Journal of Grid Computing

, Volume 15, Issue 2, pp 219–234 | Cite as

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

  • Yiannis Verginadis
  • Antonis Michalas
  • Panagiotis Gouvas
  • Gunther Schiefer
  • Gerald Hübsch
  • Iraklis Paraskakis
Open Access


Enterprises increasingly recognize the compelling economic and operational benefits from virtualizing and pooling IT resources in the cloud. Nevertheless, the significant and valuable transformation of organizations that adopt cloud computing is accompanied by a number of security threats that should be considered. In this paper, we outline significant security challenges presented when migrating to a cloud environment and propose PaaSword – a novel holistic framework that aspires to alleviate these challenges. Specifically, the proposed framework involves a context-aware security model, the necessary policies enforcement mechanism along with a physical distribution, encryption and query middleware.


Data privacy Security by design Context-aware access control Symmetric searchable encryption Cloud computing 


  1. 1.
    Alliance, C.S.: The notorious nine – cloud computing top threats in 2013 (2013)Google Scholar
  2. 2.
    Bösch, C., Hartel, P., Jonker, W., Peter, A.: A survey of provably secure searchable encryption. ACM Comput. Surv. 47(2), 18:1–18:51 (2014). doi: CrossRefGoogle Scholar
  3. 3.
    Boustia, N., Mokhtari, A.: Representation and reasoning on orbac: Description logic with defaults and exceptions approach. In: Third International Conference on Availability, Reliability and Security.ARES 08, pp. 1008–1012. doi: 10.1109/ARES.2008.144 (2008)
  4. 4.
    Chandran, S.M., Joshi, J.B.D.: Lot-rbac: a location and time-based rbac model. In: Proceedings of the 6th International Conference on Web Information Systems Engineering, pp. 361–375. Springer, Berlin, WISE’05. doi: 10.1007/11581062_27 (2005)
  5. 5.
    Cleeff, A.V., Pieters, W., Wieringa, R.: Benefits of location-based access control: A literature study. In: Proceedings of the 2010 IEEE/ACM Int’L Conference on Green Computing and Communications & Int’L Conference on Cyber, Physical and Social Computing, pp 739–746. IEEE Computer Society, Washington, DC, GREENCOM-CPSCOM ’10. doi: 10.1109/GreenCom-CPSCom.2010.148 (2010)
  6. 6.
    Costabello, L., Villata, S., Gandon, F.: Context-aware access control for rdf graph stores. In: Raedt, L.D., Bessière, C., Dubois, D., Doherty, P., Frasconi, P., Heintz, F., Lucas, P.J.F. (eds.) ECAI, IOS Press, Frontiers in Artificial Intelligence and Applications, vol 242, pp 282–287. (2012)
  7. 7.
    Covington M.J., Long W., Srinivasan S., Dev A.K., Ahamad M., Abowd G.D.: Securing context-aware applications using environment roles. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, ACM, New York, NY, USA, SACMAT ’01, pp 10–20. doi: (2001)
  8. 8.
    Decker, M.: Modelling of location-aware access control rules. In: Handbook of Research on Mobility and Computing: Evolving Technologies and Ubiquitous Impacts, pp. 912–929. IGI Global. doi: 10.4018/978-1-60960-042-6.ch057 (2011)
  9. 9.
    Dey, A.K.: Understanding and using context. Pers. Ubiquit. Comput. 5(1), 4–7 (2001). doi: 10.1007/s007790170019 MathSciNetCrossRefGoogle Scholar
  10. 10.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Dowsley, R., Michalas, A., Nagel, M.: A report on design and implementation of protected searchable data in iaas. Tech. rep. Swedish Institute of Computer Science (SICS) (2016)Google Scholar
  12. 12.
    Ferrari, E.: Access Control in Data Management Systems. Morgan and Claypool Publishers (2010)Google Scholar
  13. 13.
    Gabel, M., Hübsch, G.: Secure database outsourcing to the cloud using the mimosecco middleware. In: Krcmar, H., Reussner, R., Rumpe, B. (eds.) Trusted Cloud Computing, pp 187–202. Springer International Publishing, Berlin (2014),  10.1007/978-3-319-12718-7_12
