paasword - technology baseline
TRANSCRIPT
www.paasword.eu
PaaSword Technology Baseline
Innovathens 10/11/2016
Outline
PaaSword in a Nutshell
Involved Actors & Threat Landscape
High Level Architecture
Distributed Searchable Encryption Engine
Semantic Authorization Engine
PaaSword18/11/2016 2
PaaSword in a Nutshell
Security and Privacy by-design Framework?It is a framework that if it is adopted it provides increased security and privacy guarantees
Adopted by whom?Application Developers (it offers client libraries that have to be used by devs)
DevOps users (it offers management interface for the two offered mechanisms)
What kind of security guarantees ?
PaaSword18/11/2016 3
Involved Actors & Threat Landscape
PaaSword18/11/2016 4
Data can be circumvented/stolen
Internal or external adversary
Execution environment
may be subjected to privilege
escalation
Authorization scheme
may be static or
even hardcoded
Framework Security Guarantees
Framework GuaranteesMitigation of cyber threats that derive by malicious administrators that administer ‘trusted’ Infrastructural resources
Minimization of breaking a privacy scheme through statistical attacks that rely on pattern identification
Efficient security Policy enforcement through the decoupling of Policy Definition and Policy Evaluation
PaaSword18/11/2016 5
How?
Two distinct mechanisms1 – Distributed Searchable Encryption Engine
An engine that allows the transformation of any relational schema to a fragmentation scheme that respects user-defined privacy constraints
The new schema is functionally equivalent with the original; yet it relies on multiple IaaS providers
2 – Semantic Policy Authorization Engine
An engine that allows the decoupling of policy enforcement and policy definition
Decoupling is meaningful both during development and execution
PaaSword18/11/2016 6
PaaSword Walkthrough
PaaSword18/11/2016 7
Mechanism 1 - Distributed Searchable Encryption Engine
Why plain Transparent Encryption Decryption is not enough ?You loose a lot of SQL expressivity
Vulnerable to statistical attacks
PaaSword18/11/2016 8
PaaSword Annotations PaaSword Controller
What are Annotations?
Annotations are a form of metadata that provide data about a program that is not part of the program itself
They can be used using three different strategiesSource Generation Strategy
Bytecode Transformation Strategy
Runtime Reflection Strategy
PaaSword uses annotations toDefine Entity Model which will be protected using advanced fragmentation techniques
PaaSword18/11/2016 9
How JPA works?
PaaSword18/11/2016 10
PaaSword JPA
PaaSword18/11/2016 11
Several types of
Annotations:
1) Data Object
Definition
2) Encryption &
Distribution
Virtual Database Proxy
PaaSword18/11/2016 12
Data Index2Index1
SQL
SQLDatabaseProxy
(trusted)
SQL
Cloud(untrusted)
User / Application
Data(not encrypted)
Data (encrypted)
What about Key Creation/Sharing Policies?
13
Overview Of Policies
14
Policy /Characteristic Where is the TED taking
place?
TED Key Generation TED Key Usage & Sharing
Policy
Modification of target
schema
SQL support
P1 In the PaaS container Generated once during
bootstrapping (in a Tenant
Trusted Zone) and stored
in-memory by the
application
It is recovered by the
memory on demand per
each query execution
No Modification Yes
P2 In the PaaS container One key is generated per
Tenant (in a Tenant
Trusted Zone) and a pair of
user_key container_key is
generated out of this
tenant_key
It is recomposed by the
combination of a user_key
and a container_key per
each query_execution
No Modification Yes
P3 Outside the container in a
Tenant Trusted Zone
Generated once in a
Tenant Trusted Zone
E/D Key is used only in the
Tenant Trusted Zone
No Modification No
P4 In the PaaS container Generated once during
bootstrapping (in a Tenant
Trusted Zone) and stored
in-memory by the
application
It is recovered by the
memory on demand per
each query execution
Modifications required No
P5 In the PaaS container One key is generated per
Tenant (in a Tenant
Trusted Zone) and a pair of
user_key container_key is
generated out of this
tenant_key
It is recomposed by the
combination of a user_key
and a container_key per
each query_execution
Modifications required No
Comparative Analysis
15
Mechanism 2 – Semantic Policy Authorization Engine
Why not an existing authorization engine?Based on authorization metamodel
MAC, DAC, RBAC, ABAC
ABAC is considered dominant (from NIST)
Which Standard? and which Implementation of the Standard?
De-facto ABAC standard is XA-CML
Limitations of reference Implementation
Balana Engine (pure syntactic execution of rules)
PaaSword18/11/2016 16
Semantic Policy Enforcement
PaaSword18/11/2016 17
Ac
ce
ss C
on
tro
l
PaaSword Context
Model
PaaSword18/11/2016 18
Questions?
Visit us:
www.paasword.euAcknowledgements:This project has received funding from the
European Union’s Horizon 2020 research and innovation programme under grant
agreement No 644814.