A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
23
www.paasword.eu A Data Privacy and Security by Design Platform‐as‐a‐Service Framework Dr. Panagiotis Gouvas - R&D Director - Ubitech Ltd Dr. Yiannis Verginadis -Senior Researcher - ICCS SecureCloud 2016 - May 24, 2016, Dublin
-
Upload
paasword-eu-project -
Category
Technology
-
view
104 -
download
0
Transcript of A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
www.paasword.eu
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
Dr. Panagiotis Gouvas - R&D Director - Ubitech Ltd
Dr. Yiannis Verginadis -Senior Researcher - ICCS SecureCloud 2016 - May 24, 2016, Dublin
Agenda
Motivation
Goals
PaaSword in a Nutshell
Use Cases
Ongoing work
PaaSword 28/06/2016 2
Motivation
The cloud paradigm has definitely prevailed
Most applications are delivered following the SaaS model
Many developers rely on PaaS offerings for scalability
Nearly all underlying resources (DBs, Queues etc) are outsourced at the IaaS level
Attack vectors have increased
‘Raw data’ are the modern hacker’s holy grail
The responsibility for the protection of data has shifted to the developer
PaaSword 28/06/2016 3
Motivation
PaaSword 28/06/2016 4
Motivation
PaaSword 28/06/2016 5
http://www.informationisbeautiful.net/visuaPaliazSawtoirodns/worlds-biggest-data-breaches-hacks/
Goals of PaaSword Framework
To create a security-by-design framework which will allow developers to engineer secure applications
To leverage the security and trust of data that reside on outsourced infrastructure
To facilitate context-aware access to encrypted and (even) physically distributed datasets stored in outsourced infrastructure
To prove the applicability, usability, effectiveness and value of our framework in real-life Cloud infrastructures, services and applications
PaaSword 28/06/2016 6
PaaSword in a Nutshell
PaaSword 28/06/2016 7
PaaSword Walkthrough
PaaSword 28/06/2016 8
Two types of
Annotations:
1) Encryption &
Distribution
2) Policy
Enforcement
Concept of Secure Proxy
PaaSword 28/06/2016 9
Client Cloud DB Proxy Cloud DB Client
Common (insecure) scenario Desired (secure) scenario in PaaSword
Virtual Database Architecture
PaaSword 28/06/2016 10
Data Index2 Index1
SQL
SQL Database Proxy
(trusted)
SQL
Cloud (untrusted)
User / Application
Data (not encrypted)
Data (encrypted)
What’s New
PaaSword 28/06/2016 11
ID Name Surname City Day of Birth
1 Paul Anderson Athens 01.01.1979
2 Howard Miller Karlsruhe 02.02.1974
3 Henry Cooper Berlin 03.03.1980
4 Henry Jones Thessaloniki 04.04.1985
ID Encrypted Data
1 Enc(Paul,Anderson,Athens,01.01.1979)
2 Enc(Howard,Miller,Karlsruhe,02.02.1974)
3 Enc(Henry,Cooper,Berlin,03.03.1980)
4 Enc(Henry,Jones,Thessaloniki,04.04.1985)
Data
Keyword-Name IDs
Enc(Paul) Enc(1)
Enc(Howard) Enc(2)
Enc(Henry) Enc(3,4)
Index1
Keyword-Surname IDs
Enc(Anderson) Enc(1)
Enc(Miller) Enc(2)
Enc(Cooper) Enc(3)
Enc(Jones) Enc(4)
Index2
Original
Keyword Encryption
• AES (deterministic)
• Support for most query types
(excl. LIKE)
Index Distribution
• Index for same data type can be stored at different
servers
Distribution based on Privacy Constraints
• Minimize exposure of sensitive information by careful distribution
What about Key Creation/Sharing Policies?
12
Overview Of Policies
13
Policy /Characteristic Where is the TED taking
place?
TED Key Generation TED Key Usage & Sharing
Policy
Modification of target
schema
SQL support
P1 In the PaaS container Generated once during
bootstrapping (in a Tenant
Trusted Zone) and stored
in-memory by the
application
It is recovered by the
memory on demand per
each query execution
No Modification Yes
P2 In the PaaS container One key is generated per
Tenant (in a Tenant
Trusted Zone) and a pair of
user_key container_key is
generated out of this
tenant_key
It is recomposed by the
combination of a user_key
and a container_key per
each query_execution
No Modification Yes
P3 Outside the container in a
Tenant Trusted Zone
Generated once in a
Tenant Trusted Zone
E/D Key is used only in the
Tenant Trusted Zone
No Modification No
P4 In the PaaS container Generated once during
bootstrapping (in a Tenant
Trusted Zone) and stored
in-memory by the
application
It is recovered by the
memory on demand per
each query execution
Modifications required No
P5 In the PaaS container One key is generated per
Tenant (in a Tenant
Trusted Zone) and a pair of
user_key container_key is
generated out of this
tenant_key
It is recomposed by the
combination of a user_key
and a container_key per
each query_execution
Modifications required No
Comparative Analysis
14
Final Key Management Requirements
Avoid running a service at the Tenant (T) that provides the Tenant Key (TK) to the Proxy (P). Tenant administrator is offline.
Avoid giving TK to the Cloud Application (A) or the User (U)
Ensure Access Control cannot be bypassed
One key per tenant
As simple as possible
Recoverability
PaaSword 28/06/2016 15
Implemented Policy
PaaSword 28/06/2016 18
TKui
User
Encrypted with TK
Cloud DB
Application
Access Control
…
TKa1
TKa2
TKa3
DB-Proxy
TK = TKui TKai TKpi .
…
TKp1
TKp2
TKp3
TKui
TKai
TKui
Admin
Access
Semantic Authorization
PaaSword will deliver an XACML 3.0 compliant Auth Engine with the ability to
harmonize the attribute creation process through the usage of the extensible Context Model
decouple the level of granularity of attributes that are used to define policies with the attributes that characterize ‘subjects’, ‘objects’ and the ‘environment’
to provide design-time conflict resolution for provided policies
PaaSword 28/06/2016 24
Semantic Authorization Engine
PaaSword 28/06/2016 25
Use Cases
PaaSword Framework will be evaluated on 5 different Use Cases
Secure Sensors Analytics for IoT applications
Cloud-based Multi-tenant CRM software
Encrypted Persistency included in PaaS/SaaS Services
Multi-tenant ERP Environments
Platform for Cross-border Document Exchange
PaaSword 28/06/2016 26
Challenges
Functional Transparency: Developer should not implement security policies. S/he should only use them
Comprehensive annotation framework: Proper annotations should be created for encryption/decryption and policy access
Flexible Policy Management: Context-driven policies for accessing the stored information
Efficient Virtualization of RDBMS: realizing the appropriate query synthesis and aposynthesis capabilities
Flexible Key Management: mechanisms making the key usage transparent to the cloud-based applications and services
Extensibility: the framework should be extensible even during runtime
PaaSword 28/06/2016 27
Consortium
• Industrial Partner • Scientific Partner
28 PaaSword
Interested in… ?
Getting access to early results?
Shaping and expanding PaaSword?
Networking with leading companies & research institutes?
Collaborating with us and the PaaSword Community?
Join the Cloud Security Industrial Focus Group!
Register at: https://www.paasword.eu/register/
29 PaaSword
PaaSword 28/06/2016 30
Questions?
Visit us:
www.paasword.eu Acknowledgements: This project has received funding from the
European Union’s Horizon 2020 research and innovation programme under grant
agreement No 644814.