  14. 14.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: ACM SIGOPS Operating Systems Review, vol. 37, pp. 193–206 (2003)Google Scholar
  15. 15.
    Gentry C.: A fully homomorphic encryption scheme. PhD thesis, Stanford, CA, USA, aAI3382729 (2009)Google Scholar
  16. 16.
    Gruber, T.R.: Toward principles for the design of ontologies used for knowledge sharing. Int. J. Hum.-Comput. Stud. 43(5–6), 907–928 (1995). doi: 10.1006/ijhc.1995.1081 CrossRefGoogle Scholar
  17. 17.
    Hu, H., Ahn, G.J., Kulkarni, K.: Ontology-based policy anomaly management for autonomic computing. In: 2011 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 487–494 (2011)Google Scholar
  18. 18.
    Huber, M., Gabel, M., Schulze, M., Bieber, A.: Cumulus4j: a provably secure database abstraction layer. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L., Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES Workshops, Springer, Lecture Notes in Computer Science, vol. 8128, pp. 180–193. (2013)
  19. 19.
    IBM: Security and high availability in cloud computing environments. Tech. rep. IBM SmartCloud Enterprise, East Lansing. (2011)
  20. 20.
    Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J., Sako, K., Sebé, F. (eds.) Financial Cryptography and Data Security, Lecture Notes in Computer Science, vol 6054. doi: 10.1007/978-3-642-14992-4_13  10.1007/978-3-642-14992-4_13, pp 136–149. Springer, Berlin (2010)Google Scholar
  21. 21.
    Kayes, A.S.M., Han, J., Colman, A.: An ontology-based approach to context-aware access control for software services. In: Lin, X., Manolopoulos, Y., Srivastava, D., Huang, G. (eds.) WISE (1), Springer, Lecture Notes in Computer Science, vol. 8180, pp. 410–420.
  22. 22.
    Khan, A.R.: Access control in cloud computing environment. ARPN J. Eng. Appl. Sci. 7(5), 613–615 (2012)Google Scholar
  23. 23.
    Kourtesis D., Paraskakis I.: A registry and repository system supporting cloud application platform governance. In: Proceedings of the 2011 International Conference on Service-Oriented Computing, pp. 255–256. Springer, Berlin, ICSOC’11. doi: 10.1007/978-3-642-31875-7_36 (2012)
  24. 24.
    Krasner, G.E., Pope, S.T.: A cookbook for using the model-view controller user interface paradigm in smalltalk-80. J Object Oriented Program 1(3), 26–49 (1988) []Google Scholar
  25. 25.
    Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, ACM, New York, NY, USA, SACMAT ’08, pp 113–122. doi: (2008)
  26. 26.
    Lodderstedt T., Basin D.A., Doser J.: Secureuml: a uml-based modeling language for model-driven security. In: Proceedings of the 5th International Conference on The Unified Modeling Language, UML ’02, pp 426–441. Springer, London. (2002)
  27. 27.
    Michalas, A., Dowsley, R.: Towards trusted ehealth services in the cloud. In: 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD’15), co-located with the 8th IEEE/ACM International Conference on Utility and Cloud Computing (UCC), IEEE/ACM (2015)Google Scholar
  28. 28.
    Michalas, A., Komninos, N.: The lord of the sense: A privacy preserving reputation system for participatory sensing applications. In: Computers and Communication (ISCC), 2014 IEEE Symposium, pp 1–6. IEEE (2014)Google Scholar
  29. 29.
    Michalas, A., Komninos, N., Prasad, N.R., Oleshchuk, V.A.: New client puzzle approach for dos resistance in ad hoc networks. In: 2010 IEEE International Conference Information Theory and Information Security (ICITIS), pp. 568–573. IEEE (2010)Google Scholar
  30. 30.
    Michalas, A., Paladi, N., Gehrmann, C.: Security aspects of e-health systems migration to the cloud. In: 2014 IEEE 16th International Conference on e-Health Networking, Applications and Services (Healthcom), pp 212–218. IEEE (2014)Google Scholar
