SlideShare une entreprise Scribd logo

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

Télécharger en tant que PPT, PDF
Yiannis Verginadis
Yiannis Verginadis

This is a paper presentation held at the 5th International Conference on Cloud Computing and Services Science (CLOSER 2015) in Lisbon, Portugal. The authors outline significant security challenges presented when migrating to a cloud environment and described a novel holistic framework that aspires to alleviate these challenges, corresponding to the high level description of the vision of the PaaSword project.

Technologie
1  sur  21
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services Yiannis Verginadis, Antonis Michalas, Panagiotis Gouvas, Gunther Schiefer, Gerald Hubsch, Iraklis Paraskakis CLOSER 2015, Lisbon, May 21, 2015
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Introduction  Many users have started relying on cloud services without realizing it  Many companies have remained cautious due to security concerns  Applications and storage volumes often reside next to potentially hostile virtual environments, leaving sensitive information at risk to theft, unauthorized exposure or malicious manipulation  Governmental regulation presents an additional concern of significant legal and financial consequences if data confidentiality is breached Focused interest Experimentation Near ubiquitous use CloudAdoption
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Related Work  Commonly used access control models (Ferrari 2010) are:  Mandatory Access Control (MAC)  Discretionary Access Control (DAC)  Role-Based Access Control (RBAC)  Extending these models:  location-aware access control (LAAC) - there is a clear lack of supporting additional pertinent contextual information (Cleeff et al.,2010)  context-aware access control (CAAC) – with shortcomings like:  lack of support for dynamically generated context (Covington et al., 2001)  lack of fine-grained data access control (Kayes et al., 2013)
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Related Work (contd.)  Regarding the policy management there is lack of proper separation of concerns (Kourtesis and Paraskakis, 2012)  The policy definition and policy enforcement are entangled in the implementation of a single software component, leading to the lack of  portability  explicit representation of policy relationships  Regarding the data distribution and encryption algorithms...  Gentry (2009), introduced the first fully homomorphic encryption scheme that enables semantically secure outsourcing to the cloud  but presents severe performance issues  In CryptDB (Popa et al., 2011), the concept of onions was used  with the main drawback the lack of security guarantees to the client
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud  Top four threats identified (CSA, 2013) are:  data leakage  data loss  account hijacking  insecure APIs  The most critical part of a modern cloud application is the data persistency layer and the database itself  The OWASP foundation has categorized the database-related attacks as the most critical ones  SQL injections represents 17% of all security breaches examined  These attacks were responsible for 83% of the total records stolen, from 2005 to 2011
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud (contd.)  Most of the security fences that are configured in a corporate environment target the fortification of the so-called network perimeter  e.g. routers, hosts and virtual machines  IDS and IPS try to cope with database-takeover security aspects, but the risk of database compromise is greater than ever, as:  automated exploitation tools (e.g. SQLMap) are widely spread  IPS and IDS evasion techniques have become extremely sophisticated  Internal adversaries or even unknown vulnerabilities of software platforms widely adopted in the cloud may provide malicious access to sensitive data  e.g. Heartbleed flaw - constituted a serious fault in the OpenSSL cryptography library, which remained unnoticed for more than two years and affected over 60% of Web servers worldwide
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud (contd.)  Regarding the post-exploitation phase things are even worse in the case where a symmetric encryption algorithm has been employed  cracking toolkits that utilize GPU processing power (e.g. oclHashcat) are able to crack ciphers using brute-force techniques with an attack rate of 162 billion attempts per second  The application developer is the one responsible for both  sanitizing all HTTP-input parameters  reassuring that compromised data will be useless  Nevertheless, the mere utilization of an IaaS or PaaS provider, may by itself spawn a multitude of inherent vulnerabilities  that cannot be tackled effectively as they typically exceed the responsibilities of an application developer
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Threat Model  We assume a semi-honest adversarial model for the cloud provider (Paladi et al., 2014; Santos et al., 2009)  a malicious cloud provider correctly follows the protocol specification but can intercept all messages and may attempt to use them in order to learn information that otherwise should remain private  For the rest of the participants we consider the threat model (Santos et al., 2009) that assumes that privileged access rights can be used by a remote adversary, ADV, to leak confidential information  e.g. a corrupted system administrator, can obtain remote access to any host maintained by the provider.  the adversary cannot access the volatile memory of any guest virtual machine (VM) residing on the compute hosts of the provider
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Context-aware Access Model  We envision a XACML-based context-aware access model,  which is needed by the developers in order to annotate the Data Access Objects of their applications
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Facets of the Context-Aware Access Model Facets IP Address (Local) Time Location Device Type Data Connection Type etc… Patterns Frequency Usual Duration Usual Dates Usual Hours Previously Accessed Data Sensitive / Non Sensitive Data Role
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Policies Access, Governance and Enforcement  A middleware that will provide:  a transparent key usage for efficient authentication purposes,  annotation capabilities in the form of a tool (IDE plugin) for allowing developers to declaratively create the minimum amount of rule-set that is needed for security enforcement purposes  dynamically interpret the DAO annotations into policy enforcement rules  the governance and quality control of the annotations and their respective policy rules  the formulation and implementation of the overall policy enforcement business logic
Information Management Unit / ICCS of NTUA www.imu.iccs.gr  Devise an appropriate vocabulary of concepts and decide how they are interrelated  Populate the framework with appropriate instances to give rise to DAOs  Formalise these concepts and their interrelations – gives rise to the ontology framework Ontology for Access Policies
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Secure Storage  We propose a design for a cryptographic cloud storage that will be based on a symmetric searchable encryption (SSE) scheme similar to (Kamara and Lauter, 2010)  We plan to extend the previous work Cumulus4j (Huber et al., 2013) and MimoSecco (Gabel and Hubsch, 2014)) that hides relations between different data values of a data row
Information Management Unit / ICCS of NTUA www.imu.iccs.gr PaaSword High-level View
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Conceptual Architecture
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
Information Management Unit / ICCS of NTUA www.imu.iccs.gr Conclusions & Next Steps  Future work involves the implementation of the proposed framework  This solution will be validated through 5 pilots:  Encrypted persistency as a service in a PaaS provider  Intergovernmental secure document and personal data exchange  Secure sensors data fusion and analytics  Protection of personal data in a multi-tenant CRM  Protection of sensible enterprise information in multi-tenant ERP
Thank you for listening! Acknowledgements: This work is related to the PaaSword project and has received funding from the European Union’s Horizon 2020 research and innovation programme under grant

