Programme: HORIZON 2020
Title: A Holistic Data Privacy and Security by Design Platform-as-a-Service Framework Introducing Distributed Encrypted Persistence in Cloud-based Applications
Project Duration: 36 months (January 2015 - December 2017)
Budjet: € 4 461 513
Funding: € 3 984 575
Scope, Final Deliverables and Results Utilization
Although enterprises recognize the compelling economic and operational benefits of running applications and services in the Cloud, security and data privacy concerns are the main barriers in Cloud adoption. Valuable business benefits cannot be unlocked without addressing new data security challenges posed by Cloud Computing. PaaSword aims at fortifying the trust of individuals and corporate customers in Cloud-enabled services and applications. The focus is on secure storage of both corporate and personal sensitive data on Cloud infrastructures.
Current Cloud applications and storage volumes often leave information at risk to theft, unauthorized exposure or malicious manipulation. The most critical part of a modern Cloud application and services is the data persistency layer and the database itself. To remedy this problem, PaaSword will introduce a holistic data privacy and security by design framework enhanced by sophisticated context-aware policy access models and robust policy access, decision, enforcement and governance mechanisms, which will enable the implementation of secure and transparent Cloudbased applications and services that will maintain a fully distributed and totally encrypted data persistence layer, and, thus, will foster customers' data protection, integrity and confidentiality, even in the case wherein there is no control over the underlying third-party Cloud resources utilized.
In particular, PaaSword intends not only to adopt the Cloud Security Alliance's Cloud security principles, but also to extend them by capitalizing on recent innovations on (a) distributed encryption and virtual database middleware technologies that introduce a scalable secure Cloud database abstraction layer combined with sophisticated distribution and encryption methods into the processing and querying of data stored in the Cloud; (b) context-aware access control that incorporate the dynamically changing contextual information into novel group policies implementing configurable context-based access control policies and context-dependent access rights to the stored data at various different levels; and (c) policy governance, modelling and annotation techniques that allows application developers to specify an appropriate level of protection for the application’s data, while the evaluation of whether an incoming request should be granted access to the target data takes dynamically place during application runtime.