www.paasword.eu

No More Dark Clouds with PaaSword

Dr. Simone Braun

CAS Software AGPaaSword CS-IFG Workshop

Nov 10, 2016, Athens, Greece

PaaSword: An Innovative Cloud Security-by-Design Framework

Address security and data privacy concerns in a holistic way:

Safeguard personal & business data in the cloud

Protect the data persistency layer and the database itself

Support cloud application developers

Thus,

Bolster trust of individuals & corporate customers

Accelerate adoption of cloud computing technologies

Accelerate a paradigm shift in European industry towards security and privacy

PaaSword10/11/2016 2

Cloud Paradigm Shift

Cloud paradigm has definitely prevailed in mass market

However, many companies are still cautious using Cloud services due to security concerns

Applications and storage volumes often reside next to potentially hostile virtual environments

Significant legal and financial consequences if data confidentiality is breached

310/11/2016 PaaSword

Cloud Adoption Chasm Curve

Crossing the chasm for Cloud adoption is still relevant for enterprises despite its compelling benefits

<20% enterprise applications run on the Cloud [1]

41% report security concerns as significant challenge [1]

PaaSword10/11/2016 4

Mass

market

Cloud

Services

[1] RightScale, “State of the cloud report,” RightScale, 2015.

Security Challenges in the Cloud

Top threats identified (CSA, 2016) are: Data Breaches

Weak Access Management

Insecure APIs

Account Hijacking

‘Raw data’ are the modern hacker’s holy grail

The responsibility for the protection of data has shifted to the developer

510/11/2016 PaaSword

How shall we lower the barriers?

Security concernsProtect confidential information

Control access

Trust cloud provider

Secure Cloud Applications

Data privacySecure storage

Encryption

Trustable Key Management

Control Access to data

PaaSword

10/11/2016

6

PaaSword

PaaSword Features

Create a security-by-design frameworkwhich will allow developers to engineer secure applications

Leverage the security and trust of data that reside on outsourced infrastructure

Facilitate context-aware access to encrypted and (even) physically distributed datasets stored in the cloud

Prove applicability, usability, effectiveness and value of our framework in real-life Cloud infrastructures, services and applications

10/11/2016 8

PaaS Provider

PaaSword API

DB with

Indexers on encrypted data

Queries using Searchable

Trusted IaaS Provider

AdversaryUser

Developer

Publishes Application

Encryption Scheme

using PaaSword API

encrypted data

PaaSword

A Holistic Data Privacy and Security-by-Design Framework

Higher privacy with distributed searchable encryption at DB layer

Increased user control and less dependency on cloud provider with tenant-controlled Key Management

Appropriate access control with context-awareness and flexible Policy Management

Easier development of secure cloud applications for non-security experts with comprehensive Annotation Framework

Making cloud solutions more attractive and ready for the EU General Data Protection Regulation

10/11/2016 9

Consortium

• Industrial Partner

• Scientific Partner

10/11/2016 10PaaSword

10/11/2016 11

Questions?

Visit us:

www.paasword.euAcknowledgements:This project has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 644814.

PaaSword