Recommandé

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword EU Project
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comPhD Assistance
 
A Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and ConsequencesA Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and ConsequencesAssociate Professor in VSB Coimbatore
 
Information flow control for secure cloud computing
Information flow control for secure cloud computingInformation flow control for secure cloud computing
Information flow control for secure cloud computingNexgen Technology
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comPhD Assistance
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Unisys Corporation
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 

Recommandé

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword EU Project
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comPhD Assistance
 
A Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and ConsequencesA Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and ConsequencesAssociate Professor in VSB Coimbatore
 
Information flow control for secure cloud computing
Information flow control for secure cloud computingInformation flow control for secure cloud computing
Information flow control for secure cloud computingNexgen Technology
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comPhD Assistance
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Unisys Corporation
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Iaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloudIaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloudIaetsd Iaetsd
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
 
Hans Bos
Hans BosHans Bos
Hans BosDutch Power
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelinesSrishti Ahuja
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelinesSrishti Ahuja
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsHossam Al-Ansary
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...IJIR JOURNALS IJIRUSA
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSPSrishti Ahuja
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET Journal
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedingsSTO STRATEGY
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 
Analysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingAnalysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingredpel dot com
 
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...Dalton Valadares
 
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...IRJET Journal
 
Blueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone ModelingBlueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone ModelingITIIIndustries
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityDistil Networks
 
