Aline Bousquet

Mandatory Access Protection Within Cloud Systems

In order to guarantee security properties, such as confidentiality and integrity, cryptographic mechanisms provide encryption and signature of data, but protection is required to control the data accesses. The recent attacks on Facebook and Twitter show that the protection must not be limited to the infrastructure i.e. the hosts and the guest virtual machines.

Seeding the Cloud: An Innovative Approach to Grow Trust in Cloud Based Infrastructures

Complying with security and privacy requirements of appliances such as mobile handsets, personal computers, servers for customers, enterprises and governments is mandatory to prevent from theft of sensitive data and to preserve their integrity. Nowadays, with the rising of the Cloud Computing approach in business fields, security and privacy are even more critical. The aim of this article is then to propose a way to build a secure and trustable Cloud. The idea is to spread and embed Secure Elements (SE) on each level of the Cloud in order to make a wide trusted infrastructure which complies with access control and isolation policies. This article presents therefore this new approach of trusted Cloud infrastructure based on a Network of Secure Elements (NoSE), and it illustrates this approach through different use cases.

An autonomous Cloud management system for in-depth security

Security has been a major concern in computer sciences for a long time. However, the definition and the enforcement of a complete security policy are difficult tasks, requiring deep knowledge of the inner workings of the security mechanisms. The management of the security is even more complex in a system such as a Cloud, which is a heterogeneous environment, with multiple applications and tenants. Nowadays, systems, and especially Cloud environments, need a simple way to express the security requirements and to enforce them. This paper describes a new solution that eases the management of the security mechanisms. The solution supports high-level security requirements that are enforced through distributed security properties. Enforcement agents are located on the heterogeneous and distributed nodes. They manage the distributed security properties and configure the heterogeneous security mechanisms. Our solution guarantees global security properties by enforcing consistent distributed properties in an autonomous manner. The autonomous agents dynamically discover the capabilities of the available security mechanisms and compute their configuration. The solution is especially appropriate to secure Clouds, viewed as autonomous distributed environments.

MAC protection of the OpenNebula Cloud environment

Mandatory Access Control is really poorly supported by Cloud environments. Our paper proposes extensions of the OpenNebula Cloud software in order to provide an advanced MAC protection of the virtual machines hosted by the different nodes of the Cloud. Thus, unique SELinx security labels are associated with the virtual machines and their resources. The instantiations and migrations of the virtual machines maintain those unique security labels. Moreover, PIGA-Virt provides an unified way to control the information flows within a virtual machine but also between multiple virtual machines. SELinux controls the direct flows. PIGA-Virt adds advanced controls. Thus, a PIGA protection rule can control several direct and indirect flows and allows the administrator to express high level security properties. The benchmarks of PIGA-Virt show that our Trusted OpenNebula Cloud is efficient regarding the quality of the protection.

Enforcing security and assurance properties in cloud environment

Before deploying their infrastructure (resources, data, communications, ) on a Cloud computing platform, companies want to be sure that it will be properly secured. At deployment time, the company provides a security policy describing its security requirements through a set of properties. Once its infrastructure deployed, the company want to be assured that this policy is applied and enforced. But describing and enforcing security properties and getting strong evidences of it is a complex task. To address this issue, in [1], we have proposed a language that can be used to express both security and assurance properties on distributed resources. Then, we have shown how these global properties can be cut into a set of properties to be enforced locally. In this paper, we show how these local properties can be used to automatically configure security mechanisms. Our language is context-based which allows it to be easily adapted to any resource naming systems e.g., Linux and Android (with SELinux) or PostgreSQL. Moreover, by abstracting low-level functionalities (e.g., deny write to a file) through capabilities, our language remains independent from the security mechanisms. These capabilities can then be combined into security and assurance properties in order to provide high-level functionalities, such as confidentiality or integrity. Furthermore, we propose a global architecture that receives these properties and automatically configures the security and assurance mechanisms accordingly. Finally, we express the security and assurance policies of an industrial environment for a commercialized product and show how its security is enforced.

An Autonomic Cloud Management System for Enforcing Security and Assurance Properties

Enforcing security properties in a Cloud is a difficult task, which requires expertise. However, it is not the only security-related challenge met by a company migrating to a Cloud environment. Indeed, the tenant must also have assurance that the requested security properties have effectively been enforced. Therefore, the Cloud provider has to offer a way of monitoring the security. In this paper, we present a solution to express the assurance properties based on the security requirements of the tenant and to deploy these assurance properties. First, we introduce a language that expresses the assurance based on the tenants security requirements. Secondly, we propose an infrastructure that deploys the assurance in a Cloud environment. This solution aims to be easy to use: the assurance directly results from the high-level expression of the tenants security requirements, and no additional action is needed from the tenant. Consequently, we address one of the greatest drawback of security and assurance - the complexity of their configuration - while providing a complete assurance mechanism.

An advanced security-aware Cloud architecture

Nowadays, Cloud offers many interesting features such as on-demand and pay-as-you-go resources, but induces new security problems in case a company wants to outsource its critical services. But since Clouds are shared between multiple tenants, both applications and execution environments need to be secured consistently in order to avoid possible attacks from malicious tenants. Moreover, if a large range of security mechanisms can improve the Cloud security, the configuration of those mechanisms to guarantee a global security property remains an open problem. Nowadays Clouds solutions lack two key features in order to realize it: an easy expression of security requirements and an actual enforcement of those requirements. This paper describes an overall architecture providing those features and an experiment run in order to demonstrate its validity. Our solution includes a language, a distribution engine and a security enforcement agent. The language eases the definition of the security properties required to plug an application into a Cloud. The distribution engine computes the sub-properties related to the different resources that must be deployed into the Cloud and coordinates the different enforcement agents associated to the provisioned resources. Our use-case addresses private hosting of customer data into the Cloud. The implementation and experiments show that the global security requirements (authentication and confidentiality) are satisfied when the application is scheduled within virtual machines and shared resources.