Presentation is loading. Please wait.

Presentation is loading. Please wait.

Blockchain-as-a-Service (BaaS) :: providers & trust

Similar presentations


Presentation on theme: "Blockchain-as-a-Service (BaaS) :: providers & trust"— Presentation transcript:

1 Blockchain-as-a-Service (BaaS) :: providers & trust
Jat Singh and Dave Michels

2 Key takeaway BaaS is [increasingly] ‘a thing’ Considering security, privacy and trust? DON’T FORGET THE PROVIDER[S]! DLTs aim at improving trust---- decentralises so trust is in the netowrk. Doesn’t this preclude?

3 Trust [governance] considerations
Overview Nature of BaaS Trust [governance] considerations Intuition about baas [ DEPENDS ]

4 BaaS & Cloud BaaS: the supporting infrastructure
Similar to a ‘cloud’ offering Economies of scale Elasticity Expertise Security + standards Main providers [cloud, contracts] IBM (Hyperledger) Microsoft (Coco Framework [eth] ) BaaS – offers what previous talk described as a service [not ethereum etc]

5 Why? “Blockchain revolution”
DLT applications for business >> BaaS targets this Focus: Established businesses & business networks [ experimentation ]

6 Modes of uptake (service models)
Applications Full-stack solution oriented App with (‘some’ ledger ‘somewhere’) “Software-as-a-Service” (SaaS) Platform-oriented Select, customise, configure components “Platform-as-a-Service” (PaaS) Modular, tight platform integration Business – SaaS or PaaS. Apps dominant

7 Example from MS – ledger components down the bottom, integration/managemnet services higher
Aspects might be confirgured (or integrated). Apps from the topdown Microsoft

8 Private & permissioned
Private: dedicated chain Permissioned: restricted participants Current BaaS focus Established networks, data sensitivity ‘Safe’ experimentation Facilitates tenancy Why not a traditional application/database? # counterparties; autonomy, power & competition; assurance levels; disintermediation Ease of deployment? Recognition: audit is important! Initial applications focus on private/permission chains. Following the business model

9 Opportunities regardless
BaaS-cloud business Opportunities regardless BaaS for open chains? Comes with maturity… B2B >> B2C (or C2C) [“Sharing economy”] If BaaS provider == cloud provider – opportunities all the same!!

10 TRUST Blockchain => disintermediation Remove trust/reliance on third parties BaaS…!? DLTs aim at improving trust---- decentralises so trust is in the netowrk. Doesn’t this preclude?

11 transparency & control [[ who did/can do what? ]]
GOVERNANCE transparency & control [[ who did/can do what? ]] DLTs aim at improving trust---- decentralises so trust is in the netowrk. Doesn’t this preclude?

12 Tenancy: participant trust
Cloud tenancy Provider  tenant contract Tenants configure & control services; pays… Blockchain – multi-party scenarios Ledger mediates multiple parties Tenancy in a BaaS context? Who controls what? Who pays? Major players? Depends: Organisational structure: consortia vs. federation [governance arrangements] Systems architecture Tenancy is interesting --- regards trust re other participants

13 Research opportunities?
Configations – can set policies over how the network operates, how multi-party workflow tools operate, etc Research opportunities?

14 Provider trust BaaS => Re-centralisation?
Trust those managing the infrastructure “Trusted” re cloud an ongoing issue: Highly-regulated sectors; auditability Providers => better security(!?) Depends: Risk profile Centralised v federated architecture How much does a provider control? How much can participants see? Trust in who manages the infrastructure

15 Architectures BaaS Provider Organisation Y Organisation X
Architecture aspects are important – e.g. these nodes different to Organisation Y Organisation X

16 Architectures BaaS Provider Organisation Y Organisation X
Here whre the organisation doesn’t host the nodes. Then up to what is exposed to them via the provider… Organisation Y Organisation X

17 Architectures BaaS Provider Organisation Y Organisation X
Here whre the organisation doesn’t host the nodes. Then up to what is exposed to them via the provider… Organisation Y Organisation X

18 Architectures Myriad of possibilities  trust (more than just nodes)
BaaS Provider Here whre the organisation doesn’t host the nodes. Then up to what is exposed to them via the provider… Organisation Y Organisation X Myriad of possibilities  trust (more than just nodes)

19 Architecture, configuration, role of entities, role of provider(s), contracts AFFECT THE THREAT MODEL DLTs aim at improving trust---- decentralises so trust is in the netowrk. Doesn’t this preclude?

20 Emerging: silicon-based trust
Trusted execution environments (enclaves) Hardware foundations for building trust Security: encryption, code isolation, attestation Much promise for DLT Hyperledger Sawtooth Lake & Coco Framework Keys, smart contracts And also cloud in general… “remove provider from the loop” Trusted cloud: Preclude need for BaaS? Threats/risks? Trust the tech? Supply chain? On going work on trusted computing architectures – raise levels of trust in comp in genreal, including cloud

21 Trusting the outside Interactions with BaaS (1) Parties (2) Data
Access controls: identity, permissions Right tenant; right chain (2) Data Oracles: event validity Agreed; consensus; hardware-backed Service providers as validation entities? Depends on application x Trust regarding interactions with the cloud

22 Concluding remarks BaaS still emerging Similar benefits to cloud
Role in emerging systems: we shall see! Direct S&P implications:: threat models Specifics of the application and participants Traditional business-cases? Consumer chains? Nature of systems & DLT architecture Role of the provider, tenants Who governs what? Overlaps with “trusted cloud” (accountability)

23 me (Compliant & Accountable Systems) www. jatsingh
me (Compliant & Accountable Systems) proj (Microsoft Cloud Computing Research Centre)


Download ppt "Blockchain-as-a-Service (BaaS) :: providers & trust"

Similar presentations


Ads by Google