Arnaud Lefray

Definition of Security Metrics for the Cloud Computing and Security-Aware Virtual Machine Placement Algorithms

Nowadays, Cloud Computing is becoming a key factor in computer science. Besides the great benefits it brought to the information technology and to the economy, Cloud Computing shows some weakness when looking at the security. An IaaS client should be able to specify its security requirements. But the lack of a system of security metrics leads to the incapability of quantifying the security level of a client deployment in a Cloud. Therefore, we propose a system of security metrics specific to the Cloud Computing and use it to develop virtual machines placement algorithms.

Mandatory Access Protection Within Cloud Systems

In order to guarantee security properties, such as confidentiality and integrity, cryptographic mechanisms provide encryption and signature of data, but protection is required to control the data accesses. The recent attacks on Facebook and Twitter show that the protection must not be limited to the infrastructure i.e. the hosts and the guest virtual machines.

Seeding the Cloud: An Innovative Approach to Grow Trust in Cloud Based Infrastructures

Complying with security and privacy requirements of appliances such as mobile handsets, personal computers, servers for customers, enterprises and governments is mandatory to prevent from theft of sensitive data and to preserve their integrity. Nowadays, with the rising of the Cloud Computing approach in business fields, security and privacy are even more critical. The aim of this article is then to propose a way to build a secure and trustable Cloud. The idea is to spread and embed Secure Elements (SE) on each level of the Cloud in order to make a wide trusted infrastructure which complies with access control and isolation policies. This article presents therefore this new approach of trusted Cloud infrastructure based on a Network of Secure Elements (NoSE), and it illustrates this approach through different use cases.

Microarchitecture-Aware Virtual Machine Placement under Information Leakage Constraints

One of the major concerns when moving to Clouds is data confidentiality. Nevertheless, more and more applications are outsourced to a public or private Cloud. In general, the usage of virtualization is acknowledged as an isolation mechanism between applications running on shared resources. But, as previously shown, virtualization does not ensure data security. Indeed, the isolation can be broken due to covert channels existing in both the software and the hardware (e.g., Improperly virtualized caches). Furthermore, even if a perfect control mechanism could be design, it would not protect against covert channels as they bypass control mechanism using legal means. In this paper, we first describe how these attacks are working. Next, after presenting the existing mitigation mechanisms, we show that a good solution is to take into account security while allocating resources (i.e., When placing the VMs). Furthermore, depending on which resources are shared, we demonstrate that the achievable bit rate of these attacks can change dramatically. We propose a new metric to quantify them and use it as an acceptable risk for isolation properties. Then, we show how to use them when allocating resources and the importance of a fine-grained resource allocation mechanism. Finally, we demonstrate that a security-oblivious placement algorithm breaks a fair amount of properties but taking into account the isolation impacts the acceptance rate (i.e., The percentage of successfully placed VMs).

Enforcing security and assurance properties in cloud environment

Before deploying their infrastructure (resources, data, communications, ) on a Cloud computing platform, companies want to be sure that it will be properly secured. At deployment time, the company provides a security policy describing its security requirements through a set of properties. Once its infrastructure deployed, the company want to be assured that this policy is applied and enforced. But describing and enforcing security properties and getting strong evidences of it is a complex task. To address this issue, in [1], we have proposed a language that can be used to express both security and assurance properties on distributed resources. Then, we have shown how these global properties can be cut into a set of properties to be enforced locally. In this paper, we show how these local properties can be used to automatically configure security mechanisms. Our language is context-based which allows it to be easily adapted to any resource naming systems e.g., Linux and Android (with SELinux) or PostgreSQL. Moreover, by abstracting low-level functionalities (e.g., deny write to a file) through capabilities, our language remains independent from the security mechanisms. These capabilities can then be combined into security and assurance properties in order to provide high-level functionalities, such as confidentiality or integrity. Furthermore, we propose a global architecture that receives these properties and automatically configures the security and assurance mechanisms accordingly. Finally, we express the security and assurance policies of an industrial environment for a commercialized product and show how its security is enforced.

Secured systems in Clouds with Model-Driven Orchestration

As its complexity grows, securing a system is harder than it looks. Even with efficient security mechanisms, their configuration remains a complex task. Indeed, the current practice is the hand-made configuration of these mechanisms to protect systems about which we generally lack information. Cloud computing brings its share of new security concerns but it may also be considered as leverage to overcome these issues. In this paper, we discuss the key challenge of achieving global security of Cloud systems and advocate for a new approach: Model-Driven Orchestration. We present an implementation of this new approach called Security-Aware Models for Clouds and illustrate it on an industrial use-case.

Efficient Process Replication for MPI Applications: Sharing Work between Replicas

With the increased failure rate expected in future extreme scale supercomputers, process replication might become a viable alternative to check pointing. By default, the workload efficiency of replication is limited to 50% because of the additional resources that have to be used to execute the replicas of the applications processes. In this paper, we introduce intra-parallelization, a solution that avoids replicating all computation by introducing work-sharing between replicas. We show on a representative set of benchmarks that intra-parallelization allows achieving more than 50% efficiency without compromising fault tolerance.

An advanced security-aware Cloud architecture

Nowadays, Cloud offers many interesting features such as on-demand and pay-as-you-go resources, but induces new security problems in case a company wants to outsource its critical services. But since Clouds are shared between multiple tenants, both applications and execution environments need to be secured consistently in order to avoid possible attacks from malicious tenants. Moreover, if a large range of security mechanisms can improve the Cloud security, the configuration of those mechanisms to guarantee a global security property remains an open problem. Nowadays Clouds solutions lack two key features in order to realize it: an easy expression of security requirements and an actual enforcement of those requirements. This paper describes an overall architecture providing those features and an experiment run in order to demonstrate its validity. Our solution includes a language, a distribution engine and a security enforcement agent. The language eases the definition of the security properties required to plug an application into a Cloud. The distribution engine computes the sub-properties related to the different resources that must be deployed into the Cloud and coordinates the different enforcement agents associated to the provisioned resources. Our use-case addresses private hosting of customer data into the Cloud. The implementation and experiments show that the global security requirements (authentication and confidentiality) are satisfied when the application is scheduled within virtual machines and shared resources.