End-to-end security architecture for cloud computing environments

Abstract : Since several years the virtualization of infrastructures became one of the major research challenges, consuming less energy while delivering new services. However, many attacks hinder the global adoption of Cloud computing. Self-protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This thesis presents VESPA, a self-protection architecture for cloud infrastructures. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies. A multi-plane extensible architecture also enables simple integration of commodity security components.Recently, some of the most powerful attacks against cloud computing infrastructures target the Virtual Machine Monitor (VMM). In many case, the main attack vector is a poorly confined device driver. Current architectures offer no protection against such attacks. This thesis proposes an altogether different approach by presenting KungFuVisor, derived from VESPA, a framework to build self-defending hypervisors. The result is a very flexible self-protection architecture, enabling to enforce dynamically a rich spectrum of remediation actions over different parts of the VMM, also facilitating defense strategy administration. We showed the application to three different protection scheme: virus infection, mobile clouds and hypervisor drivers. Indeed VESPA can enhance cloud infrastructure security
Complete list of metadatas

Cited literature [204 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01186228
Contributor : Abes Star <>
Submitted on : Monday, August 24, 2015 - 3:43:11 PM
Last modification on : Thursday, October 17, 2019 - 12:35:23 PM
Long-term archiving on : Wednesday, November 25, 2015 - 4:15:21 PM

File

theseAurelienWailly.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01186228, version 1

Citation

Aurélien Wailly. End-to-end security architecture for cloud computing environments. Networking and Internet Architecture [cs.NI]. Institut National des Télécommunications, 2014. English. ⟨NNT : 2014TELE0020⟩. ⟨tel-01186228⟩

Share

Metrics

Record views

2361

Files downloads

4741