A TOSCA-Oriented Software-Defined Security Approach for Unikernel-Based Protected Clouds

Compastié, Maxime; Badonnel, Rémi; Festor, Olivier; He, Ruichun

doi:10.1109/netsoft.2019.8806623

Cited by 12 publications

(7 citation statements)

References 16 publications

(17 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Existing solutions to protect cloud resources include endogenous security mechanisms that directly impact the resources, such as generating specific cloud images with a low attack surface, modifying the internal parametrization to prevent vulnerable configurations, and exploiting certification techniques for guaranteeing the resource behaviours. For instance, the authors of [11] propose to extend an orchestration language to drive the generation of protected unikernel images, corresponding to lightweight virtual machines composed of only the strict necessary packages and libraries. In this case, any configuration changes require the re-generation of new virtual machines.…”

Section: Related Workmentioning

confidence: 99%

An Automated SMT-based Security Framework for Supporting Migrations in Cloud Composite Services

Oulaaffart

Badonnel

Bianco

2022

NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium

Self Cite

View full text Add to dashboard Cite

The growing maturity of orchestration languages is contributing to the elaboration of cloud composite services, whose resources may be deployed over different distributed infrastructures. These composite services are subject to changes over time, that are typically required to support cloud properties, such as scalability and rapid elasticity. In particular, the migration of their elementary resources may be triggered by performance constraints. However, changes induced by this migration may introduce vulnerabilities that may compromise the resources, or even the whole cloud service. In that context, we propose an automated SMT 1 -based security framework for supporting the migration of resources in cloud composite services, and preventing the occurrence of new configuration vulnerabilities. We formalize the underlying security automation based on SMT solving, in order to assess the migrated resources and select adequate counter-measures, considering both endogenous and exogenous security mechanisms. We then evaluate its benefits and limits through large series of experiments based on a proof-ofconcept prototype implemented over the CVC4 commonly-used open-source solver. These experiments show a minimal overhead with regular operating systems deployed in cloud environments.

show abstract

Section: Related Workmentioning

confidence: 99%

An Automated SMT-based Security Framework for Supporting Migrations in Cloud Composite Services

Oulaaffart

Badonnel

Bianco

2022

NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…The security enforcement can be carried out through heterogeneous approaches: it can be either thought as a complementary mechanism on top of an already existing virtualised environment running network services [25] or as a mean in itself, where security capabilities are enforced to protect the infrastructure. This enforcement can be defined to extend low-level data models (e.g., the VNFD [26] used by the NFVO) with specific parameters or either add separate security-related data models. In PALANTIR we follow the latter approach (direct protection of the infrastructure and separate security-related data models), since this approach permits decoupling both the aim of the infrastructure and of the default network services from the PALANTIR platform, without modifying the current state.…”

Section: Beyond the State Of The Artmentioning

confidence: 99%

Practical Autonomous Cyberhealth for resilient Micro, Small and Medium-sized Enterprises

Mantas

Papadopoulos

Fernández

et al. 2021

2021 IEEE International Mediterranean Conference on Communications and Networking (MeditCom)

Self Cite

View full text Add to dashboard Cite

The EU-funded PALANTIR project proposes a cybersecurity framework combining privacy assurance, data protection, incident detection and recovery aspects under the same platform. The project main focus is on cyber-resilience of SMEs and compliance with the relevant data privacy and protection regulations. The outcomes of the project will be validated in diverse application areas (eHealth, eCommerce, 5G-MEC) and will provide enterprises with security tools that will boost their resilience at a reasonable cost to protect their assets in the ever evolving cyber threat range.

show abstract

“…It enhances system reliability with respect to anomaly or security attacks and helps in recovering the system functionalities within minimal time. Similarly, in [91], the Topology and Orchestration Specification for Cloud Applications (TOSCA)language has been extended to support the creation and orchestration of unikernels with security constraints. It also enables the unikernels to offer on-demand network Fig.…”

Section: Unikernel Network Functionsmentioning

confidence: 99%

Software-Defined Multi-domain Tactical Networks: Foundations and Future Directions

Mahmud¹,

Toosi²,

Rodríguez³

et al. 2020

Preprint

View full text Add to dashboard Cite

Software Defined Networking (SDN) has emerged as a programmable approach for provisioning and managing network resources by defining a clear separation between the control and data forwarding planes. Nowadays SDN has gained significant attention in the military domain. Its use in the battlefield communication facilitates the end-to-end interactions and assists the exploitation of edge computing resources for processing data in the proximity. However, there are still various challenges related to the security and interoperability among several heterogeneous, dynamic, intermittent, and data packet technologies like multi-bearer network (MBN) that need to be addressed to leverage the benefits of SDN in tactical environments. In this chapter, we explicitly analyse these challenges and review the current research initiatives in SDN-enabled tactical networks. We also present a taxonomy on SDNbased tactical network orchestration according to the identified challenges and map the existing works to the taxonomy aiming at determining the research gaps and suggesting future directions.

show abstract

A TOSCA-Oriented Software-Defined Security Approach for Unikernel-Based Protected Clouds

Cited by 12 publications

References 16 publications

An Automated SMT-based Security Framework for Supporting Migrations in Cloud Composite Services

An Automated SMT-based Security Framework for Supporting Migrations in Cloud Composite Services

Practical Autonomous Cyberhealth for resilient Micro, Small and Medium-sized Enterprises

Software-Defined Multi-domain Tactical Networks: Foundations and Future Directions

Contact Info

Product

Resources

About