PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

Yiannis Verginadis, Antonis Michalas, Panagiotis Gouvas, Gunther Schiefer, Gerald Hübsch, Iraklis Paraskakis

2015

Abstract

The valuable transformation of organizations that adopt cloud computing is indisputably accompanied by a number of security threats that should be considered. In this paper, we outline significant security challenges presented when migrating to a cloud environment and propose PaaSword – a novel holistic, data privacy and security by design, framework that aspires to alleviate them. The envisaged framework intends to maximize and fortify the trust of individual, professional and corporate users to cloud services. Specifically, PaaSword involves a context-aware security model, the necessary policies enforcement and governance mechanisms along with a physical distribution, encryption and query middleware, aimed at facilitating the implementation of secure and transparent cloud-based applications.

References

  1. Alliance, C. S. (2013). The notorious nine - cloud computing top threats in 2013.
  2. Bösch, C., Hartel, P., Jonker, W., and Peter, A. (2014). A survey of provably secure searchable encryption. ACM Comput. Surv., 47(2):18:1-18:51.
  3. Cleeff, A. v., Pieters, W., and Wieringa, R. (2010). Benefits of location-based access control: A literature study. In Proceedings of the 2010 IEEE/ACM Int'L Conference on Green Computing and Communications & Int'L Conference on Cyber, Physical and Social Computing, GREENCOM-CPSCOM 7810, pages 739-746, Washington, DC, USA. IEEE Computer Society.
  4. Costabello, L., Villata, S., and Gandon, F. (2012). Contextaware access control for rdf graph stores. In Raedt, L. D., Bessire, C., Dubois, D., Doherty, P., Frasconi, P., Heintz, F., and Lucas, P. J. F., editors, ECAI, volume 242 of Frontiers in Artificial Intelligence and Applications, pages 282-287. IOS Press.
  5. Covington, M. J., Long, W., Srinivasan, S., Dev, A. K., Ahamad, M., and Abowd, G. D. (2001). Securing context-aware applications using environment roles. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, SACMAT 7801, pages 10-20, New York, NY, USA. ACM.
  6. Decker, M. (2011). Modelling of location-aware access control rules. In Handbook of Research on Mobility and Computing: Evolving Technologies and Ubiquitous Impacts, pages 912-929. IGI Global.
  7. Dey, A. K. (2001). Understanding and using context. Personal Ubiquitous Comput., 5(1):4-7.
  8. Dolev, D. and Yao, A. C. (1983). On the security of public key protocols. Information Theory, IEEE Transactions, 29(2):198-208.
  9. Ferrari, E. (2010). Access Control in Data Management Systems. Morgan and Claypool Publishers.
  10. Gabel, M. and Hübsch, G. (2014). Secure database outsourcing to the cloud using the mimosecco middleware. In Krcmar, H., Reussner, R., and Rumpe, B., editors, Trusted Cloud Computing, pages 187-202. Springer International Publishing.
  11. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., and Boneh, D. (2003). Terra: A virtual machine-based platform for trusted computing. In ACM SIGOPS Operating Systems Review, volume 37, pages 193-206.
  12. Gentry, C. (2009). tion Scheme. AAI3382729. A Fully Homomorphic Encryp-
  13. Huber, M., Gabel, M., Schulze, M., and Bieber, A. (2013). Cumulus4j: A provably secure database abstraction layer. In Cuzzocrea, A., Kittl, C., Simos, D. E., Weippl, E., Xu, L., Cuzzocrea, A., Kittl, C., Simos, D. E., Weippl, E., and Xu, L., editors, CD-ARES Workshops, volume 8128 of Lecture Notes in Computer Science, pages 180-193. Springer.
  14. IBM (2011). Security and high availability in cloud computing environments. Technical report, IBM SmartCloud Enterprise, East Lansing, Michigan.
  15. Kamara, S. and Lauter, K. (2010). Cryptographic cloud storage. In Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J., Sako, K., and Seb, F., editors, Financial Cryptography and Data Security, volume 6054 of Lecture Notes in Computer Science, pages 136-149. Springer Berlin Heidelberg.
  16. Kayes, A. S. M., Han, J., and Colman, A. (2013). An ontology-based approach to context-aware access control for software services. In Lin, X., Manolopoulos, Y., Srivastava, D., and Huang, G., editors, WISE (1), volume 8180 of Lecture Notes in Computer Science, pages 410-420. Springer.
  17. Kourtesis, D. and Paraskakis, I. (2012). A registry and repository system supporting cloud application platform governance. In Proceedings of the 2011 International Conference on Service-Oriented Computing, ICSOC'11, pages 255-256, Berlin, Heidelberg. Springer-Verlag.
  18. Krasner, G. E. and Pope, S. T. (1988). A cookbook for using the model-view controller user interface paradigm in smalltalk-80. J. Object Oriented Program., 1(3):26- 49.
  19. Michalas, A. and Komninos, N. (2014). The lord of the sense: A privacy preserving reputation system for participatory sensing applications. In Computers and Communication (ISCC), 2014 IEEE Symposium, pages 1-6. IEEE.
  20. Michalas, A., Komninos, N., Prasad, N. R., and Oleshchuk, V. A. (2010). New client puzzle approach for dos resistance in ad hoc networks. In Information Theory and Information Security (ICITIS), 2010 IEEE International Conference, pages 568-573. IEEE.
  21. Michalas, A., Paladi, N., and Gehrmann, C. (2014). Security aspects of e-health systems migration to the cloud. In e-Health Networking, Applications and Services (Healthcom), 2014 IEEE 16th International Conference on, pages 212-218. IEEE.
  22. Micro, T. (2010). The need for cloud computing security. In A Trend Micro White Paper.
  23. Paladi, N. and Michalas, A. (2014). “One of our hosts in another country”: Challenges of data geolocation in cloud storage. In Wireless Communications, Vehicular Technology, Information Theory and Aerospace Electronic Systems (VITAE), 2014 4th International Conference on, pages 1-6.
  24. Paladi, N., Michalas, A., and Gehrmann, C. (2014). Domain based storage protection with secure access control for the cloud. In Proceedings of the 2014 International Workshop on Security in Cloud Computing, ASIACCS 7814, New York, NY, USA. ACM.
  25. Popa, R. A., Redfield, C. M. S., Zeldovich, N., and Balakrishnan, H. (2011). Cryptdb: Protecting confidentiality with encrypted query processing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP 7811, pages 85-100, New York, NY, USA. ACM.
  26. Santos, N., Gummadi, K. P., and Rodrigues, R. (2009). Towards trusted cloud computing. In Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, HotCloud'09, Berkeley, CA, USA. USENIX.
  27. Zhang, F., Chen, J., Chen, H., and Zang, B. (2011). Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pages 203-216. ACM.
Download


Paper Citation


in Harvard Style

Verginadis Y., Michalas A., Gouvas P., Schiefer G., Hübsch G. and Paraskakis I. (2015). PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services . In Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-104-5, pages 206-213. DOI: 10.5220/0005489302060213


in Bibtex Style

@conference{closer15,
author={Yiannis Verginadis and Antonis Michalas and Panagiotis Gouvas and Gunther Schiefer and Gerald Hübsch and Iraklis Paraskakis},
title={PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services},
booktitle={Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2015},
pages={206-213},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005489302060213},
isbn={978-989-758-104-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services
SN - 978-989-758-104-5
AU - Verginadis Y.
AU - Michalas A.
AU - Gouvas P.
AU - Schiefer G.
AU - Hübsch G.
AU - Paraskakis I.
PY - 2015
SP - 206
EP - 213
DO - 10.5220/0005489302060213