End-to-end security architecture for cloud computing environments. (Architecture de sécurité de bout en bout et mécanismes d'autoprotection pour les environnements Cloud)

Since several years the virtualization of infrastructures became one of the major research challenges. These new virtual machines consume less energy while delivering new services: live migration, consolidation and isolation between tenants. However, many attacks hinder the global adoption of Cloud computing. VESPA Self-protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This thesis presents VESPA, a self-protection architecture for cloud infrastructures overcoming such limitations. VESPA is policy-based, and enforces security at two levels, both within and across infrastructure layers. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation of a VESPA implementation shows that the design is applicable for effective and flexible self-protection of cloud infrastructures. KungFuVisor Recently, some of the most powerful attacks against cloud computing infrastructures target their very foundation: the hypervisor or Virtual Machine Monitor (VMM). In many cases, the main attack vector is a poorly confined device driver in the virtualization layer, enabling to bypass resource isolation and take complete infrastructure control. Current architectures offer no protection against such attacks. At best, they attempt to contain but do not eradicate the detected threat, usually with static, hard-to-manage defense strategies. This thesis proposes an altogether different approach by presenting KungFuVisor, derived from VESPA. It is a framework to build self-defending hypervisors. The framework regulates hypervisor protection through several coordinated autonomic security loops which supervise different VMM layers through well-defined hooks. Thus, interactions between a device driver and its VMM environment may be strictly monitored and controlled automatically. The result is a very flexible self-protection architecture, enabling to enforce dynamically a rich spectrum of remediation actions over different parts of the VMM, also facilitating defense strategy administration. Conclusion VESPA is a generic, flexible and open architecture enhancing virtualized systems security. We showed the application to three different protection scheme: virus infection, mobile clouds and hypervisor drivers. Through the analysis and the evaluation of the architecture, we showed that cloud infrastructure security can be enhanced.