SlideShare a Scribd company logo
PaaSword: A Holistic Data Privacy and Security
by Design Framework for Cloud Services
Yiannis Verginadis, Antonis Michalas, Panagiotis Gouvas,
Gunther Schiefer, Gerald Hubsch, Iraklis Paraskakis
CLOSER 2015, Lisbon, May 21, 2015
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
 Introduction
 Data Security Challenges in the Cloud
 PaaSword Framework
 Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Introduction
 The adoption of cloud computing has moved from focused interest to
widely spread intensive experimentation and is now rapidly
approaching a phase of near ubiquitous use
 Many users have started relying on cloud services without realizing it
 Many companies have remained cautious due to security concerns
 Applications and storage volumes often reside next to potentially hostile
virtual environments, leaving sensitive information at risk to theft,
unauthorized exposure or malicious manipulation
 Governmental regulation presents an additional concern of significant
legal and financial consequences if data confidentiality is breached
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Related Work
 Commonly used access control models (Ferrari 2010) are:
 Mandatory Access Control (MAC)
 Discretionary Access Control (DAC)
 Role-Based Access Control (RBAC)
 Extending these models:
 location-aware access control (LAAC) - there is a clear lack of
supporting additional pertinent contextual information (Cleeff et
al.,2010)
 context-aware access control (CAAC) – with shortcomings like:
 lack of support for dynamically generated context (Covington et al., 2001)
 lack of fine-grained data access control (Kayes et al., 2013)
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Related Work (contd.)
 Regarding the policy management there is lack of proper separation
of concerns (Kourtesis and Paraskakis, 2012)
 The policy definition and policy enforcement are entangled in the
implementation of a single software component, leading to the lack of
 portability
 explicit representation of policy relationships
 Regarding the data distribution and encryption algorithms
 Gentry (2009), introduced the first fully homomorphic encryption
scheme that enables semantically secure outsourcing to the cloud
 but presents severe performance issues
 In CryptDB (Popa et al., 2011), the concept of onions was used
 with the main drawback the lack of security guarantees to the client
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
 Introduction
 Data Security Challenges in the Cloud
 PaaSword Framework
 Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Security Challenges in the Cloud
 Top four threats identified (CSA, 2013) are:
 data leakage
 data loss
 account hijacking
 insecure APIs
 The most critical part of a modern cloud application is the data
persistency layer and the database itself
 The OWASP foundation has categorized the database-related
attacks as the most critical ones
 SQL injections represents 17% of all security breaches examined
 These attacks were responsible for 83% of the total records stolen,
from 2005 to 2011
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Security Challenges in the Cloud (contd.)
 Most of the security fences that are configured in a corporate
environment target the fortification of the so-called network
perimeter
 e.g. routers, hosts and virtual machines
 IDS and IPS try to cope with database-takeover security aspects,
but the risk of database compromise is greater than ever, as:
 automated exploitation tools (e.g. SQLMap) are widely spread
 IPS and IDS evasion techniques have become extremely sophisticated
 Internal adversaries or even unknown vulnerabilities of software
platforms widely adopted in the cloud may provide malicious access
to sensitive data
 e.g. Heartbleed flaw - constituted a serious fault in the OpenSSL
cryptography library, which remained unnoticed for more than two years
and affected over 60% of Web servers worldwide
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Security Challenges in the Cloud (contd.)
 Regarding the post-exploitation phase things are even worse in the
case where a symmetric encryption algorithm has been employed
 cracking toolkits that utilize GPU processing power (e.g. oclHashcat) are able to
crack ciphers using brute-force techniques with an attack rate of 162 billion
attempts per second
 The application developer is the one responsible for both
 sanitizing all HTTP-input parameters
 reassuring that compromised data will be useless
 Nevertheless, the mere utilization of an IaaS or PaaS provider, may
by itself spawn a multitude of inherent vulnerabilities
 that cannot be tackled effectively as they typically exceed the
responsibilities of an application developer
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
 Introduction
 Data Security Challenges in the Cloud
 PaaSword Framework
 Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Threat Model
 We assume a semi-honest adversarial model for the cloud provider
(Paladi et al., 2014; Santos et al., 2009)
 a malicious cloud provider correctly follows the protocol specification
but can intercept all messages and may attempt to use them in order to
learn information that otherwise should remain private.
 For the rest of the participants we consider the threat model (Santos
et al., 2009) that assumes that privileged access rights can be used
by a remote adversary, ADV, to leak confidential information
 e.g. a corrupted system administrator, can obtain remote access to any
host maintained by the provider.
 the adversary cannot access the volatile memory of any guest virtual
machine (VM) residing on the compute hosts of the provider
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Context-aware Access Model
 We envision a XACML-based context-aware access model,
 which is needed by the developers in order to annotate the Data
Access Objects of their applications
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Facets of the Context-Aware Access Model
Facets
IP
Address
(Local)
Time
Location Device
Type
Data
Connection
Type
etc…
Patterns
Frequency Usual
Duration
Usual
Dates
Usual
Hours
Previously
Accessed
Data
Sensitive / Non Sensitive Data
Role
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Policies Access and Enforcement
 A middleware that will provide:
 a transparent key usage for efficient authentication purposes,
 annotation capabilities in the form of a tool (IDE plugin) for allowing
developers to declaratively create the minimum amount of rule-set that
is needed for security enforcement purposes
 dynamically interpret the DAO annotations into policy enforcement
rules
 the governance and quality control of the annotations and their
respective policy rules
 the formulation and implementation of the overall policy enforcement
business logic
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
 Devise an appropriate
vocabulary of concepts and
decide how they are
interrelated
 Populate the framework with
appropriate instances to give
rise to DAOs
 Formalise these concepts and
their interrelations – gives rise
to the ontology framework
Ontology for Access Policies
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
High level view of XACML Components
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Secure Storage
 We propose a design for a cryptographic cloud storage that will be
based on a symmetric searchable encryption (SSE) scheme similar
to (Kamara and Lauter, 2010)
 We plan to extend the previous work Cumulus4j (Huber et al., 2013)
and MimoSecco (Gabel and Hubsch, 2014)) that hides relations
between different data values of a data row and creates the base for
secure database outsourcing
 We plan to build an SSE that will support multi write/multi read
(M/M)
 by involving a key distribution algorithm that will extend S/S architecture
to M/M.
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Conceptual Architecture
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
 Introduction
 Data Security Challenges in the Cloud
 PaaSword Framework
 Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Conclusions & Next Steps
 Future work involves the implementation of the proposed framework
 This solution will be validated through 5 pilots:
 Encrypted persistency as a service in a PaaS provider
 Intergovernmental secure document and personal data exchange
 Secure sensors data fusion and analytics
 Protection of personal data in a multi-tenant CRM
 Protection of sensible enterprise information in multi-tenant ERP
Thank you for listening!
Acknowledgements:
This work is related to the PaaSword project and
has received funding from the European Union’s
Horizon 2020 research and innovation
programme under grant agreement No 644814

