End-to-end security architecture for cloud computing environments
作者: Aurélien Wailly
DOI:
关键词:
摘要: Since several years the virtualization of infrastructures became one major research challenges, consuming less energy while delivering new services. However, many attacks hinder global adoption Cloud computing. Self-protection has recently raised growing interest as possible element answer to cloud computing infrastructure protection challenge. Yet, previous solutions fall at last hurdle they overlook key features cloud, by lack flexible security policies, cross-layered defense, multiple control granularities, and open architectures. This thesis presents VESPA, a self-protection architecture for infrastructures. Flexible coordination between loops allows enforcing rich spectrum strategies. A multi-plane extensible also enables simple integration commodity components.Recently, some most powerful against target Virtual Machine Monitor (VMM). In case, main attack vector is poorly confined device driver. Current architectures offer no such attacks. proposes an altogether different approach presenting KungFuVisor, derived from framework build self-defending hypervisors. The result very architecture, enabling enforce dynamically remediation actions over parts VMM, facilitating defense strategy administration. We showed application three scheme: virus infection, mobile clouds hypervisor drivers. Indeed VESPA can enhance
archives-ouvertes.fr参考文章(108)
Ananth I. Sundararaj, Peter A. Dinda, Towards virtual networks for virtual machine grid computing VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3. pp. 14- 14 ,(2004)
Monirul I. Sharif, Wenke Lee, Weidong Cui, Andrea Lanzi, Secure in-VM monitoring using hardware virtualization computer and communications security. pp. 477- 487 ,(2009) , 10.1145/1653662.1653720
Akhilesh Shrestha, Liudong Xing, Yuanshun Dai, iKernel: Isolating Buggy and Malicious Device Drivers Using Hardware Virtualization Support document analysis systems. pp. 134- 144 ,(2007) , 10.1109/DASC.2007.13
Toby Velte, Anthony Velte, Microsoft Virtualization with Hyper-V ,(2009)
Jean Leneutre, ASPF: A Policy Administration Framework for Self-Protection of Large-Scale Systems ,(2010)
Xuxian Jiang, Chiachih Wu, Zhi Wang, Taming Hosted Hypervisors with (Mostly) Deprivileged Execution. network and distributed system security symposium. ,(2013)
Bryan D. Payne, Simplifying virtual machine introspection using LibVMI. ,(2012) , 10.2172/1055635
Brendan Dolan-Gavitt, Wenke Lee, Bryan Payne, Leveraging Forensic Tools for Virtual Machine Introspection Georgia Institute of Technology. ,(2011)
Aurelien Wailly, Jean-Michel Combes, Maryline Laurent, CGA as alternative security credentials with IKEv2 : implementation and analysis SAR-SSI '12 : 7th Conference on Network Architectures and Information Systems Security. pp. 53- 59 ,(2012)
David F. Ferraiolo, Janet A. Cugini, David R. Kuhn, Role-Based Access Control (RBAC): Features and Motivations | NIST annual computer security applications conference. pp. 241- 248 ,(1995)