The PaaSword project introduces a novel data privacy and security by design framework with the objective to protect sensitive data stored in the cloud. PaaSword enables security annotations, transparently through an IDE, transformed into context-aware security policies that enforce access control, cryptographic protection and physical distribution to secure the privacy of sensitive data.
PaaSword extends the Cloud Security Alliance‘s cloud security principles by capitalizing on recent innovations in virtual database middleware technologies, which introduce a scalable and secure cloud database abstraction layer with sophisticated data distribution and encryption methods. PaaSword provides encrypted and distributed storage, as well as context-aware access control, constituting a valuable asset for any Platform-as-a-Service provider. PaaS providers can easily adopt the innovative PaaSword solutions and thus deliver added value to their clients, with respect to the protection of next generation cloud applications against internal and external adversaries, in a quest to alleviate the cloud adoption concerns of the modern enterprise.
The adoption of PaaSword brings about new access control mechanisms that incorporate dynamically changing contextual information into access control policies and context-dependent access rights, which along with the encrypted and distributed storage support, consolidate the perfect fit for the dynamic cloud computing environment. Moreover, PaaSword brings all adopters one step closer to compliance with very demanding security regulations, such as the EC’s General Data Protection Regulation (entering into force on the 25th of May 2018) which enforces strict penalties for enterprises that fail to protect their end-users sensitive data. In brief it offers:
i) a searchable encryption scheme for secure queries support;
ii) policy-based access control & context-aware security models;
iii) governance capabilities for ensuring the validity of access control policies;
iv) a dedicated IDE plug-in for injecting code-level annotations that associates these policies with methods that provide access to sensitive data,
v) a novel policy enforcement middleware that extends the well-known attribute-based access control paradigm with semantically-rich context information,
vi) unique distributed storage across IaaS providers for disentangling data objects that might reveal sensitive information to internal or external adversaries,
vii) the PaaSword holistic framework that integrates all of these novel offerings.
Current cloud applications and storage volumes often leave information at risk to theft, unauthorized exposure or malicious manipulation. The most critical part of a modern cloud application and services is the data persistency layer and the database itself. To remedy this risk, PaaSword introduces a holistic data privacy and security by design framework, based on distributed and encrypted data persistence and sophisticated context-aware access control mechanisms in cloud-based services and applications.
Unlike any other solution, PaaSword supports both developers of cloud applications with code annotation techniques and DevOps with the necessary modelling and management tools for achieving an appropriate level of protection for their cloud application’s data, even in cases where sensitive information resides on untrusted IaaS providers. Thus, PaaSword enables enterprises to unlock the valuable business, economic and operational benefits of migrating to the cloud, as it generates the confidence of individuals and corporate customers in cloud-enabled services and applications. These valuable business benefits cannot be unlocked without addressing the new data security challenges posed by cloud computing.
The long-term expectation of the impact of the project is to assist in the accelerated adoption of cloud computing technologies, and to see a paradigm shift of European industry towards security and privacy.