More Related Content

What's hot

Marketing et big data
Marketing et big dataMarketing et big data
Marketing et big data
Zahira Benabdallah
 
Big data unit i
Big data unit iBig data unit i
Big data unit i
Navjot Kaur
 
Lecture1 introduction to big data
Lecture1 introduction to big dataLecture1 introduction to big data
Lecture1 introduction to big data
hktripathy
 
Cloud computing and Cloudsim
Cloud computing and CloudsimCloud computing and Cloudsim
Cloud computing and Cloudsim
Manash Kumar Mondal
 
Presentation on Big Data
Presentation on Big DataPresentation on Big Data
Presentation on Big Data
Maruf Abdullah (Rion)
 
Introduction to Big Data Analytics and Data Science
Introduction to Big Data Analytics and Data ScienceIntroduction to Big Data Analytics and Data Science
Introduction to Big Data Analytics and Data Science
Data Science Thailand
 
Big data lecture notes
Big data lecture notesBig data lecture notes
Big data lecture notes
Mohit Saini
 
Data Mining: Application and trends in data mining
Data Mining: Application and trends in data miningData Mining: Application and trends in data mining
Data Mining: Application and trends in data mining
DataminingTools Inc
 
Introduction To Data Mining
Introduction To Data Mining   Introduction To Data Mining
Introduction To Data Mining
Phi Jack
 
