A Holistic Data Privacy and Security by Design Platform-as-a-Service Framework Introducing Distributed Encrypted Persistence in Cloud-based Applications

Objective

The vision of PaaSword is to maximize and fortify the trust of individual, professional and corporate customers to Cloud -enabled services and applications, to safeguard both corporate and personal sensitive data stored on Cloud infrastructures and Cloud-based storage services, and to accelerate the adoption of Cloud computing technologies and paradigm shift from the European industry. Thus, PaaSword will introduce a holistic data privacy and security by design framework enhanced by sophisticated context-aware policy access models and robust policy access, decision, enforcement and governance mechanisms, which will enable the implementation of secure and transparent Cloud-based applications and services that will maintain a fully distributed and totally encrypted data persistence layer, and, thus, will foster customers' data protection, integrity and confidentiality, even in the case wherein there is no control over the underlying third-party Cloud resources utilized.
In particular, PaaSword intends not only to adopt the CSA Cloud security principles, but also to extend them by capitalizing on recent innovations on (a) distributed encryption and virtual database middleware technologies that introduce a scalable secure Cloud database abstraction layer combined with sophisticated distribution and encryption methods into the processing and querying of data stored in the Cloud; (b) context-aware access control that incorporate the dynamically changing contextual information into novel group policies implementing configurable context-based access control policies and context-dependent access rights to the stored data at various different levels; and (c) policy governance, modelling and annotation techniques that allows application developers to specify an appropriate level of protection for the application’s data, while the evaluation of whether an incoming request should be granted access to the target data takes dynamically place during application runtime.

Fields of science (EuroSciVoc)

CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques.

• natural sciencescomputer and information sciencescomputer securityaccess control
• social sciencessociologygovernance
• natural sciencescomputer and information sciencescomputer securitydata protection
• natural sciencescomputer and information sciencescomputer securitycryptography
• natural sciencescomputer and information sciencescomputer securitynetwork security

Keywords

• Cloud Security
• Physical Distribution
• Data Encryption
• SQL & NoSQL Virtual Database (Proxy)
• Data Privacy & Security by Design
• Policies Enforcement
• XACML
• Context-aware Policy Access

Programme(s)

• H2020-EU.2.1.1. - INDUSTRIAL LEADERSHIP - Leadership in enabling and industrial technologies - Information and Communication Technologies (ICT) Main Programme
• H2020-EU.2.1.1.3. - Future Internet: Software, hardware, Infrastructures, technologies and services

Topic(s)

• ICT-07-2014 - Advanced Cloud Infrastructures and Services

Funding Scheme

Coordinator

Participants (9)