PaaSword project
Summary :
In order to unlock valuable business benefits of Cloud Computing, security and data privacy concerns as main barriers in cloud adoption must be effectively addressed in a holistic way. PaaSword aims at fortifying the trust of individuals and corporate customers in cloud services and increasing the adoption rate of cloud-based solutions. The focus is on safeguarding both corporate and personal data for cloud infrastructures and storage services. The project is addressing the current major data security challenges, posed by the Cloud Security Alliance, and provides essential knowledge to organizations that wish to securely migrate to the cloud.
Current cloud applications and storage volumes often leave information at risk to theft, unauthorized exposure or malicious manipulation. The most critical target is the data persistency layer and the database itself. To remedy this problem, PaaSword introduces a holistic data privacy and security by design framework with main aim to protect users’ sensitive data stored in the cloud. The framework is based on a searchable encryption scheme enhanced with sophisticated context-aware access control mechanisms. An innovative approach for key management maximizes customers' control over their data. Thus, PaaSword leverages security and trust of cloud infrastructures and services and ensures protection, privacy and integrity of the data stored in the cloud.
PaaSword extends the Cloud Security Alliance's principles by capitalizing on recent innovations in virtual database middleware technologies that introduce a scalable secure cloud database abstraction layer with sophisticated data distribution and encryption methods. The implementation of enterprise security governance in cloud environments is supported by a novel approach towards context-aware access control mechanisms that incorporate dynamically changing contextual information into access control policies and context-dependent access rights to data stored in the cloud. Finally, PaaSword supports developers of cloud applications through code annotation techniques that allow specifying an appropriate level of protection for the application's data. Applicability, usability, effectiveness and value of the PaaSword concepts are proven through their integration in industrial, real-life services and applications.
PaaSword Impact for ICCS / NTUA :
PaaSword is among the well-known projects of the EC for coping with one of the most critical aspects of cloud computing – security. For ICCS/NTUA and the Information Management Unit, PaaSword has provided:
- The opportunity to conduct research to the critical and rapidly developing area of security-by-design. Among others, ICCS has:
-Strongly contributed into the PaaSword reference architecture that describes the design-time and run-time components, required in order for the security-by-design concept to be realized.
-Developed a reusable and generic context-aware security model, the so-called PaaSword Context-aware Security Model that can set the basis for annotating database Entities, Data Access Objects or any other web endpoints that give access to sensitive data managed by cloud applications.
-co-Developed a number of ontological Linked-USDL-based abstract policy models, one for each type of security policy enforcement that the PaaSword framework aspires to support.
- Supported the research of two experienced, postdoctoral researchers (Y. Verginadis, I. Patiniotakis).
- Coordinated and supported the consortium’s dissemination effort with the publication of 9 original conference and journal papers in the first project year.
- Organized the 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD'15) in Limassol, Cyprus, attracting international audience from the cloud security domain.
Publications (indicative)
1. Y. Verginadis, A. Michalas, P. Gouvas, G. Schiefer, G. Hübsch, I. Paraskakis. PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services. 5th International Conference on Cloud Computing and Services Science (CLOSER 2015), 20-22 May, Lisbon.
2. Y. Verginadis, G. Mentzas, S. Veloudis, I. Paraskakis. A Survey on Context Security Policies. 8th IEEE/ACM International Conference on Utility and Cloud Computing, Limassol, Cyprus, December 7-10, 2015.
3. S. Veloudis, Y. Verginadis, I. Patiniotakis, I. Paraskakis and G. Mentzas. Context-aware Security Models for PaaS-enabled Access Control. 6th International Conference on Cloud Computing and Services Science (CLOSER 2016), Rome, Italy, April 23-25, 2016.
For more information please contact at NTUA: Professor G. Mentzas, Tel. +30 210 7722415, Email address: gmentzas@cs.ntua.gr