Bertrand Marquet

Seeding the Cloud: An Innovative Approach to Grow Trust in Cloud Based Infrastructures

Complying with security and privacy requirements of appliances such as mobile handsets, personal computers, servers for customers, enterprises and governments is mandatory to prevent from theft of sensitive data and to preserve their integrity. Nowadays, with the rising of the Cloud Computing approach in business fields, security and privacy are even more critical. The aim of this article is then to propose a way to build a secure and trustable Cloud. The idea is to spread and embed Secure Elements (SE) on each level of the Cloud in order to make a wide trusted infrastructure which complies with access control and isolation policies. This article presents therefore this new approach of trusted Cloud infrastructure based on a Network of Secure Elements (NoSE), and it illustrates this approach through different use cases.

SECURITY THROUGH INTEGRATION: TOWARDS A COMPREHENSIVE FRAMEWORK FOR DEVELOPMENT AND CERTIFICATION

Today secured infrastructures are more and more being built by integration of both in-house components and policies, and off-the-shelf products. This poses several difficulties for developers. Despite, or because, the numerous choice of security products, it is difficult to build, in a coherent way, a comprehensive set of security features within distributed applications without severely increasing complexity and decreasing scalability of globally secured applications. Another difficulty appears when security certification needs to be achieved for such an integrated security architecture. In this paper we propose an alternative approach to building secured applications through integration which will additionally guarantee a means to achieve security certification, such as ISO 15408 (Common Criteria) [4].