www.paasword.eu

PaaSword Technology Baseline

Innovathens 10/11/2016

Outline

PaaSword in a Nutshell

Involved Actors & Threat Landscape

High Level Architecture

Distributed Searchable Encryption Engine

Semantic Authorization Engine

PaaSword18/11/2016 2

PaaSword in a Nutshell

Security and Privacy by-design Framework?It is a framework that if it is adopted it provides increased security and privacy guarantees

Adopted by whom?Application Developers (it offers client libraries that have to be used by devs)

DevOps users (it offers management interface for the two offered mechanisms)

What kind of security guarantees ?

PaaSword18/11/2016 3

Involved Actors & Threat Landscape

PaaSword18/11/2016 4

Data can be circumvented/stolen

Internal or external adversary

Execution environment

may be subjected to privilege

escalation

Authorization scheme

may be static or

even hardcoded

Framework Security Guarantees

Framework GuaranteesMitigation of cyber threats that derive by malicious administrators that administer ‘trusted’ Infrastructural resources

Minimization of breaking a privacy scheme through statistical attacks that rely on pattern identification

Efficient security Policy enforcement through the decoupling of Policy Definition and Policy Evaluation

PaaSword18/11/2016 5

How?

Two distinct mechanisms1 – Distributed Searchable Encryption Engine

An engine that allows the transformation of any relational schema to a fragmentation scheme that respects user-defined privacy constraints

The new schema is functionally equivalent with the original; yet it relies on multiple IaaS providers

2 – Semantic Policy Authorization Engine

An engine that allows the decoupling of policy enforcement and policy definition

Decoupling is meaningful both during development and execution

PaaSword18/11/2016 6

PaaSword Walkthrough

PaaSword18/11/2016 7

Mechanism 1 - Distributed Searchable Encryption Engine

Why plain Transparent Encryption Decryption is not enough ?You loose a lot of SQL expressivity

Vulnerable to statistical attacks

PaaSword18/11/2016 8

PaaSword Annotations PaaSword Controller

What are Annotations?

Annotations are a form of metadata that provide data about a program that is not part of the program itself

They can be used using three different strategiesSource Generation Strategy

Bytecode Transformation Strategy

Runtime Reflection Strategy

PaaSword uses annotations toDefine Entity Model which will be protected using advanced fragmentation techniques

PaaSword18/11/2016 9

How JPA works?

PaaSword18/11/2016 10

PaaSword JPA

PaaSword18/11/2016 11

Several types of

Annotations:

1) Data Object

Definition

2) Encryption &

Distribution

Virtual Database Proxy

PaaSword18/11/2016 12

Data Index2Index1

SQL

SQLDatabaseProxy

(trusted)

SQL

Cloud(untrusted)

User / Application

Data(not encrypted)

Data (encrypted)

What about Key Creation/Sharing Policies?

13

Overview Of Policies

14

Policy /Characteristic Where is the TED taking

place?

TED Key Generation TED Key Usage & Sharing

Policy

Modification of target

schema

SQL support

P1 In the PaaS container Generated once during

bootstrapping (in a Tenant

Trusted Zone) and stored

in-memory by the

application

It is recovered by the

memory on demand per

each query execution

No Modification Yes

P2 In the PaaS container One key is generated per

Tenant (in a Tenant

Trusted Zone) and a pair of

user_key container_key is

generated out of this

tenant_key

It is recomposed by the

combination of a user_key

and a container_key per

each query_execution

No Modification Yes

P3 Outside the container in a

Tenant Trusted Zone

Generated once in a

Tenant Trusted Zone

E/D Key is used only in the

Tenant Trusted Zone

No Modification No

P4 In the PaaS container Generated once during

bootstrapping (in a Tenant

Trusted Zone) and stored

in-memory by the

application

It is recovered by the

memory on demand per

each query execution

Modifications required No

P5 In the PaaS container One key is generated per

Tenant (in a Tenant

Trusted Zone) and a pair of

user_key container_key is

generated out of this

tenant_key

It is recomposed by the

combination of a user_key

and a container_key per

each query_execution

Modifications required No

Comparative Analysis

15

Mechanism 2 – Semantic Policy Authorization Engine

Why not an existing authorization engine?Based on authorization metamodel

MAC, DAC, RBAC, ABAC

ABAC is considered dominant (from NIST)

Which Standard? and which Implementation of the Standard?

De-facto ABAC standard is XA-CML

Limitations of reference Implementation

Balana Engine (pure syntactic execution of rules)

PaaSword18/11/2016 16

Semantic Policy Enforcement

PaaSword18/11/2016 17

Ac

ce

ss C

on

tro

l

PaaSword Context

Model

PaaSword18/11/2016 18

Questions?

Visit us:

www.paasword.euAcknowledgements:This project has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 644814.