Skip to Main content Skip to Navigation

End-to-end security architecture for cloud computing environments

Abstract : Since several years the virtualization of infrastructures became one of the major research challenges, consuming less energy while delivering new services. However, many attacks hinder the global adoption of Cloud computing. Self-protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This thesis presents VESPA, a self-protection architecture for cloud infrastructures. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies. A multi-plane extensible architecture also enables simple integration of commodity security components.Recently, some of the most powerful attacks against cloud computing infrastructures target the Virtual Machine Monitor (VMM). In many case, the main attack vector is a poorly confined device driver. Current architectures offer no protection against such attacks. This thesis proposes an altogether different approach by presenting KungFuVisor, derived from VESPA, a framework to build self-defending hypervisors. The result is a very flexible self-protection architecture, enabling to enforce dynamically a rich spectrum of remediation actions over different parts of the VMM, also facilitating defense strategy administration. We showed the application to three different protection scheme: virus infection, mobile clouds and hypervisor drivers. Indeed VESPA can enhance cloud infrastructure security
Complete list of metadata

Cited literature [204 references]  Display  Hide  Download
Contributor : ABES STAR :  Contact
Submitted on : Monday, August 24, 2015 - 3:43:11 PM
Last modification on : Monday, August 24, 2020 - 4:22:23 PM
Long-term archiving on: : Wednesday, November 25, 2015 - 4:15:21 PM


Version validated by the jury (STAR)


  • HAL Id : tel-01186228, version 1


Aurélien Wailly. End-to-end security architecture for cloud computing environments. Networking and Internet Architecture [cs.NI]. Institut National des Télécommunications, 2014. English. ⟨NNT : 2014TELE0020⟩. ⟨tel-01186228⟩



Record views


Files downloads