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...exponential-inc
 
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Spiceworks
 

Contenu connexe

Tendances

Iaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloudIaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloudIaetsd Iaetsd
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelinesSrishti Ahuja
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelinesSrishti Ahuja
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsHossam Al-Ansary
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...IJIR JOURNALS IJIRUSA
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSPSrishti Ahuja
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET Journal
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedingsSTO STRATEGY
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 
Analysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingAnalysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingredpel dot com
 
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...Dalton Valadares
 
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...IRJET Journal
 
Blueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone ModelingBlueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone ModelingITIIIndustries
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 

Tendances (19)

Iaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloudIaetsd secure data storage against attacks in cloud
Iaetsd secure data storage against attacks in cloud
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
 
Hans Bos
Hans BosHans Bos
Hans Bos
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSP
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
 
Analysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingAnalysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computing
 
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
Achieving Data Dissemination with Security using FIWARE and Intel Software Gu...
 
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
 
Blueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone ModelingBlueprint for Cyber Security Zone Modeling
Blueprint for Cyber Security Zone Modeling
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 

En vedette

Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityDistil Networks
 
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...exponential-inc
 
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Spiceworks
 
Enterprise 2.0: What it is and why it matters
Enterprise 2.0: What it is and why it mattersEnterprise 2.0: What it is and why it matters
Enterprise 2.0: What it is and why it mattersdigitallibrary
 
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...Motty Ben Atia
 
Building a database security program
Building a database security programBuilding a database security program
Building a database security programmatt_presson
 
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...Spiceworks
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessInfopulse
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
Robbery Prevention for Small Businesses
Robbery Prevention for Small BusinessesRobbery Prevention for Small Businesses
Robbery Prevention for Small BusinessesFundera
 
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...David J Rosenthal
 
Security Guide For Small Business
Security Guide For Small BusinessSecurity Guide For Small Business
Security Guide For Small BusinessBrendanRose
 
Challenges Of Global Data Collection
Challenges Of Global Data Collection Challenges Of Global Data Collection
Challenges Of Global Data Collection ResearchShare
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small BusinessesWilkins Consulting, LLC
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!cisoplatform
 
Small business data security
Small business data securitySmall business data security
Small business data securityDavid Usher
 
Big Data Security with Hadoop
Big Data Security with HadoopBig Data Security with Hadoop
Big Data Security with HadoopCloudera, Inc.
 
Infrastructure API Lightning Talk by Jeremy Pollard of box.com
Infrastructure API Lightning Talk by Jeremy Pollard of box.comInfrastructure API Lightning Talk by Jeremy Pollard of box.com
Infrastructure API Lightning Talk by Jeremy Pollard of box.comDevOps4Networks
 

En vedette (20)

Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
 
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
Keynote Address at 2013 CloudCon: A day in the life of the SMB by Michael To...
 
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...
 
Enterprise 2.0: What it is and why it matters
Enterprise 2.0: What it is and why it mattersEnterprise 2.0: What it is and why it matters
Enterprise 2.0: What it is and why it matters
 
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
SMB Security Opportunity –Use and Plans for Solutions and Profile of "Securit...
 
Building a database security program
Building a database security programBuilding a database security program
Building a database security program
 
Box.net overview
Box.net overviewBox.net overview
Box.net overview
 
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
Security Essentials for the SMB IT Network (on a Shoestring Budget!) - Adam W...
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your Business
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
Robbery Prevention for Small Businesses
Robbery Prevention for Small BusinessesRobbery Prevention for Small Businesses
Robbery Prevention for Small Businesses
 
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...
Windows 10 Enterprise E3 - Best in Class Security and Control - Presented by ...
 
Security Guide For Small Business
Security Guide For Small BusinessSecurity Guide For Small Business
Security Guide For Small Business
 
Challenges Of Global Data Collection
Challenges Of Global Data Collection Challenges Of Global Data Collection
Challenges Of Global Data Collection
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!
 
