D7.4 Holistic security model for secure service composition

Contributing Partners


Executive Summary

With this final deliverable PRISMACLOUD shows how to successfully link the whole 4-tiers of the PRISMACLOUD architecture and provide service developers with so-called Service Capabilities to advertise their newly developed services more easily to the market. They can use the bottom-up steps described in this report to derive such a capability from the configuration parameters of their cryptographic software libraries – called Tool in PRISMACLOUD. Further, they can even use the transformation process in a top-down direction, as this allows to adapt the configuration and inner workings of their service to swiftly address changing customer demands.
PRISMACLOUD follows the idea that on the level of cloud services it shall be possible to abstractly communicate enhancements towards the service consumers, like end-users and application developers, without the need to fully understand the cryptography involved. Therefore we have previously introduced the concept of service capabilities. A Service Capability is a security & privacy relevant property that is of importance for the application domain of the service and that can be described in a specific formal, machine readable language in order to enable comparisons among services with respect to specific properties. Service capabilities are what the application level sees from PRISMACLOUD’s work and they are part of the project’s own development methodology Cryptographic Service Development Lifecycle (CryptSDLC). Service capabilities, depending on their complexity and on their interconnection with the cryptography’s parameters, are modelled using the formal language Haskell. This deliverable shows how service capabilities are linked into the lower layers of the Prismacloud architecture, i.e. the more tool specific parameters that configure the cryptography. PRISMACLOUD holistically captures the relation between low level cryptographic parameters and high-level goals in a transformation process which is again Haskell code. The resulting process is described in a rigorous way using the functional programming language Haskell. This transformation process links the service capability to the configurations such that the software libraries –the tools– are adequately parameterised and also the services’ logic is properly adjusted to fulfil the customer requirements expressed by the service capability. This transformation process is another step towards PRISMACLOUD ’s goal to holistically capture all the complexity and interdisciplinary (cryptographic-, software- development-, application-domain-) knowledge that is necessary to build cryptographic cloud applications.
The intended audiences are end-users as well as application designers and service developers that can communicate using the service capabilities. To cater for the diverse audiences the deliverable is split into three parts. Part I remains on a very high level, e.g. applications and cloud services, and it shows the impact regarding the security goals of confidentiality, integrity, availability and privacy (C-I-A-P) on the level of cloud services.
Further, it indicates how market ready the technology is. Part II details the models of the service capabilities and the involved workflows to derive them. Part III describes tangible results: (1) Linking generic cloud security and privacy pattern and specific standardised service level agreements with cryptographic primitives and their configuration; (2) using a model in the top-down approach to build a configuration support system for a storage service using secret sharing cryptography based on a user’s needs w.r.t geolocation, availability and costs.