No More Dark Clouds: A Privacy Preserving Framework for the Cloud
-
Upload
paasword-eu-project -
Category
Technology
-
view
287 -
download
1
Transcript of No More Dark Clouds: A Privacy Preserving Framework for the Cloud
www.paasword.eu
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
Dr. Simone Braun
CAS Software AG Networking Session at ICT 2015 Conference
October 20, 2015, Lisbon
Motivation
The Cloud paradigm has definitely prevailed
Most application are delivered following the SaaS model
Many developers rely on PaaS offerings for scalablity
Nearly all underlying resources (DBs, Queues etc) are outsourced at the IaaS level
Attack vectors have increased
‘Raw data’ are the modern hacker’s holy grail
The responsibility for the protection of data has shifted to the developer
2 20/10/2015
Motivation
20/10/2015 3 http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Our Goals
To create a security-by-design framework which will allow developers to engineer secure applications
To leverage the security and trust of data that reside on outsourced infrastructure
To facilitate context-aware access to encrypted and (even) physically distributed datasets stored in outsourced infrastructure
To prove the applicability, usability, effectiveness and value of our framework in real-life Cloud infrastructures, services and applications
20/10/2015 4
Agenda
Elevator Pitches: 1) Security-by-Design (Panagiotis Gouvas, UBITECH)
2) Context-aware Security Models (Yiannis Verginadis, ICCS)
3) The Need for Transparent Data Protection in the Cloud (Christian Gehrmann, SICS)
Round Table Discussions
Summary
20/10/2015 7
20/10/2015 11
Traditional
Source Code
Annotations
Mapped to
queries
Specific type of
annotations
affect the way
the user input will be
Handled during query
execution E (k,m)
k D(k,C)
Security-by-Design may be implemented in various ways
Design Decisions
The place where the TED is taking place.
The mechanism that generates the TED key.
The way the TED key is used
The modification of the target database schema
12 20/10/2015
CONTEXT-AWARE SECURITY MODELS
Dr. Yiannis Verginadis
Institute of Communications & Computer Systems (ICCS)
20/10/2015 14
What is Context?
“Any information that can be used to characterize the situation of an entity. An entity is a person, place, or object that is considered relevant to the interaction between a user and an application, including the user and applications themselves” (Abowd, et al., 1999; Dey, 2001)
20/10/2015 15
What is Context-Aware Security?
• “Context-aware security is the use of supplemental information to improve security decisions at the time they are made, resulting in more accurate security decisions capable of supporting dynamic business and IT environments” (Gartner)
20/10/2015 16
PaaSword Context-Aware Security Model
Security business model (SBM) An ontologically-expressed framework for annotating web-endpoints
Set by the product manager Separation of concerns between policy definition and enforcement
Conceptually divided into two parts
20/10/2015 17
Context Model (CM)
Gives rise to dynamic security controls
Data Distribution and Encryption Model (DDEM)
Gives rise to static security controls
18
Overview
AF: Annotation-formation
DTF: Development-time facing component
RTF: Runtime facing component
SBM: Security business model
web-endpoint annotations
THE NEED FOR TRANSPARENT DATA PROTECTION IN THE CLOUD
Christian Gehrmann, Swedish Institute of Computer Science
Matthias Gabel, Karlsruhe Institute of Technology
20/10/2015 19
Cloud data protection vision
One of the major obstacle for high data security in cloud applications are transparent (from end-user and developers points of view) data protection solutions
Cloud platforms should provide efficient tools for developers to protect data without the need of making detailed security configurations or key management solution themselves, i.e. it should offered by the cloud platform!
End-user applications should be able to fast and efficient retrieve protected, i.e. encrypted and integrity protected, cloud stored data without compromising security
20/10/2015 20
Technology maturity
Schemes for protected cloud storage that also allow quick data look-up have been subject for research and development for a long time. However, the schemes needs to be adapted to real cloud platforms and development environments.
Efficient and secure principles for platform assisted (for developers) cloud data protection is a fairly new area of research with huge potential!
20/10/2015 21
Searchable data protection high level view
20/10/2015 22
Client Cloud DB Proxy Cloud DB Client
Common (insecure) scenario Desired (secure) scenario in PaaSword
Discuss with us
Do you consider context-aware security valuable for the Cloud?
What is the most critical aspect of context that should be considered during the access control decision making?
Which is more important security or performance in the Cloud?
Which context model serialization format do you think is the most appropriate?
20/10/2015 24
Interested in… ?
Getting access to early results?
Shaping and expanding PaaSword?
Networking with leading companies & research institutes?
Collaborating with us and the PaaSword Community?
Join the Cloud Security Industrial Focus Group!
Contact: Christos Georgousopoulos ([email protected]) or any other PaaSword member
20/10/2015 25