7.6 TDE SHOULD be supported on top of a monolithic database 9 10 9 5 5 7.6
  • 39. PaaSword Central Administration It is a centralized component that hosts the Semantic Models and the libraries that are autogenerated by these models. Its main sub- components include: Semantic Model Management manages semantic artefacts Design Time Library Management generates JSR-175 Annotation libraries Runtime Library Management generates runtime libraries that are deployed in the PaaS Container PaaSword User Administration manages PaaSword users (i.e. ISVs that use the libraries) PaaSword08/09/2015 39
  • 40. Application Development Zone PaaSword libraries can be used by the developers of ISVs in order to create PaaSword enabled applications. Libraries can be extended using a specific methodology. There is only one component that belongs to this zone: Trusted Deployment Generator it injects the deployment archive with the proper certificates/configurations that are needed it signs the deployment archive PaaSword08/09/2015 40
  • 41. PaaSword Execution Container A JEE container which is able to interpret the annotations during runtime and perform all policies. Its main components include: PaaSword Deployment Management responsible to validate the deployment archive Transparent Encryption & Decryption Mechanism responsible to bootstrap the database and handle TDE queries Key Management Mechanism responsible to perform key management operations Security Policy Evaluation and Enforcement & Security Policy Management responsible to handle the policies that are defined by annotations and possibly edited by the DevOps HTTP Request interceptor responsible to forward the HTTP request to PaaSword handlers PaaSword08/09/2015 41
  • 42. Tenant Trusted Operational Zone This is a special zone which belongs to the tenant which contains some components that facilitate searchable encryption. The main components in this zone include: Trusted Key Generator responsible to generate and handle tenant keys Re-encryption Proxy it facilitates searchable encryption PaaSword08/09/2015 42
  • 43. PaaSword Policy 1 – Monolithic Installation Encryption/Decryption process is performed by using a PaaS Container Encryption key exists constantly in memory. Key is generated by TKP and provided once during bootstrapping. PaaSword08/09/2015 43
  • 44. PaaSword Policy 1 – Monolithic Installation Easy to implement. No operational reconditions have to be fullfilled by the application provider. Business Login can perform SCRUD operations transparently. No theoretical proof that a key can not be circumvented by a compromised container. DB's data resides in one place, so brute force attacks can be performed upon their compromisation. Key is continuously stored in memory. • Disadvantages• Advantages PaaSword08/09/2015 44
  • 45. PaaSword Policy 2 – Monolithic Installation Encryption and Decryption process is performed using a PaaS Container Encryption key exists constantly in memory. In contrast to PaaSword Policy 1: Key is resynthesized on demand in every entity's usage. Key is generated by TKP which is interconnected with IDM. PaaSword08/09/2015 45
  • 46. PaaSword Policy 2 – Monolithic Installation Business Logic can perform SCRUD operations transparently. Asymmetric key is not stored permanently in memory. Revocation of one key is not affecting the platform. More complex to implement than PaaSword Policy 1. No theoretical proof that a key can not be circumvented by a compromised container. DB's data resides in one place, so brute force attacks can be performed upon their compromisation. • Disadvantages• Advantages PaaSword08/09/2015 46
  • 47. PaaSword Policy 3 – Monolithic Installation Encryption and Decryption process is performed using an Encryption Proxy Key is based on a tenant key that is generated by the TKP Key is generated by the TKP PaaSword08/09/2015 47
  • 48. PaaSword Policy 3 – Monolithic Installation Container has no access to plain text. Business Logic can not perform all SCRUD operations. • Disadvantage• Advantage PaaSword08/09/2015 48
  • 49. PaaSword Policy 4 – Distributed Installation PaaSword08/09/2015 49 Hardware of data owner Certified cloud provider Storage cloud provider Fully trusted zone Trusted zone Semi-trusted zone Untrusted zone Data Index Index Data base proxy Zone Model
  • 50. Secure Database Proxy PaaSword08/09/2015 50 Data Index2Index1 (no)SQL (no)SQLDB-Proxy (trusted) SQL Cloud (untrusted) User/Application Data (not encrypted) Data/Indexes (encrypted)
  • 51. Transformation PaaSword08/09/2015 51 ID First Name Last Name Town Date Of Birth 1 Paul Fischer Hannover 01.01.1979 2 Hans Müller Karlsruhe 02.02.1974 3 Frank Schmidt Stuttgart 03.03.1972 4 Frank Maier Hamburg 04.04.1983 ID encrypted Data 1 Enc(Paul,Fischer, Hannover,01.01.1979) 2 Enc(Hans,Müller,Karlsruhe,02.02.1974) 3 Enc(Frank,Schmidt,Stuttgart,03.03.1972) 4 Enc(Frank,Maier,Hamburg,04.04.1983) Data Keyword IDs FirstName:Paul Enc(1) FirstName:Hans Enc(2) FirstName:Frank Enc(3,4) Index1 Keyword IDs LastName:Fischer Enc(1) LastName:Müller Enc(2) LastName:Schmidt Enc(3) LastName:Maier Enc(4) Index2 Attributes are lost in the crowd Original hidden association
