SlideShare a Scribd company logo

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

Download as PPT, PDF
Yiannis Verginadis
Yiannis Verginadis

This is a paper presentation held at the 5th International Conference on Cloud Computing and Services Science (CLOSER 2015) in Lisbon, Portugal. The authors outline significant security challenges presented when migrating to a cloud environment and described a novel holistic framework that aspires to alleviate these challenges, corresponding to the high level description of the vision of the PaaSword project.

Technology
1 of 21
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services Yiannis Verginadis, Antonis Michalas, Panagiotis Gouvas, Gunther Schiefer, Gerald Hubsch, Iraklis Paraskakis CLOSER 2015, Lisbon, May 21, 2015
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Introduction  Many users have started relying on cloud services without realizing it  Many companies have remained cautious due to security concerns  Applications and storage volumes often reside next to potentially hostile virtual environments, leaving sensitive information at risk to theft, unauthorized exposure or malicious manipulation  Governmental regulation presents an additional concern of significant legal and financial consequences if data confidentiality is breached Focused interest Experimentation Near ubiquitous use CloudAdoption
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Related Work  Commonly used access control models (Ferrari 2010) are:  Mandatory Access Control (MAC)  Discretionary Access Control (DAC)  Role-Based Access Control (RBAC)  Extending these models:  location-aware access control (LAAC) - there is a clear lack of supporting additional pertinent contextual information (Cleeff et al.,2010)  context-aware access control (CAAC) – with shortcomings like:  lack of support for dynamically generated context (Covington et al., 2001)  lack of fine-grained data access control (Kayes et al., 2013)
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Related Work (contd.)  Regarding the policy management there is lack of proper separation of concerns (Kourtesis and Paraskakis, 2012)  The policy definition and policy enforcement are entangled in the implementation of a single software component, leading to the lack of  portability  explicit representation of policy relationships  Regarding the data distribution and encryption algorithms...  Gentry (2009), introduced the first fully homomorphic encryption scheme that enables semantically secure outsourcing to the cloud  but presents severe performance issues  In CryptDB (Popa et al., 2011), the concept of onions was used  with the main drawback the lack of security guarantees to the client
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud  Top four threats identified (CSA, 2013) are:  data leakage  data loss  account hijacking  insecure APIs  The most critical part of a modern cloud application is the data persistency layer and the database itself  The OWASP foundation has categorized the database-related attacks as the most critical ones  SQL injections represents 17% of all security breaches examined  These attacks were responsible for 83% of the total records stolen, from 2005 to 2011
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud (contd.)  Most of the security fences that are configured in a corporate environment target the fortification of the so-called network perimeter  e.g. routers, hosts and virtual machines  IDS and IPS try to cope with database-takeover security aspects, but the risk of database compromise is greater than ever, as:  automated exploitation tools (e.g. SQLMap) are widely spread  IPS and IDS evasion techniques have become extremely sophisticated  Internal adversaries or even unknown vulnerabilities of software platforms widely adopted in the cloud may provide malicious access to sensitive data  e.g. Heartbleed flaw - constituted a serious fault in the OpenSSL cryptography library, which remained unnoticed for more than two years and affected over 60% of Web servers worldwide
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud (contd.)  Regarding the post-exploitation phase things are even worse in the case where a symmetric encryption algorithm has been employed  cracking toolkits that utilize GPU processing power (e.g. oclHashcat) are able to crack ciphers using brute-force techniques with an attack rate of 162 billion attempts per second  The application developer is the one responsible for both  sanitizing all HTTP-input parameters  reassuring that compromised data will be useless  Nevertheless, the mere utilization of an IaaS or PaaS provider, may by itself spawn a multitude of inherent vulnerabilities  that cannot be tackled effectively as they typically exceed the responsibilities of an application developer
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Threat Model  We assume a semi-honest adversarial model for the cloud provider (Paladi et al., 2014; Santos et al., 2009)  a malicious cloud provider correctly follows the protocol specification but can intercept all messages and may attempt to use them in order to learn information that otherwise should remain private  For the rest of the participants we consider the threat model (Santos et al., 2009) that assumes that privileged access rights can be used by a remote adversary, ADV, to leak confidential information  e.g. a corrupted system administrator, can obtain remote access to any host maintained by the provider.  the adversary cannot access the volatile memory of any guest virtual machine (VM) residing on the compute hosts of the provider
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Context-aware Access Model  We envision a XACML-based context-aware access model,  which is needed by the developers in order to annotate the Data Access Objects of their applications
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Facets of the Context-Aware Access Model Facets IP Address (Local) Time Location Device Type Data Connection Type etc… Patterns Frequency Usual Duration Usual Dates Usual Hours Previously Accessed Data Sensitive / Non Sensitive Data Role
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Policies Access, Governance and Enforcement  A middleware that will provide:  a transparent key usage for efficient authentication purposes,  annotation capabilities in the form of a tool (IDE plugin) for allowing developers to declaratively create the minimum amount of rule-set that is needed for security enforcement purposes  dynamically interpret the DAO annotations into policy enforcement rules  the governance and quality control of the annotations and their respective policy rules  the formulation and implementation of the overall policy enforcement business logic
Information Management Unit / ICCS of NTUA www.imu.iccs.gr  Devise an appropriate vocabulary of concepts and decide how they are interrelated  Populate the framework with appropriate instances to give rise to DAOs  Formalise these concepts and their interrelations – gives rise to the ontology framework Ontology for Access Policies
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Secure Storage  We propose a design for a cryptographic cloud storage that will be based on a symmetric searchable encryption (SSE) scheme similar to (Kamara and Lauter, 2010)  We plan to extend the previous work Cumulus4j (Huber et al., 2013) and MimoSecco (Gabel and Hubsch, 2014)) that hides relations between different data values of a data row
Information Management Unit / ICCS of NTUA www.imu.iccs.gr PaaSword High-level View
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Conceptual Architecture
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Conclusions & Next Steps  Future work involves the implementation of the proposed framework  This solution will be validated through 5 pilots:  Encrypted persistency as a service in a PaaS provider  Intergovernmental secure document and personal data exchange  Secure sensors data fusion and analytics  Protection of personal data in a multi-tenant CRM  Protection of sensible enterprise information in multi-tenant ERP
Thank you for listening! Acknowledgements: This work is related to the PaaSword project and has received funding from the European Union’s Horizon 2020 research and innovation programme under grant

