paasword - no more dark clouds with paasword
TRANSCRIPT
www.paasword.eu
No More Dark Clouds with PaaSword
Dr. Simone Braun
CAS Software AGPaaSword CS-IFG Workshop
Nov 10, 2016, Athens, Greece
PaaSword: An Innovative Cloud Security-by-Design Framework
Address security and data privacy concerns in a holistic way:
Safeguard personal & business data in the cloud
Protect the data persistency layer and the database itself
Support cloud application developers
Thus,
Bolster trust of individuals & corporate customers
Accelerate adoption of cloud computing technologies
Accelerate a paradigm shift in European industry towards security and privacy
PaaSword10/11/2016 2
Cloud Paradigm Shift
Cloud paradigm has definitely prevailed in mass market
However, many companies are still cautious using Cloud services due to security concerns
Applications and storage volumes often reside next to potentially hostile virtual environments
Significant legal and financial consequences if data confidentiality is breached
310/11/2016 PaaSword
Cloud Adoption Chasm Curve
Crossing the chasm for Cloud adoption is still relevant for enterprises despite its compelling benefits
<20% enterprise applications run on the Cloud [1]
41% report security concerns as significant challenge [1]
PaaSword10/11/2016 4
Mass
market
Cloud
Services
[1] RightScale, “State of the cloud report,” RightScale, 2015.
Security Challenges in the Cloud
Top threats identified (CSA, 2016) are: Data Breaches
Weak Access Management
Insecure APIs
Account Hijacking
‘Raw data’ are the modern hacker’s holy grail
The responsibility for the protection of data has shifted to the developer
510/11/2016 PaaSword
How shall we lower the barriers?
Security concernsProtect confidential information
Control access
Trust cloud provider
Secure Cloud Applications
Data privacySecure storage
Encryption
Trustable Key Management
Control Access to data
PaaSword
10/11/2016
6
PaaSword
PaaSword Features
Create a security-by-design frameworkwhich will allow developers to engineer secure applications
Leverage the security and trust of data that reside on outsourced infrastructure
Facilitate context-aware access to encrypted and (even) physically distributed datasets stored in the cloud
Prove applicability, usability, effectiveness and value of our framework in real-life Cloud infrastructures, services and applications
10/11/2016 8
PaaS Provider
PaaSword API
DB with
Indexers on encrypted data
Queries using Searchable
Trusted IaaS Provider
AdversaryUser
Developer
Publishes Application
Encryption Scheme
using PaaSword API
encrypted data
PaaSword
A Holistic Data Privacy and Security-by-Design Framework
Higher privacy with distributed searchable encryption at DB layer
Increased user control and less dependency on cloud provider with tenant-controlled Key Management
Appropriate access control with context-awareness and flexible Policy Management
Easier development of secure cloud applications for non-security experts with comprehensive Annotation Framework
Making cloud solutions more attractive and ready for the EU General Data Protection Regulation
10/11/2016 9
Consortium
• Industrial Partner
• Scientific Partner
10/11/2016 10PaaSword
10/11/2016 11
Questions?
Visit us:
www.paasword.euAcknowledgements:This project has received funding from the
European Union’s Horizon 2020 research and innovation programme under grant
agreement No 644814.
PaaSword