Data Mining Technique - SEMMA
Data Mining Technique - SEMMAData Mining Technique - SEMMA
Data Mining Technique - SEMMA
Ashish Chandra Jha
 
Data warehousing and data mart
Data warehousing and data martData warehousing and data mart
Data warehousing and data mart
Amit Sarkar
 
Introducation to metadata
Introducation to metadataIntroducation to metadata
Introducation to metadata
Metaschool Project
 
A Brief History of Big Data
A Brief History of Big DataA Brief History of Big Data
A Brief History of Big Data
Bernard Marr
 
Fraud and Risk in Big Data
Fraud and Risk in Big DataFraud and Risk in Big Data
Fraud and Risk in Big Data
Umma Khatuna Jannat
 
Big Data Characteristics And Process PowerPoint Presentation Slides
Big Data Characteristics And Process PowerPoint Presentation SlidesBig Data Characteristics And Process PowerPoint Presentation Slides
Big Data Characteristics And Process PowerPoint Presentation Slides
SlideTeam
 
Data mining-primitives-languages-and-system-architectures2641
Data mining-primitives-languages-and-system-architectures2641Data mining-primitives-languages-and-system-architectures2641
Data mining-primitives-languages-and-system-architectures2641
Aiswaryadevi Jaganmohan
 
Data mining and its applications!
Data mining and its applications!Data mining and its applications!
Data mining and its applications!
COSTARCH Analytical Consulting (P) Ltd.
 
Data minig with Big data analysis
Data minig with Big data analysisData minig with Big data analysis
Data minig with Big data analysis
Poonam Kshirsagar
 
Distributed database management system
Distributed database management  systemDistributed database management  system
Distributed database management system
Pooja Dixit
 
Big Data Applications | Big Data Analytics Use-Cases | Big Data Tutorial for ...
Big Data Applications | Big Data Analytics Use-Cases | Big Data Tutorial for ...Big Data Applications | Big Data Analytics Use-Cases | Big Data Tutorial for ...
Big Data Applications | Big Data Analytics Use-Cases | Big Data Tutorial for ...
Edureka!
 

What's hot (20)

Marketing et big data
Marketing et big dataMarketing et big data
Marketing et big data
 
Big data unit i
Big data unit iBig data unit i
Big data unit i
 
Lecture1 introduction to big data
Lecture1 introduction to big dataLecture1 introduction to big data
Lecture1 introduction to big data
 
Cloud computing and Cloudsim
Cloud computing and CloudsimCloud computing and Cloudsim
Cloud computing and Cloudsim
 
Presentation on Big Data
Presentation on Big DataPresentation on Big Data
Presentation on Big Data
 
Introduction to Big Data Analytics and Data Science
Introduction to Big Data Analytics and Data ScienceIntroduction to Big Data Analytics and Data Science
Introduction to Big Data Analytics and Data Science
 
Big data lecture notes
Big data lecture notesBig data lecture notes
Big data lecture notes
 
Data Mining: Application and trends in data mining
Data Mining: Application and trends in data miningData Mining: Application and trends in data mining
Data Mining: Application and trends in data mining
 
Introduction To Data Mining
Introduction To Data Mining   Introduction To Data Mining
Introduction To Data Mining
 
Data Mining Technique - SEMMA
Data Mining Technique - SEMMAData Mining Technique - SEMMA
Data Mining Technique - SEMMA
 
Data warehousing and data mart
Data warehousing and data martData warehousing and data mart
Data warehousing and data mart
 
Introducation to metadata
Introducation to metadataIntroducation to metadata
Introducation to metadata
 
A Brief History of Big Data
A Brief History of Big DataA Brief History of Big Data
A Brief History of Big Data
 
Fraud and Risk in Big Data
Fraud and Risk in Big DataFraud and Risk in Big Data
Fraud and Risk in Big Data
 
Big Data Characteristics And Process PowerPoint Presentation Slides
Big Data Characteristics And Process PowerPoint Presentation SlidesBig Data Characteristics And Process PowerPoint Presentation Slides
Big Data Characteristics And Process PowerPoint Presentation Slides
 
Data mining-primitives-languages-and-system-architectures2641
Data mining-primitives-languages-and-system-architectures2641Data mining-primitives-languages-and-system-architectures2641
Data mining-primitives-languages-and-system-architectures2641
 
Data mining and its applications!
Data mining and its applications!Data mining and its applications!
Data mining and its applications!
 