Recommended

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword EU Project
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.com
PhD Assistance
 
A Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and ConsequencesA Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and Consequences
Associate Professor in VSB Coimbatore
 
Information flow control for secure cloud computing
Information flow control for secure cloud computingInformation flow control for secure cloud computing
Information flow control for secure cloud computing
Nexgen Technology
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.com
PhD Assistance
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
iaemedu
 
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Unisys Corporation
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
iaemedu
 

Recommended

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword EU Project
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.com
PhD Assistance
 
A Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and ConsequencesA Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and Consequences
Associate Professor in VSB Coimbatore
 
Information flow control for secure cloud computing
Information flow control for secure cloud computingInformation flow control for secure cloud computing
Information flow control for secure cloud computing
Nexgen Technology
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.com
PhD Assistance
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
iaemedu
 
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Unisys Corporation
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
iaemedu
 
Iaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloudIaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloud
Iaetsd Iaetsd
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
SubmissionResearchpa
 
Hans Bos
Hans BosHans Bos
Hans Bos
Dutch Power
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
Srishti Ahuja
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
IJERA Editor
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
Srishti Ahuja
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Hossam Al-Ansary
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
IJIR JOURNALS IJIRUSA
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSP
Srishti Ahuja
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET Journal
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings
STO STRATEGY
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
IAEME Publication
 
Analysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingAnalysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computing
redpel dot com
 
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Dalton Valadares
 
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
IRJET Journal
 
Blueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone ModelingBlueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone Modeling
ITIIIndustries
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
Distil Networks
 
