A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
1. www.paasword.eu
A Data Privacy and Security by Design
Platform‐as‐a‐Service Framework
Dr. Panagiotis Gouvas - R&D Director - Ubitech Ltd
Dr. Yiannis Verginadis -Senior Researcher - ICCS
SecureCloud 2016 - May 24, 2016, Dublin
3. Motivation
The cloud paradigm has definitely prevailed
Most applications are delivered following the SaaS model
Many developers rely on PaaS offerings for scalability
Nearly all underlying resources (DBs, Queues etc) are outsourced
at the IaaS level
Attack vectors have increased
‘Raw data’ are the modern hacker’s holy grail
The responsibility for the protection of data has shifted to the
developer
PaaSword28/06/2016 3
6. Goals of PaaSword Framework
To create a security-by-design framework which will allow developers
to engineer secure applications
To leverage the security and trust of data that reside on outsourced
infrastructure
To facilitate context-aware access to encrypted and (even) physically
distributed datasets stored in outsourced infrastructure
To prove the applicability, usability, effectiveness and value of our
framework in real-life Cloud infrastructures, services and applications
PaaSword28/06/2016 6
11. What’s New
PaaSword28/06/2016 11
ID Name Surname City Day of Birth
1 Paul Anderson Athens 01.01.1979
2 Howard Miller Karlsruhe 02.02.1974
3 Henry Cooper Berlin 03.03.1980
4 Henry Jones Thessaloniki 04.04.1985
ID Encrypted Data
1 Enc(Paul,Anderson,Athens,01.01.1979)
2 Enc(Howard,Miller,Karlsruhe,02.02.1974)
3 Enc(Henry,Cooper,Berlin,03.03.1980)
4 Enc(Henry,Jones,Thessaloniki,04.04.1985)
Data
Keyword-Name IDs
Enc(Paul) Enc(1)
Enc(Howard) Enc(2)
Enc(Henry) Enc(3,4)
Index1
Keyword-Surname IDs
Enc(Anderson) Enc(1)
Enc(Miller) Enc(2)
Enc(Cooper) Enc(3)
Enc(Jones) Enc(4)
Index2
Original
Keyword Encryption
• AES (deterministic)
• Support for most query types
(excl. LIKE)
Index Distribution
• Index for same data type can be stored at different
servers
Distribution based on Privacy Constraints
• Minimize exposure of sensitive information by careful distribution
13. Overview Of Policies
13
Policy /Characteristic Where is the TED taking
place?
TED Key Generation TED Key Usage & Sharing
Policy
Modification of target
schema
SQL support
P1 In the PaaS container Generated once during
bootstrapping (in a Tenant
Trusted Zone) and stored
in-memory by the
application
It is recovered by the
memory on demand per
each query execution
No Modification Yes
P2 In the PaaS container One key is generated per
Tenant (in a Tenant
Trusted Zone) and a pair of
user_key container_key is
generated out of this
tenant_key
It is recomposed by the
combination of a user_key
and a container_key per
each query_execution
No Modification Yes
P3 Outside the container in a
Tenant Trusted Zone
Generated once in a
Tenant Trusted Zone
E/D Key is used only in the
Tenant Trusted Zone
No Modification No
P4 In the PaaS container Generated once during
bootstrapping (in a Tenant
Trusted Zone) and stored
in-memory by the
application
It is recovered by the
memory on demand per
each query execution
Modifications required No
P5 In the PaaS container One key is generated per
Tenant (in a Tenant
Trusted Zone) and a pair of
user_key container_key is
generated out of this
tenant_key
It is recomposed by the
combination of a user_key
and a container_key per
each query_execution
Modifications required No
15. Final Key Management Requirements
Avoid running a service at the Tenant (T) that provides the Tenant
Key (TK) to the Proxy (P). Tenant administrator is offline.
Avoid giving TK to the Cloud Application (A) or the User (U)
Ensure Access Control cannot be bypassed
One key per tenant
As simple as possible
Recoverability
PaaSword28/06/2016 15
17. Semantic Authorization
PaaSword will deliver an XACML 3.0 compliant Auth
Engine with the ability to
harmonize the attribute creation process through the usage
of the extensible Context Model
decouple the level of granularity of attributes that are used
to define policies with the attributes that characterize
‘subjects’, ‘objects’ and the ‘environment’
to provide design-time conflict resolution for provided
policies
PaaSword28/06/2016 24
19. Use Cases
PaaSword Framework will be evaluated on 5 different Use
Cases
Secure Sensors Analytics for IoT applications
Cloud-based Multi-tenant CRM software
Encrypted Persistency included in PaaS/SaaS Services
Multi-tenant ERP Environments
Platform for Cross-border Document Exchange
PaaSword28/06/2016 26
20. Challenges
Functional Transparency: Developer should not implement
security policies. S/he should only use them
Comprehensive annotation framework: Proper annotations
should be created for encryption/decryption and policy access
Flexible Policy Management: Context-driven policies for
accessing the stored information
Efficient Virtualization of RDBMS: realizing the appropriate query
synthesis and aposynthesis capabilities
Flexible Key Management: mechanisms making the key usage
transparent to the cloud-based applications and services
Extensibility: the framework should be extensible even during
runtime
PaaSword28/06/2016 27
22. Interested in… ?
Getting access to early results?
Shaping and expanding PaaSword?
Networking with leading companies & research
institutes?
Collaborating with us and the PaaSword Community?
Join the Cloud Security Industrial Focus Group!
Register at:
https://www.paasword.eu/register/
29PaaSword