Data minig with Big data analysis
Data minig with Big data analysisData minig with Big data analysis
Data minig with Big data analysis
 
Distributed database management system
Distributed database management  systemDistributed database management  system
Distributed database management system
 
Big Data Applications | Big Data Analytics Use-Cases | Big Data Tutorial for ...
Big Data Applications | Big Data Analytics Use-Cases | Big Data Tutorial for ...Big Data Applications | Big Data Analytics Use-Cases | Big Data Tutorial for ...
Big Data Applications | Big Data Analytics Use-Cases | Big Data Tutorial for ...
 

Viewers also liked

Encrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted CloudEncrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted Cloud
n|u - The Open Security Community
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
IEEEFINALSEMSTUDENTPROJECTS
 
Synopsis_kamlesh
Synopsis_kamleshSynopsis_kamlesh
Synopsis_kamlesh
KAMLESH HINGWE
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Pushpa
 
Searching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSearching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done Right
Skyhigh Networks
 
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...
Beat Signer
 
DePauwThesis
DePauwThesisDePauwThesis
DePauwThesis
Whitney Grandi
 
Social Media & Metrics (Digital Marketing Today)
Social Media & Metrics (Digital Marketing Today)Social Media & Metrics (Digital Marketing Today)
Social Media & Metrics (Digital Marketing Today)
Julian Gamboa
 
Método Alemão
Método AlemãoMétodo Alemão
Método Alemão
taina2105
 
Revathy pp da 1
Revathy pp da 1Revathy pp da 1
Revathy pp da 1
revasurev
 
PaaSword - Context-aware Access Control
PaaSword - Context-aware Access ControlPaaSword - Context-aware Access Control
PaaSword - Context-aware Access Control
PaaSword EU Project
 
4 fequipo03
4 fequipo034 fequipo03
4 fequipo03
daphne romero
 
Kapanowski Final_FUNDAMENTALS
Kapanowski Final_FUNDAMENTALSKapanowski Final_FUNDAMENTALS
Kapanowski Final_FUNDAMENTALS
Gary Kapanowski
 
Acucut Presentation.rev1
Acucut Presentation.rev1Acucut Presentation.rev1
Acucut Presentation.rev1
Ajit Shah
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
PaaSword EU Project
 
HELLEN WANGUI GATHOGO-cv 2015 CONFIDENTIAL
HELLEN WANGUI GATHOGO-cv 2015 CONFIDENTIALHELLEN WANGUI GATHOGO-cv 2015 CONFIDENTIAL
HELLEN WANGUI GATHOGO-cv 2015 CONFIDENTIAL
Hellen Gathogo
 
Kapanowski FINAL_Lean Assessment
Kapanowski FINAL_Lean AssessmentKapanowski FINAL_Lean Assessment
Kapanowski FINAL_Lean Assessment
Gary Kapanowski
 
Inclusionary Zoning_McCarthy
Inclusionary Zoning_McCarthyInclusionary Zoning_McCarthy
Inclusionary Zoning_McCarthy
Lev McCarthy
 

Viewers also liked (20)

Encrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted CloudEncrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted Cloud
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
 
Synopsis_kamlesh
Synopsis_kamleshSynopsis_kamlesh
Synopsis_kamlesh
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
 
Searching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSearching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done Right
 
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...
Query Processing and Optimisation - Lecture 10 - Introduction to Databases (1...
 
DePauwThesis
DePauwThesisDePauwThesis
DePauwThesis
 
Social Media & Metrics (Digital Marketing Today)
Social Media & Metrics (Digital Marketing Today)Social Media & Metrics (Digital Marketing Today)
Social Media & Metrics (Digital Marketing Today)
 
Portfolio
PortfolioPortfolio
Portfolio
 
Método Alemão
Método AlemãoMétodo Alemão
Método Alemão
 
Revathy pp da 1
Revathy pp da 1Revathy pp da 1
Revathy pp da 1
 
sujata
sujatasujata
sujata
 
PaaSword - Context-aware Access Control
PaaSword - Context-aware Access ControlPaaSword - Context-aware Access Control
PaaSword - Context-aware Access Control
 
