Community Research and Development Information Service - CORDIS


PaaSword Report Summary

Project ID: 644814
Funded under: H2020-EU.

Periodic Reporting for period 1 - PaaSword (A Holistic Data Privacy and Security by Design Platform-as-a-Service Framework Introducing Distributed Encrypted Persistence in Cloud-based Applications)

Reporting period: 2015-01-01 to 2016-06-30

Summary of the context and overall objectives of the project

Despite its compelling benefits, only few enterprises make use of cloud computing. Security and data privacy concerns impede its wide adoption. The EU research & innovation project PaaSword addresses these challenges by developing a holistic security and privacy preserving framework.

Context, Motivation and Challenge:
Current cloud applications and storage volumes often leave information at risk to theft, unauthorized exposure or malicious manipulation. Thus, the benefits of cloud computing are still underexploited by many businesses and individuals. In order to unlock these valuable business benefits, security and data privacy concerns as main barriers in cloud adoption must be effectively addressed in a holistic way. PaaSword aims at fortifying the trust of individuals and corporate customers in cloud services and increasing the adoption rate of cloud-based solutions by securing the most critical target, the data persistency
layer and the database itself. The focus is on safeguarding both corporate and personal data for cloud infrastructures and storage services. The project addresses the current major data security challenges, posed by the Cloud Security Alliance, and provides essential knowledge to organizations that wish to securely migrate to the cloud.

PaaSword introduces a holistic data privacy and security by design framework with main aim to protect users’ sensitive data stored in the cloud. The framework is based on a searchable encryption scheme enhanced with sophisticated context-aware access control mechanisms. An innovative approach for key management maximizes customers‘ control over their data. PaaSword extends the Cloud Security Alliance‘s cloud security principles by capitalizing on recent innovations in virtual database middleware technologies that introduce a scalable secure cloud database abstraction layer with sophisticated data distribution and encryption methods.
The implementation of enterprise security governance in cloud environments is supported by a novel approach towards context-aware access control mechanisms that incorporate dynamically changing contextual information into access control policies and context-dependent access rights to data stored in the cloud. Finally, PaaSword supports developers of cloud applications through code annotation techniques that allow specifying an appropriate level of protection for the application‘s data.

Expected Results:
- PaaSword holistic framework
- Reference architecture
- Searchable encryption scheme for secure queries
- Policy access & context-aware security models
- Policy enforcement middleware
- Dedicated IDE plug-in
- Five PaaSword demonstrators

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

Launched on 1st of January 2015, PaaSword project is run by a consortium of ten partners and is expected to be completed within 36 months. Within the first project period months M1-M18 (January 2015 - June 2016), the consortium has successfully completed two work package, eleven tasks, and 18 deliverables (excl. this Periodic Progress Report). All five milestones defined for the first reporting period have been successfully achieved, as well as all relevant goals and sub-goals. The consortium has laid comprehensive groundwork for all activities following in the upcoming second half of the reporting period and expects PaaSword to be on time and in alignment with all defined goals.

The first project phase – the design phase (months M1-M12) – has seen the kick-off of WP 1 – WP 4 and WP 7 and the structuring of the main work environments, management structures and administrative templates in work package 8. The project kick-off meeting took place on January 15-16, 2015, in Karlsruhe, Germany, to ensure collaborative work among the project partners right from the beginning and was followed by regular plenary meetings every three months.

The main focus of the project during the design phase was:
• The analysis of the state-of-the-art with respect to cloud storage security and techniques, context-awareness and security policies as well as the derivation of technical, non-technical and security requirements that will guide the development of PaaSword concepts, architecture and mechanisms;
• The definition of the PaaSword reference architecture describing the main components and the conceptual interaction between them as well as implementation guidelines on how interested parties can build their own PaaSword-enabled services by creating variations that will better fit their specific needs;
• The definition of security use cases describing the implementation scenarios within the pilots as well as the definition of acceptance criteria for the validation of the mechanisms to be developed;
• The development of a model for semantically describing associations between types of access depending on the data objects and (contextual) circumstances under which this access should be granted or denied;
• The description of ontologically access control policies taking into account all the relevant contextual attributes pertaining to the data objects, the entities that are trying to access them and the operations that they desire to perform.

The last six months of the first reporting period ushered phase II – the development and integration phase (months M13-M27) covering mainly the research activities of WP3, WP4 and WP5, concerning the technical design, implementation and integration of all the mechanisms comprising the PaaSword framework, adopting a two-cycle development and integration approach, delivering the early prototypes of WP3 and WP4 mechanisms in M18. To that end, significant progress has been made regarding the following directions:
• The provision of the XACML compliant context-aware security model for declaratively describing access control policies that are easily interpretable into policy enforcement rules;
• The design and implementation (1st iteration) of all the appropriate mechanisms forming the PaaSword policies access, decision and enforcement middleware that encapsulates capabilities for annotating and managing data access object annotations, for controlling their validity, for dynamically interpreting them into policy enforcement rules, for enforcing these policies based on asymmetric cryptography principles;
• The analysis of best suited distribution algorithms and encryption schemes and the specification and realization (1st iteration) of the distribution and encryption mechanism of PaaSword;
• The detailed definition of the technical integrated endpoints and proactive planning of the integration of the software components and mechanisms developed;
• The definition of the evaluation framework and the specification of the pilot validation scenarios to provide a frame and prepare the upcoming actual demonstrator implementations, evaluation execution and feedback collection.

Coordination activities have accompanied the scientific and technical activities in order to ensure achieving consistent results through communication and collaboration among the partners as well as with the community outside the consortium. To that end PaaSword has established the Advisory Board and the Cloud Security Industrial Focus Group, for which the consortium set up various activities like two Advisory Board Meetings, a separate private member area on the website or surveys, and contributions to activities of CloudWATCH, the “Data Protection, Security and Privacy in the Cloud Cluster” and ETSI Cloud Standards Coordination working group.

In addition, several successes with respect to dissemination and communication can be reported (part of WP7) such as:
• ten publications accepted
• additional three Journal publications submitted
• first scientific Cloud Security and Data Privacy by Design Workshop organized and
• more than 70 communication activities implemented among others
o a presentation of PaaSword results to EU Commissioner Günther Oettinger at Net Futures 2016
o a Networking Session at the ICT 2015 conference and
o a joint workshop with the EU project PANOPTESEC.
At the same time, WP7 started identifying and gathering a tree of exploitable assets and elaborated potential business plans and market analysis associated with them.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

PaaSword directly addresses one of the most critical issues with security of cloud technologies. It maximizes the trust of individuals and corporate customers in cloud applications and services, as well as enhances the ability of the European software and Cloud Computing industry to deliver them. PaaSword is expected to enable European enterprises to unlock valuable business, economic and operational benefits of migrating to the cloud. It aims to attract new groups of customers and thus unlock significant economic growth and impact.
In fact, the EU General Data Protection Regulation adopted on 27 April 2016 shows the urgent need for solutions like PaaSword. PaaSword will be fully compliant with and support cloud application developers and providers in being prepared for this new regulation in 2018. Thus, PaaSword will accelerate the adoption of Cloud Computing and further improve the competitive position of cloud providers. Five demonstrators will prove PaaSword's potential in PaaS, Public sector, Logistics chain, CRM and ERP related use cases.

Related information

Record Number: 192781 / Last updated on: 2016-12-13