Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

PaaSword - No More Dark Clouds with PaaSword


Published on

Presentations of the 1st PaaSword CS-IFG Workshop that took place on 10th of November 2016 in Athens, Greece

Published in: Software
  • Be the first to comment

  • Be the first to like this

PaaSword - No More Dark Clouds with PaaSword

  1. 1. No More Dark Clouds with PaaSword Dr. Simone Braun CAS Software AG PaaSword CS-IFG Workshop Nov 10, 2016, Athens, Greece
  2. 2. PaaSword: An Innovative Cloud Security-by-Design Framework Address security and data privacy concerns in a holistic way: Safeguard personal & business data in the cloud Protect the data persistency layer and the database itself Support cloud application developers Thus, Bolster trust of individuals & corporate customers Accelerate adoption of cloud computing technologies Accelerate a paradigm shift in European industry towards security and privacy PaaSword10/11/2016 2
  3. 3. Cloud Paradigm Shift Cloud paradigm has definitely prevailed in mass market However, many companies are still cautious using Cloud services due to security concerns Applications and storage volumes often reside next to potentially hostile virtual environments Significant legal and financial consequences if data confidentiality is breached 310/11/2016 PaaSword
  4. 4. Cloud Adoption Chasm Curve Crossing the chasm for Cloud adoption is still relevant for enterprises despite its compelling benefits <20% enterprise applications run on the Cloud [1] 41% report security concerns as significant challenge [1] PaaSword10/11/2016 4 Mass market Cloud Services [1] RightScale, “State of the cloud report,” RightScale, 2015.
  5. 5. Security Challenges in the Cloud Top threats identified (CSA, 2016) are: Data Breaches Weak Access Management Insecure APIs Account Hijacking ‘Raw data’ are the modern hacker’s holy grail  The responsibility for the protection of data has shifted to the developer 510/11/2016 PaaSword
  6. 6. How shall we lower the barriers? Security concerns Protect confidential information Control access Trust cloud provider Secure Cloud Applications Data privacy Secure storage Encryption Trustable Key Management Control Access to data PaaSword 10/11/2016 6 PaaSword
  7. 7. PaaSword Features Create a security-by-design framework which will allow developers to engineer secure applications Leverage the security and trust of data that reside on outsourced infrastructure Facilitate context-aware access to encrypted and (even) physically distributed datasets stored in the cloud Prove applicability, usability, effectiveness and value of our framework in real-life Cloud infrastructures, services and applications 10/11/2016 8 PaaS Provider PaaSword API DB with Indexers on encrypted data Queries using Searchable Trusted IaaS Provider Adversary User Developer Publishes Application Encryption Scheme using PaaSword API encrypted data PaaSword
  8. 8. A Holistic Data Privacy and Security-by-Design Framework Higher privacy with distributed searchable encryption at DB layer Increased user control and less dependency on cloud provider with tenant-controlled Key Management Appropriate access control with context-awareness and flexible Policy Management Easier development of secure cloud applications for non- security experts with comprehensive Annotation Framework  Making cloud solutions more attractive and ready for the EU General Data Protection Regulation 10/11/2016 9
  9. 9. Consortium • Industrial Partner • Scientific Partner 10/11/2016 10PaaSword
  10. 10. 10/11/2016 11 Questions? Visit us: www.paasword.euAcknowledgements: This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644814. PaaSword