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
exponential-inc
 
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Spiceworks
 

More Related Content

What's hot

Iaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloudIaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloud
Iaetsd Iaetsd
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
SubmissionResearchpa
 
Hans Bos
Hans BosHans Bos
Hans Bos
Dutch Power
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
Srishti Ahuja
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
IJERA Editor
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
Srishti Ahuja
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Hossam Al-Ansary
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
IJIR JOURNALS IJIRUSA
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSP
Srishti Ahuja
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET Journal
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings
STO STRATEGY
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
IAEME Publication
 
Analysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingAnalysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computing
redpel dot com
 
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Dalton Valadares
 
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
IRJET Journal
 
Blueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone ModelingBlueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone Modeling
ITIIIndustries
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 

What's hot (19)

Iaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloudIaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloud
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
 
Hans Bos
Hans BosHans Bos
Hans Bos
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSP
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
 
Analysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingAnalysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computing
 
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
 
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
 
Blueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone ModelingBlueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone Modeling
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 

Viewers also liked

Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
Distil Networks
 
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
exponential-inc
 
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Spiceworks
 
Enterprise 2.0: What it is and why it matters
Enterprise 2.0: What it is and why it mattersEnterprise 2.0: What it is and why it matters
Enterprise 2.0: What it is and why it matters
digitallibrary
 
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
Motty Ben Atia
 
Building a database security program
Building a database security programBuilding a database security program
Building a database security program
matt_presson
 
Box.net overview
Box.net overviewBox.net overview
Box.net overview
Eric McDuffee
 
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
Spiceworks
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your Business
Infopulse
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
Sophos Benelux
 
Robbery Prevention for Small Businesses
Robbery Prevention for Small BusinessesRobbery Prevention for Small Businesses
Robbery Prevention for Small Businesses
Fundera
 
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...
David J Rosenthal
 
Security Guide For Small Business
Security Guide For Small BusinessSecurity Guide For Small Business
Security Guide For Small Business
BrendanRose
 
Challenges Of Global Data Collection
Challenges Of Global Data Collection Challenges Of Global Data Collection
Challenges Of Global Data Collection
ResearchShare
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!
cisoplatform
 
Small business data security
Small business data securitySmall business data security
Small business data security
David Usher
 
Big Data Security with Hadoop
Big Data Security with HadoopBig Data Security with Hadoop
Big Data Security with Hadoop
Cloudera, Inc.
 
Big data security
Big data securityBig data security
Big data security
Joey Echeverria
 
Infrastructure API Lightning Talk by Jeremy Pollard of box.com
Infrastructure API Lightning Talk by Jeremy Pollard of box.comInfrastructure API Lightning Talk by Jeremy Pollard of box.com
Infrastructure API Lightning Talk by Jeremy Pollard of box.com
DevOps4Networks
 

Viewers also liked (20)

Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
 
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
 
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...
 
Enterprise 2.0: What it is and why it matters
Enterprise 2.0: What it is and why it mattersEnterprise 2.0: What it is and why it matters
Enterprise 2.0: What it is and why it matters
 
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
 
Building a database security program
Building a database security programBuilding a database security program
Building a database security program
 
Box.net overview
Box.net overviewBox.net overview
Box.net overview
 
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your Business
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
Robbery Prevention for Small Businesses
Robbery Prevention for Small BusinessesRobbery Prevention for Small Businesses
Robbery Prevention for Small Businesses
 
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...
 
Security Guide For Small Business
Security Guide For Small BusinessSecurity Guide For Small Business
Security Guide For Small Business
 
Challenges Of Global Data Collection
Challenges Of Global Data Collection Challenges Of Global Data Collection
Challenges Of Global Data Collection
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!
 
