Download presentation
Presentation is loading. Please wait.
Published byKimberly Clark Modified over 6 years ago
1
Blockchain-as-a-Service (BaaS) :: providers & trust
Jat Singh and Dave Michels
2
Key takeaway BaaS is [increasingly] ‘a thing’ Considering security, privacy and trust? DON’T FORGET THE PROVIDER[S]! DLTs aim at improving trust---- decentralises so trust is in the netowrk. Doesn’t this preclude?
3
Trust [governance] considerations
Overview Nature of BaaS Trust [governance] considerations Intuition about baas [ DEPENDS ]
4
BaaS & Cloud BaaS: the supporting infrastructure
Similar to a ‘cloud’ offering Economies of scale Elasticity Expertise Security + standards Main providers [cloud, contracts] IBM (Hyperledger) Microsoft (Coco Framework [eth] ) BaaS – offers what previous talk described as a service [not ethereum etc]
5
Why? “Blockchain revolution”
DLT applications for business >> BaaS targets this Focus: Established businesses & business networks [ experimentation ]
6
Modes of uptake (service models)
Applications Full-stack solution oriented App with (‘some’ ledger ‘somewhere’) “Software-as-a-Service” (SaaS) Platform-oriented Select, customise, configure components “Platform-as-a-Service” (PaaS) Modular, tight platform integration Business – SaaS or PaaS. Apps dominant
7
Example from MS – ledger components down the bottom, integration/managemnet services higher
Aspects might be confirgured (or integrated). Apps from the topdown Microsoft
8
Private & permissioned
Private: dedicated chain Permissioned: restricted participants Current BaaS focus Established networks, data sensitivity ‘Safe’ experimentation Facilitates tenancy Why not a traditional application/database? # counterparties; autonomy, power & competition; assurance levels; disintermediation Ease of deployment? Recognition: audit is important! Initial applications focus on private/permission chains. Following the business model
9
Opportunities regardless
BaaS-cloud business Opportunities regardless BaaS for open chains? Comes with maturity… B2B >> B2C (or C2C) [“Sharing economy”] If BaaS provider == cloud provider – opportunities all the same!!
10
TRUST Blockchain => disintermediation Remove trust/reliance on third parties BaaS…!? DLTs aim at improving trust---- decentralises so trust is in the netowrk. Doesn’t this preclude?
11
transparency & control [[ who did/can do what? ]]
GOVERNANCE transparency & control [[ who did/can do what? ]] DLTs aim at improving trust---- decentralises so trust is in the netowrk. Doesn’t this preclude?
12
Tenancy: participant trust
Cloud tenancy Provider tenant contract Tenants configure & control services; pays… Blockchain – multi-party scenarios Ledger mediates multiple parties Tenancy in a BaaS context? Who controls what? Who pays? Major players? Depends: Organisational structure: consortia vs. federation [governance arrangements] Systems architecture Tenancy is interesting --- regards trust re other participants
13
Research opportunities?
Configations – can set policies over how the network operates, how multi-party workflow tools operate, etc Research opportunities?
14
Provider trust BaaS => Re-centralisation?
Trust those managing the infrastructure “Trusted” re cloud an ongoing issue: Highly-regulated sectors; auditability Providers => better security(!?) Depends: Risk profile Centralised v federated architecture How much does a provider control? How much can participants see? Trust in who manages the infrastructure
15
Architectures BaaS Provider Organisation Y Organisation X
Architecture aspects are important – e.g. these nodes different to Organisation Y Organisation X
16
Architectures BaaS Provider Organisation Y Organisation X
Here whre the organisation doesn’t host the nodes. Then up to what is exposed to them via the provider… Organisation Y Organisation X
17
Architectures BaaS Provider Organisation Y Organisation X
Here whre the organisation doesn’t host the nodes. Then up to what is exposed to them via the provider… Organisation Y Organisation X
18
Architectures Myriad of possibilities trust (more than just nodes)
BaaS Provider Here whre the organisation doesn’t host the nodes. Then up to what is exposed to them via the provider… Organisation Y Organisation X Myriad of possibilities trust (more than just nodes)
19
Architecture, configuration, role of entities, role of provider(s), contracts AFFECT THE THREAT MODEL DLTs aim at improving trust---- decentralises so trust is in the netowrk. Doesn’t this preclude?
20
Emerging: silicon-based trust
Trusted execution environments (enclaves) Hardware foundations for building trust Security: encryption, code isolation, attestation Much promise for DLT Hyperledger Sawtooth Lake & Coco Framework Keys, smart contracts And also cloud in general… “remove provider from the loop” Trusted cloud: Preclude need for BaaS? Threats/risks? Trust the tech? Supply chain? On going work on trusted computing architectures – raise levels of trust in comp in genreal, including cloud
21
Trusting the outside Interactions with BaaS (1) Parties (2) Data
Access controls: identity, permissions Right tenant; right chain (2) Data Oracles: event validity Agreed; consensus; hardware-backed Service providers as validation entities? Depends on application x Trust regarding interactions with the cloud
22
Concluding remarks BaaS still emerging Similar benefits to cloud
Role in emerging systems: we shall see! Direct S&P implications:: threat models Specifics of the application and participants Traditional business-cases? Consumer chains? Nature of systems & DLT architecture Role of the provider, tenants Who governs what? Overlaps with “trusted cloud” (accountability)
23
me (Compliant & Accountable Systems) www. jatsingh
me (Compliant & Accountable Systems) proj (Microsoft Cloud Computing Research Centre)
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.