The document introduces a privacy-preserving framework called PaaSword aimed at enabling secure application development in cloud environments, addressing the challenges posed by increased data breaches. It emphasizes the importance of integrating security-by-design principles and context-aware security models to enhance data protection without burdening developers. The presentation also outlines the need for transparent data protection tools offered by cloud platforms to simplify security configurations for both developers and end-users.

1. www.paasword.eu
No More Dark Clouds: A Privacy Preserving
Framework for the Cloud
Dr. Simone Braun
CAS Software AG
Networking Session at ICT 2015 Conference
October 20, 2015, Lisbon

2. Motivation
The Cloud paradigm has definitely prevailed
Most application are delivered following the SaaS model
Many developers rely on PaaS offerings for scalablity
Nearly all underlying resources (DBs, Queues etc) are
outsourced at the IaaS level
Attack vectors have increased
‘Raw data’ are the modern hacker’s holy grail
 The responsibility for the protection of data has shifted to
the developer
220/10/2015

3. Motivation
20/10/2015 3http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

4. Our Goals
To create a security-by-design framework which will allow
developers to engineer secure applications
To leverage the security and trust of data that reside on
outsourced infrastructure
To facilitate context-aware access to encrypted and (even)
physically distributed datasets stored in outsourced
infrastructure
To prove the applicability, usability, effectiveness and value
of our framework in real-life Cloud infrastructures, services
and applications
20/10/2015 4

5. Consortium
• Industrial Partner• Scientific Partner
20/10/2015 5

6. Agenda
Elevator Pitches:
1) Security-by-Design (Panagiotis Gouvas, UBITECH)
2) Context-aware Security Models (Yiannis Verginadis, ICCS)
3) The Need for Transparent Data Protection in the Cloud (Christian
Gehrmann, SICS)
Round Table Discussions
Summary
20/10/2015 7

7. SECURITY BY DESIGN
Dr. Panagiotis Gouvas
UBITECH LTD
20/10/2015 8

8. Database: the holy grail
20/10/2015 10

9. 20/10/2015 11
Traditional
Source Code
Annotations
Mapped to
queries
Specific type of
annotations
affect the way
the user input will be
Handled during query
execution
E (k,m)
k
D(k,C)

10. Security-by-Design may be
implemented in various ways
Design Decisions
The place where the TED is taking place.
The mechanism that generates the TED key.
The way the TED key is used
The modification of the target database schema
1220/10/2015

11. Policies that will be implemented
20/10/2015 13

12. CONTEXT-AWARE SECURITY MODELS
Dr. Yiannis Verginadis
Institute of Communications & Computer Systems (ICCS)
20/10/2015 14

13. What is Context?
“Any information that can be
used to characterize the situation
of an entity. An entity is a person,
place, or object that is considered
relevant to the interaction
between a user and an
application, including the user
and applications themselves”
(Abowd, et al., 1999; Dey, 2001)
20/10/2015 15

14. What is Context-Aware Security?
• “Context-aware security is the use of supplemental
information to improve security decisions at the time they are
made, resulting in more accurate security decisions capable of
supporting dynamic business and IT environments” (Gartner)
20/10/2015 16

15. PaaSword Context-Aware
Security Model
Security business model (SBM)
An ontologically-expressed framework for annotating web-endpoints
Set by the product manager
Separation of concerns between policy definition and enforcement
Conceptually divided into two parts
20/10/2015 17
Context Model (CM)
Gives rise to dynamic security
controls
Data Distribution and Encryption
Model (DDEM)
Gives rise to static security controls

16. 18
Overview
AF: Annotation-formation
DTF: Development-time facing component
RTF: Runtime facing component
SBM: Security business model
web-endpoint annotations

17. THE NEED FOR TRANSPARENT DATA
PROTECTION IN THE CLOUD
Christian Gehrmann, Swedish Institute of Computer Science
Matthias Gabel, Karlsruhe Institute of Technology
20/10/2015 19

18. Cloud data protection vision
One of the major obstacle for high data security in cloud
applications are transparent (from end-user and developers
points of view) data protection solutions
Cloud platforms should provide efficient tools for developers to
protect data without the need of making detailed security
configurations or key management solution themselves, i.e. it should
offered by the cloud platform!
End-user applications should be able to fast and efficient retrieve
protected, i.e. encrypted and integrity protected, cloud stored data
without compromising security
20/10/2015 20

19. Technology maturity
Schemes for protected cloud storage that also allow quick data
look-up have been subject for research and development for a long
time. However, the schemes needs to be adapted to real cloud
platforms and development environments.
Efficient and secure principles for platform assisted (for
developers) cloud data protection is a fairly new area of research
with huge potential!
20/10/2015 21

20. Searchable data protection
high level view
20/10/2015 22
Client Cloud DB
Proxy Cloud DBClient
Common (insecure) scenario Desired (secure) scenario in PaaSword

21. Paasword protection logic
20/10/2015 23

22. Discuss with us
Do you consider context-aware security valuable for the
Cloud?
What is the most critical aspect of context that should be
considered during the access control decision making?
Which is more important security or performance in the
Cloud?
Which context model serialization format do you think is the
most appropriate?
20/10/2015 24

23. Interested in… ?
Getting access to early results?
Shaping and expanding PaaSword?
Networking with leading companies & research
institutes?
Collaborating with us and the PaaSword Community?
Join the Cloud Security Industrial Focus Group!
Contact:
Christos Georgousopoulos (Christos.Georgousopoulos@intrasoft-intl.com) or any
other PaaSword member
20/10/2015 25

24. 20/10/2015 26
Questions?
Visit us:
www.paasword.euAcknowledgements:
This project has received funding from the
European Union’s Horizon 2020 research and
innovation programme under grant
agreement No 644814.