Small business data security
Small business data securitySmall business data security
Small business data security
 
Big Data Security with Hadoop
Big Data Security with HadoopBig Data Security with Hadoop
Big Data Security with Hadoop
 
Big data security
Big data securityBig data security
Big data security
 
Infrastructure API Lightning Talk by Jeremy Pollard of box.com
Infrastructure API Lightning Talk by Jeremy Pollard of box.comInfrastructure API Lightning Talk by Jeremy Pollard of box.com
Infrastructure API Lightning Talk by Jeremy Pollard of box.com
 

Similar to PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
PaaSword EU Project
 
Project 3
Project 3Project 3
Project 3
Priyanka Goswami
 
Secure modelling schema of distributed information
Secure modelling schema of distributed informationSecure modelling schema of distributed information
Secure modelling schema of distributed information
iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
iaemedu
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docx
SALU18
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
B018211016
B018211016B018211016
B018211016
IOSR Journals
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the Cloud
PaaSword EU Project
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
IJNSA Journal
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Dulith Kasun
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET Journal
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing EnvironmentsEvaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
ijfcstjournal
 
Cloud security
Cloud security Cloud security
Cloud security
Mohamed Shalash
 
IRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using CryptographyIRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET Journal
 
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...
AJASTJournal
 
Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6
IAEME Publication
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
ijcisjournal
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 

Similar to PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services (20)

DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
 
Project 3
Project 3Project 3
Project 3
 
Secure modelling schema of distributed information
Secure modelling schema of distributed informationSecure modelling schema of distributed information
Secure modelling schema of distributed information
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docx
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
B018211016
B018211016B018211016
B018211016
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the Cloud
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing EnvironmentsEvaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
 
Cloud security
Cloud security Cloud security
Cloud security
 
IRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using CryptographyIRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using Cryptography
 
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...
 
Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 

Recently uploaded

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 

Recently uploaded (20)