  31. 31.
    Micro, T.: The need for cloud computing security. In: A Trend Micro White Paper (2010)Google Scholar
  32. 32.
    Nejdl, W., Olmedilla, D., Winslett, M., Zhang, C.C.: Ontology-based policy specification and management. In: Proceedings of the Second European Conference on the Semantic Web: Research and Applications, ESWC’05, pp 290–302. Springer, Berlin. doi: 10.1007/11431053_20 (2005)
  33. 33.
    Paladi, N., Michalas, A.: One of our hosts in another country: challenges of data geolocation in cloud storage. In: 2014 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace Electronic Systems (VITAE), pp. 1–6. doi: 10.1109/VITAE.2014.6934507 (2014)
  34. 34.
    Paladi, N., Michalas, A., Gehrmann, C.: Domain based storage protection with secure access control for the cloud. In: Proceedings of the 2014 International Workshop on Security in Cloud Computing, ASIACCS ’14. ACM, New York. doi: 10.1145/2600075.2600082 (2014)
  35. 35.
    Paladi, N., Gehrmann, C., Michalas, A.: Providing user security guarantees in public infrastructure clouds. IEEE Trans. on Cloud Comput. PP(99), 1–1 (2016). doi: 10.1109/TCC.2016.2525991 CrossRefGoogle Scholar
  36. 36.
    Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: Cryptdb: Protecting confidentiality with encrypted query processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP ’11, pp 85–100. ACM, New York. doi:
  37. 37.
    Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, USENIX, Berkeley, CA, HotCloud’09. (2009)
  38. 38.
    Shen, H., Cheng, Y.: A context-aware semantic-based access control model for mobile web services. In: Shen, G., Huang, X. (eds.) Advanced Research on Computer Science and Information Engineering, Communications in Computer and Information Science, vol 153. doi: 10.1007/978-3-642-21411-0_21, pp 132–139. Springer, Berlin (2011)CrossRefGoogle Scholar
  39. 39.
    Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: A semantic context-aware access control framework for secure collaborations in pervasive computing environments. In: Proceedings of the 5th International Conference on The Semantic Web, ISWC’06, pp 473–486. Springer, Berlin. doi: 10.1007/11926078_34 (2006)
  40. 40.
    Uszok, A., Bradshaw, J.M., Johnson, M., Jeffers, R., Tate, A., Dalton, J., Aitken, S.: Kaos policy management for semantic web services. IEEE Intell. Syst. 19(4), 32–41 (2004). doi: 10.1109/MIS.2004.31 CrossRefGoogle Scholar
  41. 41.
    Verginadis, Y., Mentzas, G., Veloudis, S., Paraskakis, I.: A survey on context security policies. In: 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD’15), co-located with the 8th IEEE/ACM International Conference on Utility and Cloud Computing (UCC), IEEE/ACM (2015)Google Scholar
  42. 42.
    Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp 203–216. ACM (2011)Google Scholar

Copyright information

© The Author(s) 2017

Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (, which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Authors and Affiliations

  • Yiannis Verginadis
    • 1
  • Antonis Michalas
    • 2
  • Panagiotis Gouvas
    • 3
  • Gunther Schiefer
    • 4
  • Gerald Hübsch
    • 5
  • Iraklis Paraskakis
    • 6
  1. 1.Institute of Communications and Computer SystemsNational Technical University of AthensAthensGreece
  2. 2.Cyber Security GroupUniversity of WestminsterLondonUK
  3. 3.Ubitech Ltd.AthensGreece
  4. 4.Karlsruhe Institute of TechnologyKarlsruheGermany
  5. 5.CAS Software AGKarlsruheGermany
  6. 6.South East European Research Centre (SEERC)The University of Sheffield, International Faculty, CITY CollegeThessalonikiGreece

Personalised recommendations