Small business data security
Small business data securitySmall business data security
Small business data security
 
Big Data Security with Hadoop
Big Data Security with HadoopBig Data Security with Hadoop
Big Data Security with Hadoop
 
Big data security
Big data securityBig data security
Big data security
 
Infrastructure API Lightning Talk by Jeremy Pollard of box.com
Infrastructure API Lightning Talk by Jeremy Pollard of box.comInfrastructure API Lightning Talk by Jeremy Pollard of box.com
Infrastructure API Lightning Talk by Jeremy Pollard of box.com
 

Similaire à PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudPaaSword EU Project
 
Secure modelling schema of distributed information
Secure modelling schema of distributed informationSecure modelling schema of distributed information
Secure modelling schema of distributed informationiaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxSALU18
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudPaaSword EU Project
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET Journal
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing EnvironmentsEvaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environmentsijfcstjournal
 
IRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using CryptographyIRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using CryptographyIRJET Journal
 
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...AJASTJournal
 
Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6IAEME Publication
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryptionijcisjournal
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 

Similaire à PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services (20)

DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
 
Project 3
Project 3Project 3
Project 3
 
Secure modelling schema of distributed information
Secure modelling schema of distributed informationSecure modelling schema of distributed information
Secure modelling schema of distributed information
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docx
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
B018211016
B018211016B018211016
B018211016
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the Cloud
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing EnvironmentsEvaluation Of The Data Security Methods In Cloud Computing Environments
Evaluation Of The Data Security Methods In Cloud Computing Environments
 
Cloud security
Cloud security Cloud security
Cloud security
 
IRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using CryptographyIRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using Cryptography
 
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...
 
Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6Reliable security in cloud computing environment 2-3-4-5-6
Reliable security in cloud computing environment 2-3-4-5-6
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 

Dernier

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Dernier (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

