Benoît Bertholon

Certicloud: A Novel TPM-based Approach to Ensure Cloud IaaS Security

The security issues raised by the Cloud paradigm are not always tackled from the user point of view. For instance, considering an Infrastructure-as-a-Service (IaaS) Cloud, it is currently impossible for a user to certify in a reliable and secure way that the environment he deployed (typically a Virtual Machine(VM)) has not been corrupted, whether by malicious acts or not. Yet having this functionality would enhance the confidence on the IaaS provider and therefore attract new customers. This paper fills this need by proposing CERTICLOUD, a novel approach for the protection of IaaS platforms that relies on the concepts developed in the Trusted Computing Group (TCG) together with hardware elements, i.e., Trusted Platform Module (TPM) to offer a secured and reassuring environment. Those aspects are guaranteed by two protocols: TCRR and Verify MyVM. When the first one asserts the integrity of a remote resource and permits to exchange a private symmetric key, the second authorizes the user to detect trustfully and on demand any tampering attempt on its running VM. These protocols being key components in the proposed framework, we take very seriously their analysis against known cryptanalytic attacks. This is testified by their successful validation by AVISPA and Scyther, two reference tools for the automatic verification of security protocols. The CERTICLOUD proposal is then detailed: relying on the above protocols, this platform provides the secure storage of users environments and their safe deployment onto a virtualization framework. While the physical resources are checked by TCRR, the user can execute on demand the Verify MyVM protocol to certify the integrity of its deployed environment. Experimental results operated on a first prototype of CERTICLOUD demonstrate the feasibility and the low overhead of the approach, together with its easy implementation on recent commodity machines.

JShadObf: A JavaScript Obfuscator Based on Multi-Objective Optimization Algorithms

With the advent of the Cloud Computing (CC) paradigm and the explosion of new Web Services proposed over the Internet (such as Google Office Apps, Dropbox or Doodle just to cite a few of them), the protection of the programs at the heart of these services becomes more and more crucial, especially for the companies making business on top of these services. In parallel, the overwhelming majority of modern websites use the JavaScript programming language as all modern web browsers - either on desktops, game consoles, tablets or smart phones - include JavaScript interpreters making it the most ubiquitous programming language in history. Thus, JavaScript is the core technology of most web services. In this context, this article focuses on novel obfuscation techniques to protect JavaScript program contents.

ShadObf: A C-Source Obfuscator Based on Multi-objective Optimisation Algorithms

The development of the new Cloud Computing paradigm as lead to a reevaluation of the security issues. When running a private code on a Public Cloud or on any remote machine, its owner has no guarantees that the code cannot be reverse engineered, understood and modified. One of the solutions for the code owner in order to protect his intellectual property is to obfuscate his algorithms. The obfuscation of source code is a mechanism to modify a source code to make it unintelligible by humans even with the help of computing resources. More precisely, the objective is to conceal the purpose of a program or its logic without altering its functionality, thus preventing the tampering or the reverse engineering of the program. Obfuscation is usually performed by applying transformations to the initial source code, but it reveals many open questions: what transformation should be chosen? In which order should the obfuscator apply them? How can we quantify the obfuscation capacity of a given program? In order to answer these questions, we propose here ShadObf, an obfuscation framework based on evolutionary heuristics designed to optimise for a given input C program, the sequence of transformations that should be applied to the source code to improve its obfuscation capacity. This last measure involves the combination of well known metrics, coming from the Software Engineering area, which are optimised simultaneously thanks to Multi Objective Evolutionary Algorithms. We have validated our approach over a classical matrix multiplication program - experiments on other applications are still in progress.

CERTICLOUD, une plate-forme Cloud IaaS sécurisée

Resume La securite des Clouds est un aspect essentiel qui n’est pas forcement aborde selon le point de vue de l’utilisateur. En particulier, sur une plate-forme de type Infrastructure-as-a-Service (IaaS), il est actuellement impossible pour un utilisateur de certifier de maniere fiable et securisee que l’environnement qu’il a deploye (typiquement sous forme d’une machine virtuelle) est toujours dans un etat qu’il juge integre et operationnel. Cet article s’attelle a cette tâche en proposant CertiCloud, une plate-forme Cloud de type IaaS qui exploite les concepts developpes dans le cadre du Trusted Computing Group (TCG) mais aussi les elements materiels que sont les Trusted Platform Module (TPM) pour offrir a l’utilisateur un environnement securise et securisant. Ces deux aspects sont garantis par les deux protocoles TCRR (TPM-based Certification of a Remote Resource) et VerifyMyVM qui sont a la base de CertiCloud. Quand le premier permet de certifier l’integrite d’une machine distante et d’echanger une clef de chiffrement symetrique, le second permet a l’utilisateur de s’assurer dynamiquement et a la demande de l’integrite de sa machine virtuelle executee sur les ressources de CertiCloud. Ces deux protocoles etant les briques de base de notre plate-forme, une attention toute particuliere a ete apportee a leurs elaborations. A cet effet, ils ont ete valides avec succes par AVISPA [1] et Scyther [9], deux outils de reference dans le domaine de la verification automatique des protocoles de securite (cette analyse est presentee dans cet article). Ensuite, la plate-forme CertiCloud est detaillee : outre les protocoles TCRR et VerifyMyVM, elle propose le stockage securise des environnements utilisateurs et leurs executions a travers un framework de virtualisation reprenant l’hyperviseur Xen. Quand les ressources physiques sont certifiees par TCRR, l’utilisateur peut utiliser a la demande le protocole VerifyMyVM pour s’assurer de l’integrite de son environnement deploye. Un prototype de CertiCloud a ete realise et nous presentons les premiers resultats experimentaux qui demontrent de la faisabilite et du faible surcout de notre approche sur des scenarios classiquement rencontres sur les infrastructures Cloud de type IaaS.

A signature scheme for distributed executions based on control flow analysis

This article proposes a dynamic and flexible signature scheme to verify at runtime the execution of a distributed program. Extending [20], the approach relies on the analysis of a trace that represents such an execution using Control Flow Graph (CFG). This mechanism ensures the detection of flow faults that do not correspond to the CFG, i.e. that tamper the normal run of the application. Most effects of malicious code injection commonly met on distributed computing platforms such as grids are covered by this approach. The execution engine used in our signature scheme is certified with the TPM-based Certification of a Remote Resource (TCRR) protocol [5]. Our approach has been implemented in KAAPI,, a C++ middleware library to execute and schedule fine or medium size grain programs on distributed platforms. The concrete validation on two parallel programs (Fibonacci and NQueens) reveals the scalability of the approach and its relatively low overhead.