4 fequipo03
4 fequipo034 fequipo03
4 fequipo03
 
Kapanowski Final_FUNDAMENTALS
Kapanowski Final_FUNDAMENTALSKapanowski Final_FUNDAMENTALS
Kapanowski Final_FUNDAMENTALS
 
Acucut Presentation.rev1
Acucut Presentation.rev1Acucut Presentation.rev1
Acucut Presentation.rev1
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
 
HELLEN WANGUI GATHOGO-cv 2015 CONFIDENTIAL
HELLEN WANGUI GATHOGO-cv 2015 CONFIDENTIALHELLEN WANGUI GATHOGO-cv 2015 CONFIDENTIAL
HELLEN WANGUI GATHOGO-cv 2015 CONFIDENTIAL
 
Kapanowski FINAL_Lean Assessment
Kapanowski FINAL_Lean AssessmentKapanowski FINAL_Lean Assessment
Kapanowski FINAL_Lean Assessment
 
Inclusionary Zoning_McCarthy
Inclusionary Zoning_McCarthyInclusionary Zoning_McCarthy
Inclusionary Zoning_McCarthy
 

Similar to PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
Yiannis Verginadis
 
Project 3
Project 3Project 3
Project 3
Priyanka Goswami
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
SubmissionResearchpa
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docx
SALU18
 
B018211016
B018211016B018211016
B018211016
IOSR Journals
 
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Zac Darcy
 
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
Zac Darcy
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
IAEME Publication
 
Secure modelling schema of distributed information
Secure modelling schema of distributed informationSecure modelling schema of distributed information
Secure modelling schema of distributed information
iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
iaemedu
 
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
IRJET Journal
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the Cloud
PaaSword EU Project
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
Stelios Krasadakis
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
IJNSA Journal
 

Similar to PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services (20)

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
 
Project 3
Project 3Project 3
Project 3
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docx
 
B018211016
B018211016B018211016
B018211016
 
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
 
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
 
Secure modelling schema of distributed information
Secure modelling schema of distributed informationSecure modelling schema of distributed information
Secure modelling schema of distributed information
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the Cloud
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
 

More from PaaSword EU Project

PaaSword - Distributed Searchable Encryption Engine
PaaSword - Distributed Searchable Encryption EnginePaaSword - Distributed Searchable Encryption Engine
PaaSword - Distributed Searchable Encryption Engine
PaaSword EU Project
 
PaaSword - No More Dark Clouds with PaaSword
PaaSword - No More Dark Clouds with PaaSwordPaaSword - No More Dark Clouds with PaaSword
PaaSword - No More Dark Clouds with PaaSword
PaaSword EU Project
 
PaaSword - Technology Baseline
PaaSword - Technology BaselinePaaSword - Technology Baseline
PaaSword - Technology Baseline
PaaSword EU Project
 
PaaSword-Business Cases
PaaSword-Business CasesPaaSword-Business Cases
PaaSword-Business Cases
PaaSword EU Project
 
Daten unter Kontrolle
Daten unter KontrolleDaten unter Kontrolle
Daten unter Kontrolle
PaaSword EU Project
 
PaaSword Presentation - Project Overview
PaaSword Presentation - Project OverviewPaaSword Presentation - Project Overview
PaaSword Presentation - Project Overview
PaaSword EU Project
 
No More Dark Clouds With PaaSword - An Innovative Security By Design Framework
No More Dark Clouds With PaaSword - An Innovative Security By Design FrameworkNo More Dark Clouds With PaaSword - An Innovative Security By Design Framework
No More Dark Clouds With PaaSword - An Innovative Security By Design Framework
PaaSword EU Project
 
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service FrameworkA Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
PaaSword EU Project
 
Towards Trusted eHealth Services in the Cloud
Towards Trusted eHealth Services in the CloudTowards Trusted eHealth Services in the Cloud
Towards Trusted eHealth Services in the Cloud
PaaSword EU Project
 
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
PaaSword EU Project
 
PaaSword's main idea, technical architecture and scientific challenges
PaaSword's main idea, technical architecture and scientific challenges PaaSword's main idea, technical architecture and scientific challenges
PaaSword's main idea, technical architecture and scientific challenges
PaaSword EU Project
 

