The valuable transformation of organizations that adopt cloud computing is indisputably accompanied by a number of security threats that should be considered. PaaSword introduces a novel holistic, data privacy and security by design, framework that aspires to alleviate them. The envisaged framework intends to maximize and fortify the trust of individual, professional and corporate users to cloud services. Specifically, PaaSword involves a context-aware security model, the necessary policies enforcement and governance mechanisms along with a physical distribution, encryption and query middleware, aimed at facilitating the implementation of secure and transparent cloud-based applications. PaaSword will provide storage protection mechanisms, which will improve confidentiality and integrity protection of users’ data in the cloud while it will not affect the data access functionality.

The main objectives of PaaSword are:

  • to leverage the security and trust of Cloud infrastructures and services, incorporating technological, security and legal requirements coming from the industry, the research community, the Cloud platform vendors and services providers, as well as the Cloud applications users into a flexible and scalable architecture for adding distributed encrypted persistence in Cloud applications and services.

  • to facilitate context-aware, ad-hoc decryption and access to encrypted and physically distributed datasets stored in Cloud infrastructures and services, incorporating sophisticated, ontology-based security and group policies models that take into account context sensitive information (e.g. the location, the device type and the application/services usage patterns of the end-user) and determining on the fly (during the application's run time) whether an incoming request should be granted access to the target data.

  • to enable the engineering of data privacy and security by design Cloud services and applications, providing developers and software engineers with an IDE plug-in incorporating a set of mechanisms and interpreters for annotating the data access objects of their application with access right related concepts (at design time) and for dynamically interpreting them into policy enforcement rules (at run time).

  • to ensure the protection, privacy and integrity of the data stored in Cloud infrastructures and services, even in the case of security breaches and data losses, incorporating sophisticated distribution algorithms and encryption schemes that provide PaaSword with the capability to satisfy security needs like privacy, integrity and availability.

  • to prove the applicability, usability, effectiveness and value of the PaaSword concepts, models and mechanisms in industrial, real-life Cloud infrastructures, services and applications, demonstrating and stress-testing the developed PaaSword artefacts under pragmatic conditions against a pre-defined set of Cloud security use cases and scenarios.

Read all about it at the project's web site.

Thursday, January 1, 2015