2. Outline
PaaSword in a Nutshell
Involved Actors & Threat Landscape
High Level Architecture
Distributed Searchable Encryption Engine
Semantic Authorization Engine
PaaSword18/11/2016 2
3. PaaSword in a Nutshell
Security and Privacy by-design Framework?
It is a framework that if it is adopted it provides increased security and privacy
guarantees
Adopted by whom?
Application Developers (it offers client libraries that have to be used by devs)
DevOps users (it offers management interface for the two offered
mechanisms)
What kind of security guarantees ?
PaaSword18/11/2016 3
4. Involved Actors & Threat Landscape
PaaSword18/11/2016 4
Data can be circumvented/stolen
Internal or external adversary
Execution environment
may be subjected to privilege
escalation
Authorization scheme
may be static or
even hardcoded
5. Framework Security Guarantees
Framework Guarantees
Mitigation of cyber threats that derive by malicious administrators that
administer ‘trusted’ Infrastructural resources
Minimization of breaking a privacy scheme through statistical attacks that rely
on pattern identification
Efficient security Policy enforcement through the decoupling of Policy
Definition and Policy Evaluation
PaaSword18/11/2016 5
6. How?
Two distinct mechanisms
1 – Distributed Searchable Encryption Engine
An engine that allows the transformation of any relational schema to a
fragmentation scheme that respects user-defined privacy constraints
The new schema is functionally equivalent with the original; yet it relies on
multiple IaaS providers
2 – Semantic Policy Authorization Engine
An engine that allows the decoupling of policy enforcement and policy definition
Decoupling is meaningful both during development and execution
PaaSword18/11/2016 6
8. Mechanism 1 - Distributed
Searchable Encryption Engine
Why plain Transparent Encryption Decryption is not enough ?
You loose a lot of SQL expressivity
Vulnerable to statistical attacks
PaaSword18/11/2016 8
PaaSword Annotations PaaSword Controller
9. What are Annotations?
Annotations are a form of metadata that provide data about a
program that is not part of the program itself
They can be used using three different strategies
Source Generation Strategy
Bytecode Transformation Strategy
Runtime Reflection Strategy
PaaSword uses annotations to
Define Entity Model which will be protected using advanced fragmentation
techniques
PaaSword18/11/2016 9
14. Overview Of Policies
14
Policy /Characteristic Where is the TED taking
place?
TED Key Generation TED Key Usage & Sharing
Policy
Modification of target
schema
SQL support
P1 In the PaaS container Generated once during
bootstrapping (in a Tenant
Trusted Zone) and stored
in-memory by the
application
It is recovered by the
memory on demand per
each query execution
No Modification Yes
P2 In the PaaS container One key is generated per
Tenant (in a Tenant
Trusted Zone) and a pair of
user_key container_key is
generated out of this
tenant_key
It is recomposed by the
combination of a user_key
and a container_key per
each query_execution
No Modification Yes
P3 Outside the container in a
Tenant Trusted Zone
Generated once in a
Tenant Trusted Zone
E/D Key is used only in the
Tenant Trusted Zone
No Modification No
P4 In the PaaS container Generated once during
bootstrapping (in a Tenant
Trusted Zone) and stored
in-memory by the
application
It is recovered by the
memory on demand per
each query execution
Modifications required No
P5 In the PaaS container One key is generated per
Tenant (in a Tenant
Trusted Zone) and a pair of
user_key container_key is
generated out of this
tenant_key
It is recomposed by the
combination of a user_key
and a container_key per
each query_execution
Modifications required No
16. Mechanism 2 – Semantic Policy
Authorization Engine
Why not an existing authorization engine?
Based on authorization metamodel
MAC, DAC, RBAC, ABAC
ABAC is considered dominant (from NIST)
Which Standard? and which Implementation of the Standard?
De-facto ABAC standard is XA-CML
Limitations of reference Implementation
Balana Engine (pure syntactic execution of rules)
PaaSword18/11/2016 16