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

  • 1. PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services Yiannis Verginadis, Antonis Michalas, Panagiotis Gouvas, Gunther Schiefer, Gerald Hubsch, Iraklis Paraskakis CLOSER 2015, Lisbon, May 21, 2015
  • 2. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 3. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Introduction  Many users have started relying on cloud services without realizing it  Many companies have remained cautious due to security concerns  Applications and storage volumes often reside next to potentially hostile virtual environments, leaving sensitive information at risk to theft, unauthorized exposure or malicious manipulation  Governmental regulation presents an additional concern of significant legal and financial consequences if data confidentiality is breached Focused interest Experimentation Near ubiquitous use CloudAdoption
  • 4. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Related Work  Commonly used access control models (Ferrari 2010) are:  Mandatory Access Control (MAC)  Discretionary Access Control (DAC)  Role-Based Access Control (RBAC)  Extending these models:  location-aware access control (LAAC) - there is a clear lack of supporting additional pertinent contextual information (Cleeff et al.,2010)  context-aware access control (CAAC) – with shortcomings like:  lack of support for dynamically generated context (Covington et al., 2001)  lack of fine-grained data access control (Kayes et al., 2013)
  • 5. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Related Work (contd.)  Regarding the policy management there is lack of proper separation of concerns (Kourtesis and Paraskakis, 2012)  The policy definition and policy enforcement are entangled in the implementation of a single software component, leading to the lack of  portability  explicit representation of policy relationships  Regarding the data distribution and encryption algorithms...  Gentry (2009), introduced the first fully homomorphic encryption scheme that enables semantically secure outsourcing to the cloud  but presents severe performance issues  In CryptDB (Popa et al., 2011), the concept of onions was used  with the main drawback the lack of security guarantees to the client
  • 6. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 7. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud  Top four threats identified (CSA, 2013) are:  data leakage  data loss  account hijacking  insecure APIs  The most critical part of a modern cloud application is the data persistency layer and the database itself  The OWASP foundation has categorized the database-related attacks as the most critical ones  SQL injections represents 17% of all security breaches examined  These attacks were responsible for 83% of the total records stolen, from 2005 to 2011
  • 8. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud (contd.)  Most of the security fences that are configured in a corporate environment target the fortification of the so-called network perimeter  e.g. routers, hosts and virtual machines  IDS and IPS try to cope with database-takeover security aspects, but the risk of database compromise is greater than ever, as:  automated exploitation tools (e.g. SQLMap) are widely spread  IPS and IDS evasion techniques have become extremely sophisticated  Internal adversaries or even unknown vulnerabilities of software platforms widely adopted in the cloud may provide malicious access to sensitive data  e.g. Heartbleed flaw - constituted a serious fault in the OpenSSL cryptography library, which remained unnoticed for more than two years and affected over 60% of Web servers worldwide
  • 9. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud (contd.)  Regarding the post-exploitation phase things are even worse in the case where a symmetric encryption algorithm has been employed  cracking toolkits that utilize GPU processing power (e.g. oclHashcat) are able to crack ciphers using brute-force techniques with an attack rate of 162 billion attempts per second  The application developer is the one responsible for both  sanitizing all HTTP-input parameters  reassuring that compromised data will be useless  Nevertheless, the mere utilization of an IaaS or PaaS provider, may by itself spawn a multitude of inherent vulnerabilities  that cannot be tackled effectively as they typically exceed the responsibilities of an application developer
  • 10. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 11. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Threat Model  We assume a semi-honest adversarial model for the cloud provider (Paladi et al., 2014; Santos et al., 2009)  a malicious cloud provider correctly follows the protocol specification but can intercept all messages and may attempt to use them in order to learn information that otherwise should remain private  For the rest of the participants we consider the threat model (Santos et al., 2009) that assumes that privileged access rights can be used by a remote adversary, ADV, to leak confidential information  e.g. a corrupted system administrator, can obtain remote access to any host maintained by the provider.  the adversary cannot access the volatile memory of any guest virtual machine (VM) residing on the compute hosts of the provider
  • 12. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Context-aware Access Model  We envision a XACML-based context-aware access model,  which is needed by the developers in order to annotate the Data Access Objects of their applications
  • 13. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Facets of the Context-Aware Access Model Facets IP Address (Local) Time Location Device Type Data Connection Type etc… Patterns Frequency Usual Duration Usual Dates Usual Hours Previously Accessed Data Sensitive / Non Sensitive Data Role
  • 14. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Policies Access, Governance and Enforcement  A middleware that will provide:  a transparent key usage for efficient authentication purposes,  annotation capabilities in the form of a tool (IDE plugin) for allowing developers to declaratively create the minimum amount of rule-set that is needed for security enforcement purposes  dynamically interpret the DAO annotations into policy enforcement rules  the governance and quality control of the annotations and their respective policy rules  the formulation and implementation of the overall policy enforcement business logic
  • 15. Information Management Unit / ICCS of NTUA www.imu.iccs.gr  Devise an appropriate vocabulary of concepts and decide how they are interrelated  Populate the framework with appropriate instances to give rise to DAOs  Formalise these concepts and their interrelations – gives rise to the ontology framework Ontology for Access Policies
  • 16. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Secure Storage  We propose a design for a cryptographic cloud storage that will be based on a symmetric searchable encryption (SSE) scheme similar to (Kamara and Lauter, 2010)  We plan to extend the previous work Cumulus4j (Huber et al., 2013) and MimoSecco (Gabel and Hubsch, 2014)) that hides relations between different data values of a data row
  • 17. Information Management Unit / ICCS of NTUA www.imu.iccs.gr PaaSword High-level View
  • 18. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Conceptual Architecture
  • 19. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 20. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Conclusions & Next Steps  Future work involves the implementation of the proposed framework  This solution will be validated through 5 pilots:  Encrypted persistency as a service in a PaaS provider  Intergovernmental secure document and personal data exchange  Secure sensors data fusion and analytics  Protection of personal data in a multi-tenant CRM  Protection of sensible enterprise information in multi-tenant ERP
  • 21. Thank you for listening! Acknowledgements: This work is related to the PaaSword project and has received funding from the European Union’s Horizon 2020 research and innovation programme under grant