Proposal ID: 644814
ICCS project ID: 63090100
Role: Partner
Acronym: PaaSword
Topic: ICT-07-2014
Type of action: RIA
Call identifier: H2020-ICT-2014-1

PaaSword : A Holistic Data Privacy and Security by Design Platform-as-a-Service Framework Introducing Distributed Encrypted Persistence in Cloud-based Applications

Duration in months: 36
Fixed keyword 1: Cloud Computing
Fixed keyword 2: Cloud Services
Free keywords: Cloud Security, Physical Distribution, Data Encryption, SQL & NoSQL Virtual Database (Proxy), Data Privacy & Security by Design, Policies Enforcement, XACML, Context-aware Policy Access

The vision of PaaSword is to maximize and fortify the trust of individual, professional and corporate customers to Cloud enabled services and applications, to safeguard both corporate and personal sensitive data stored on Cloud infrastructures and Cloud-based storage services, and to accelerate the adoption of Cloud computing technologies and paradigm shift from the European industry. Thus, PaaSword will introduce a holistic data privacy and security by design framework enhanced by sophisticated context-aware policy access models and robust policy access, decision, enforcement and governance mechanisms, which will enable the implementation of secure and transparent Cloud-based applications and services that will maintain a fully distributed and totally encrypted data persistence layer, and, thus, will foster customers’ data protection, integrity and confidentiality, even in the case wherein there is no control over the underlying third-party Cloud resources utilized. In particular, PaaSword intends not only to adopt the CSA Cloud security principles, but also to extend them by capitalizing on recent innovations on (a) distributed encryption and virtual database middleware technologies that introduce a scalable secure Cloud database abstraction layer combined with sophisticated distribution and encryption methods into the processing and querying of data stored in the Cloud; (b) context-aware access control that incorporate the dynamically changing contextual information into novel group policies implementing configurable context-based access control policies and context-dependent access rights to the stored data at various different levels; and (c) policy governance, modelling and annotation techniques that allows application developers to specify an appropriate level of protection for the application’s data, while the evaluation of whether an incoming request should be granted access to the target data takes dynamically place during application runtime.

Lab URL: http://imu.ntua.gr