More from PaaSword EU Project (11)

PaaSword - Distributed Searchable Encryption Engine
PaaSword - Distributed Searchable Encryption EnginePaaSword - Distributed Searchable Encryption Engine
PaaSword - Distributed Searchable Encryption Engine
 
PaaSword - No More Dark Clouds with PaaSword
PaaSword - No More Dark Clouds with PaaSwordPaaSword - No More Dark Clouds with PaaSword
PaaSword - No More Dark Clouds with PaaSword
 
PaaSword - Technology Baseline
PaaSword - Technology BaselinePaaSword - Technology Baseline
PaaSword - Technology Baseline
 
PaaSword-Business Cases
PaaSword-Business CasesPaaSword-Business Cases
PaaSword-Business Cases
 
Daten unter Kontrolle
Daten unter KontrolleDaten unter Kontrolle
Daten unter Kontrolle
 
PaaSword Presentation - Project Overview
PaaSword Presentation - Project OverviewPaaSword Presentation - Project Overview
PaaSword Presentation - Project Overview
 
No More Dark Clouds With PaaSword - An Innovative Security By Design Framework
No More Dark Clouds With PaaSword - An Innovative Security By Design FrameworkNo More Dark Clouds With PaaSword - An Innovative Security By Design Framework
No More Dark Clouds With PaaSword - An Innovative Security By Design Framework
 
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service FrameworkA Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
 
Towards Trusted eHealth Services in the Cloud
Towards Trusted eHealth Services in the CloudTowards Trusted eHealth Services in the Cloud
Towards Trusted eHealth Services in the Cloud
 
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
 
PaaSword's main idea, technical architecture and scientific challenges
PaaSword's main idea, technical architecture and scientific challenges PaaSword's main idea, technical architecture and scientific challenges
PaaSword's main idea, technical architecture and scientific challenges
 

Recently uploaded

Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Ukraine
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
HarpalGohil4
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 

Recently uploaded (20)

Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

  • 1. PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services Yiannis Verginadis, Antonis Michalas, Panagiotis Gouvas, Gunther Schiefer, Gerald Hubsch, Iraklis Paraskakis CLOSER 2015, Lisbon, May 21, 2015
  • 2. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 3. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Introduction  The adoption of cloud computing has moved from focused interest to widely spread intensive experimentation and is now rapidly approaching a phase of near ubiquitous use  Many users have started relying on cloud services without realizing it  Many companies have remained cautious due to security concerns  Applications and storage volumes often reside next to potentially hostile virtual environments, leaving sensitive information at risk to theft, unauthorized exposure or malicious manipulation  Governmental regulation presents an additional concern of significant legal and financial consequences if data confidentiality is breached
  • 4. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Related Work  Commonly used access control models (Ferrari 2010) are:  Mandatory Access Control (MAC)  Discretionary Access Control (DAC)  Role-Based Access Control (RBAC)  Extending these models:  location-aware access control (LAAC) - there is a clear lack of supporting additional pertinent contextual information (Cleeff et al.,2010)  context-aware access control (CAAC) – with shortcomings like:  lack of support for dynamically generated context (Covington et al., 2001)  lack of fine-grained data access control (Kayes et al., 2013)
  • 5. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Related Work (contd.)  Regarding the policy management there is lack of proper separation of concerns (Kourtesis and Paraskakis, 2012)  The policy definition and policy enforcement are entangled in the implementation of a single software component, leading to the lack of  portability  explicit representation of policy relationships  Regarding the data distribution and encryption algorithms  Gentry (2009), introduced the first fully homomorphic encryption scheme that enables semantically secure outsourcing to the cloud  but presents severe performance issues  In CryptDB (Popa et al., 2011), the concept of onions was used  with the main drawback the lack of security guarantees to the client
  • 6. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 7. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud  Top four threats identified (CSA, 2013) are:  data leakage  data loss  account hijacking  insecure APIs  The most critical part of a modern cloud application is the data persistency layer and the database itself  The OWASP foundation has categorized the database-related attacks as the most critical ones  SQL injections represents 17% of all security breaches examined  These attacks were responsible for 83% of the total records stolen, from 2005 to 2011
  • 8. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud (contd.)  Most of the security fences that are configured in a corporate environment target the fortification of the so-called network perimeter  e.g. routers, hosts and virtual machines  IDS and IPS try to cope with database-takeover security aspects, but the risk of database compromise is greater than ever, as:  automated exploitation tools (e.g. SQLMap) are widely spread  IPS and IDS evasion techniques have become extremely sophisticated  Internal adversaries or even unknown vulnerabilities of software platforms widely adopted in the cloud may provide malicious access to sensitive data  e.g. Heartbleed flaw - constituted a serious fault in the OpenSSL cryptography library, which remained unnoticed for more than two years and affected over 60% of Web servers worldwide
  • 9. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud (contd.)  Regarding the post-exploitation phase things are even worse in the case where a symmetric encryption algorithm has been employed  cracking toolkits that utilize GPU processing power (e.g. oclHashcat) are able to crack ciphers using brute-force techniques with an attack rate of 162 billion attempts per second  The application developer is the one responsible for both  sanitizing all HTTP-input parameters  reassuring that compromised data will be useless  Nevertheless, the mere utilization of an IaaS or PaaS provider, may by itself spawn a multitude of inherent vulnerabilities  that cannot be tackled effectively as they typically exceed the responsibilities of an application developer
  • 10. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 11. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Threat Model  We assume a semi-honest adversarial model for the cloud provider (Paladi et al., 2014; Santos et al., 2009)  a malicious cloud provider correctly follows the protocol specification but can intercept all messages and may attempt to use them in order to learn information that otherwise should remain private.  For the rest of the participants we consider the threat model (Santos et al., 2009) that assumes that privileged access rights can be used by a remote adversary, ADV, to leak confidential information  e.g. a corrupted system administrator, can obtain remote access to any host maintained by the provider.  the adversary cannot access the volatile memory of any guest virtual machine (VM) residing on the compute hosts of the provider
  • 12. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Context-aware Access Model  We envision a XACML-based context-aware access model,  which is needed by the developers in order to annotate the Data Access Objects of their applications
  • 13. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Facets of the Context-Aware Access Model Facets IP Address (Local) Time Location Device Type Data Connection Type etc… Patterns Frequency Usual Duration Usual Dates Usual Hours Previously Accessed Data Sensitive / Non Sensitive Data Role
  • 14. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Policies Access and Enforcement  A middleware that will provide:  a transparent key usage for efficient authentication purposes,  annotation capabilities in the form of a tool (IDE plugin) for allowing developers to declaratively create the minimum amount of rule-set that is needed for security enforcement purposes  dynamically interpret the DAO annotations into policy enforcement rules  the governance and quality control of the annotations and their respective policy rules  the formulation and implementation of the overall policy enforcement business logic
  • 15. Information Management Unit / ICCS of NTUA www.imu.iccs.gr  Devise an appropriate vocabulary of concepts and decide how they are interrelated  Populate the framework with appropriate instances to give rise to DAOs  Formalise these concepts and their interrelations – gives rise to the ontology framework Ontology for Access Policies
  • 16. Information Management Unit / ICCS of NTUA www.imu.iccs.gr High level view of XACML Components
  • 17. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Secure Storage  We propose a design for a cryptographic cloud storage that will be based on a symmetric searchable encryption (SSE) scheme similar to (Kamara and Lauter, 2010)  We plan to extend the previous work Cumulus4j (Huber et al., 2013) and MimoSecco (Gabel and Hubsch, 2014)) that hides relations between different data values of a data row and creates the base for secure database outsourcing  We plan to build an SSE that will support multi write/multi read (M/M)  by involving a key distribution algorithm that will extend S/S architecture to M/M.
  • 18. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Conceptual Architecture
  • 19. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 20. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Conclusions & Next Steps  Future work involves the implementation of the proposed framework  This solution will be validated through 5 pilots:  Encrypted persistency as a service in a PaaS provider  Intergovernmental secure document and personal data exchange  Secure sensors data fusion and analytics  Protection of personal data in a multi-tenant CRM  Protection of sensible enterprise information in multi-tenant ERP
  • 21. Thank you for listening! Acknowledgements: This work is related to the PaaSword project and has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644814