  • 1. PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services Yiannis Verginadis, Antonis Michalas, Panagiotis Gouvas, Gunther Schiefer, Gerald Hubsch, Iraklis Paraskakis CLOSER 2015, Lisbon, May 21, 2015
  • 2. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 3. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Introduction  Many users have started relying on cloud services without realizing it  Many companies have remained cautious due to security concerns  Applications and storage volumes often reside next to potentially hostile virtual environments, leaving sensitive information at risk to theft, unauthorized exposure or malicious manipulation  Governmental regulation presents an additional concern of significant legal and financial consequences if data confidentiality is breached Focused interest Experimentation Near ubiquitous use CloudAdoption
  • 4. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Related Work  Commonly used access control models (Ferrari 2010) are:  Mandatory Access Control (MAC)  Discretionary Access Control (DAC)  Role-Based Access Control (RBAC)  Extending these models:  location-aware access control (LAAC) - there is a clear lack of supporting additional pertinent contextual information (Cleeff et al.,2010)  context-aware access control (CAAC) – with shortcomings like:  lack of support for dynamically generated context (Covington et al., 2001)  lack of fine-grained data access control (Kayes et al., 2013)
  • 5. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Related Work (contd.)  Regarding the policy management there is lack of proper separation of concerns (Kourtesis and Paraskakis, 2012)  The policy definition and policy enforcement are entangled in the implementation of a single software component, leading to the lack of  portability  explicit representation of policy relationships  Regarding the data distribution and encryption algorithms...  Gentry (2009), introduced the first fully homomorphic encryption scheme that enables semantically secure outsourcing to the cloud  but presents severe performance issues  In CryptDB (Popa et al., 2011), the concept of onions was used  with the main drawback the lack of security guarantees to the client
  • 6. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 7. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud  Top four threats identified (CSA, 2013) are:  data leakage  data loss  account hijacking  insecure APIs  The most critical part of a modern cloud application is the data persistency layer and the database itself  The OWASP foundation has categorized the database-related attacks as the most critical ones  SQL injections represents 17% of all security breaches examined  These attacks were responsible for 83% of the total records stolen, from 2005 to 2011
  • 8. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud (contd.)  Most of the security fences that are configured in a corporate environment target the fortification of the so-called network perimeter  e.g. routers, hosts and virtual machines  IDS and IPS try to cope with database-takeover security aspects, but the risk of database compromise is greater than ever, as:  automated exploitation tools (e.g. SQLMap) are widely spread  IPS and IDS evasion techniques have become extremely sophisticated  Internal adversaries or even unknown vulnerabilities of software platforms widely adopted in the cloud may provide malicious access to sensitive data  e.g. Heartbleed flaw - constituted a serious fault in the OpenSSL cryptography library, which remained unnoticed for more than two years and affected over 60% of Web servers worldwide
  • 9. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Security Challenges in the Cloud (contd.)  Regarding the post-exploitation phase things are even worse in the case where a symmetric encryption algorithm has been employed  cracking toolkits that utilize GPU processing power (e.g. oclHashcat) are able to crack ciphers using brute-force techniques with an attack rate of 162 billion attempts per second  The application developer is the one responsible for both  sanitizing all HTTP-input parameters  reassuring that compromised data will be useless  Nevertheless, the mere utilization of an IaaS or PaaS provider, may by itself spawn a multitude of inherent vulnerabilities  that cannot be tackled effectively as they typically exceed the responsibilities of an application developer
  • 10. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 11. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Threat Model  We assume a semi-honest adversarial model for the cloud provider (Paladi et al., 2014; Santos et al., 2009)  a malicious cloud provider correctly follows the protocol specification but can intercept all messages and may attempt to use them in order to learn information that otherwise should remain private  For the rest of the participants we consider the threat model (Santos et al., 2009) that assumes that privileged access rights can be used by a remote adversary, ADV, to leak confidential information  e.g. a corrupted system administrator, can obtain remote access to any host maintained by the provider.  the adversary cannot access the volatile memory of any guest virtual machine (VM) residing on the compute hosts of the provider
  • 12. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Context-aware Access Model  We envision a XACML-based context-aware access model,  which is needed by the developers in order to annotate the Data Access Objects of their applications
  • 13. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Facets of the Context-Aware Access Model Facets IP Address (Local) Time Location Device Type Data Connection Type etc… Patterns Frequency Usual Duration Usual Dates Usual Hours Previously Accessed Data Sensitive / Non Sensitive Data Role
  • 14. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Policies Access, Governance and Enforcement  A middleware that will provide:  a transparent key usage for efficient authentication purposes,  annotation capabilities in the form of a tool (IDE plugin) for allowing developers to declaratively create the minimum amount of rule-set that is needed for security enforcement purposes  dynamically interpret the DAO annotations into policy enforcement rules  the governance and quality control of the annotations and their respective policy rules  the formulation and implementation of the overall policy enforcement business logic
  • 15. Information Management Unit / ICCS of NTUA www.imu.iccs.gr  Devise an appropriate vocabulary of concepts and decide how they are interrelated  Populate the framework with appropriate instances to give rise to DAOs  Formalise these concepts and their interrelations – gives rise to the ontology framework Ontology for Access Policies
  • 16. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Secure Storage  We propose a design for a cryptographic cloud storage that will be based on a symmetric searchable encryption (SSE) scheme similar to (Kamara and Lauter, 2010)  We plan to extend the previous work Cumulus4j (Huber et al., 2013) and MimoSecco (Gabel and Hubsch, 2014)) that hides relations between different data values of a data row
  • 17. Information Management Unit / ICCS of NTUA www.imu.iccs.gr PaaSword High-level View
  • 18. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Conceptual Architecture
  • 19. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Agenda  Introduction  Data Security Challenges in the Cloud  PaaSword Framework  Conclusions
  • 20. Information Management Unit / ICCS of NTUA www.imu.iccs.gr Conclusions & Next Steps  Future work involves the implementation of the proposed framework  This solution will be validated through 5 pilots:  Encrypted persistency as a service in a PaaS provider  Intergovernmental secure document and personal data exchange  Secure sensors data fusion and analytics  Protection of personal data in a multi-tenant CRM  Protection of sensible enterprise information in multi-tenant ERP
  • 21. Thank you for listening! Acknowledgements: This work is related to the PaaSword project and has received funding from the European Union’s Horizon 2020 research and innovation programme under grant