Maxime Compastié, PhD student in Resist team will defend his thesis entitled “Software-defined security for distributed clouds” on Tuesday, December 18th at 1:30 PM in Room B013.
– Nora CUPPENS, Full Professor, IMT Atlantique – Reporter
– Thierry GAYRAUD, Full Professor, Toulouse University – Reporter
– Véronique LEGRAND, Associate Professor, Conservatoire National des Arts et Métiers – Examiner
– Pierre-Etienne MOREAU, Full Professor, Lorraine University – Examiner
– Olivier FESTOR, Full Professor, Lorraine University – Examiner / PhD Supervisor
– Rémi BADONNEL, Associate, Lorraine University – Examiner / PhD Advisor
– Ruan HE, Chief Cloud Architect, Tencent – Invited / Industrial Advisor
– Sok-Yen LOUI, Research Engineer, Orange Labs – Invited / Industrial Advisor
In this thesis, we propose an approach for software-defined security in distributed clouds. More specifically, we show to what extent this programmability can contribute to the protection of distributed cloud services, through the generation of securized unikernel images. These ones are instanciated in the form of lightweight virtual machines, whose attack surface is limited and whose security is driven by a security orchestrator. The contributions of this thesis are threefold. First, we present a logical architecture supporting the programmability of security mechanims in a multi-cloud and multi-tenant context. It permits to align and parameterize these mechanisms for cloud services whose resources are spread over several providers and tenants. Second, we introduce a method for generating securized unikernel images in an on-the-fly manner. This one permits to lead to specific and contrained resources, that integrate security mechanisms as soon as the image generation phase. These ones may be built in a reactive or proactive manner, in order to address elasticity requirements. Third, we propose to extend the TOSCA orchestration language, so that is is possible to generate automatically securised resources, according to different security levels in phase with the orchestration. Finally, we detail a prototyping and extensive series of experiments that are used to evaluate the benefits and limits of the proposed approach.
Keywords: Security Management, Programmability, Distributed Cloud, Orchestration, Unikernel