  • 52. Example (1/4) PaaSword08/09/2015 52 Data Index2Index1 SELECT ID FROM Index1 WHERE Keyword =‘FirstName:Frank’ SELECT ID FROM Index2 WHERE Keyword =‘LastName:Maier’ Transform query DB-Proxy SELECT * FROM Person WHERE FirstName = ‘Frank’ AND LastName = ‘Maier’ SELECT * FROM Personen WHERE FirstName = ‘Frank’ AND LastName = ‘Maier’ ID First Name Last Name Town Date Of Birth 1 Paul Fischer Hannover 01.01.1979 2 Hans Müller Karlsruhe 02.02.1974 3 Frank Schmidt Stuttgart 03.03.1972 4 Frank Maier Hamburg 04.04.1983
  • 53. Example (2/4) PaaSword08/09/2015 53 Data Index2Index1 Decrypt and compose DB-Proxy SELECT * FROM Personen WHERE FirstName = ‘Frank’ AND LastName = ‘Maier’ ID First Name Last Name Town Date Of Birth 1 Paul Fischer Hannover 01.01.1979 2 Hans Müller Karlsruhe 02.02.1974 3 Frank Schmidt Stuttgart 03.03.1972 4 Frank Maier Hamburg 04.04.1983 IDs Enc(3,4) IDs Enc(4) ID 4
  • 54. Example (3/4) PaaSword08/09/2015 54 Data Index2Index1 Fetch Data DB-Proxy SELECT * FROM Personen WHERE FirstName = ‘Frank’ AND LastName = ‘Maier’ ID First Name Last Name Town Date Of Birth 1 Paul Fischer Hannover 01.01.1979 2 Hans Müller Karlsruhe 02.02.1974 3 Frank Schmidt Stuttgart 03.03.1972 4 Frank Maier Hamburg 04.04.1983 SELECT * FROM Data WHERE ID in {4}
  • 55. Example (4/4) PaaSword08/09/2015 55 Data Index2Index1 Decrypt and send result DB-Proxy SELECT * FROM Personen WHERE FirstName = ‘Frank’ AND LastName = ‘Maier’ ID First Name Last Name Town Date Of Birth 1 Paul Fischer Hannover 01.01.1979 2 Hans Müller Karlsruhe 02.02.1974 3 Frank Schmidt Stuttgart 03.03.1972 4 Frank Maier Hamburg 04.04.1983 Frank, Maier, Hamburg, 04.04.1983 Enc(Frank, Maier, Hamburg, 04.04.1983)
  • 57. Searchable Encryption Scheme Define a Searchable Encryption (SE) scheme which is able to work with encrypted data basd on defined policies SE needs to allow multi-read, multi-write and needs to provide keywords privacy SE needs to offer revocation functionalities in order to tackle misbehaving users SE needs to be efficient and able to run on multiple devices with different resources Possible offer of different SE schemes with different functionalities/security level PaaSword08/09/2015 57
  • 58. Access Control Policies Access Control Policies are based on the Access Control Model Developer choose the applied Access Control Model Key-Police Attribute Based Encryption – Ciphertext-Policy Attribute Based Encryption Which one can be applied in the PaaSword setting? Move to revocable version? Access Control Policies are Context-Aware by using a Context Model Context Model is based on LinkedUSDL taking into account context attributes, i.e. geolocation, device, … Each data type has its own context attributes PaaSword08/09/2015 58
  • 59. Insecure APIs Transport Security Protect APIs carrying sensitive data within a secure channel Use SSL/TLS How to generate/manage valid certificates from internal/external certificate authority? Issues with configuring platform services and software integration Issues with end-to-end protection if any prxying platforms are required as intermediaries Code and Development Practices Test any API that pass JSON/XML messages or accept input from users/applications for standard injection flaws and cross-site request forgery attacks PaaSword08/09/2015 59
  • 60. Insecure APIs Authentication & Authorization Open Issues Can APIs manage the encryption of usernames and password? Is it possible to manage two-factor authentication attributes? Can fine-grained authorization policies be created and maintained? Is there continuity between internal identity management systems and attributes, and those extended by APIs from cloud providers? Reusable tokens/password? API dependencies? Limited monitoring/logging capabilities? Inflexible access control? PaaSword08/09/2015 60
  • 61. Conclusion I PaaSword provides a holisitic framework providing data privacy and security by design Added value exemplified on 5 business demonstrations Based on the concepts of PaaSword Semantic Models Typesafe Development Libraries PaaSword Application PaaSword-enabled Container Outsourced Database Architecture and Reference Implementation defined with the help of Requirements & Security Requirements from Stakeholders PaaSword08/09/2015 61
  • 62. Conclusion II Architecture consists of PaaSword Central Administration Application Development Zone PaaSword Execution Container Tenant Trusted Operational Zone PaaSword Policies for Security 1,2,3,4 PaaSword Scientific Challenges Searchable Encryption working with encrypted data based on defined policies – Combine Seachable Encryption with Access Control Policies Insecure APIs PaaSword08/09/2015 62
  • 63. PaaSword08/09/2015 63 Questions? Visit us: www.paasword.euAcknowledgements: This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644814.