PaaSword Key Management Mechanism
If database encryption is set by a DDE Rule (Context aware security Model) data may only be stored encrypted to prevent unauthorized access. Authorized access should only be possible on behalf of the data owner, the tenant. One possible way to share the data of a tenant within its employees is to encrypt the database with one tenant key (TK) which should be solely under the control of the tenant.
The PaaSword Key Management Mechanism is responsible for preparation, distribution and usage of keys, which enable database access. The PaaSword approach is based on an architecture that separates the Application (A) where the data is processed from the DB-Proxy (P) whose task is to store and access the data in a cloud database. To achieve the envisaged security, the tenant key (TK) is only stored by the tenant itself. User (Ui), Application (A) and DB-Proxy (P) store solely their individual part of the key (TKui, TKai, TKpi) which is computed and distributed to them by a trustable employee of the tenant, the tenant admin. To recompute the key, needed for database access during runtime, all three parts (from Ui, A, P) are needed.
More details about the PaaSword Key Management Mechanism can be found in chapter eight of deliverable 3.1.