Skip to Main content Skip to Navigation
New interface
Conference papers

Unikernel-based Approach for Software-Defined Security in Cloud Infrastructures

Maxime Compastié 1, 2, 3 Rémi Badonnel 2, 3 Olivier Festor 2, 3 Ruan He 1 Mohamed Kassi-Lahlou 1 
2 MADYNES - Management of dynamic networks and services
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
3 RESIST - Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : The heterogeneity of cloud resources implies substantial overhead to deploy and configure adequate security mechanisms. In that context, we propose a software-defined security strategy based on unikernels to support the protection of cloud infrastructures. This approach permits to address management issues by uncoupling security policy from their enforcement through programmable security interfaces. It also takes benefits from unikernel virtualization properties to support this enforcement and provide resources with low attack surface. These resources correspond to highly constrained configurations with the strict minimum for a given period. We describe the management framework supporting this software-defined security strategy, formalizing the generation of unikernel images that are dynamically built to comply with security requirements over time. Through an implementation based on MirageOS, and extensive experiments, we show that the cost induced by our security integration mechanisms is small while the gains in limiting the security exposure are high.
Complete list of metadata

Cited literature [29 references]  Display  Hide  Download
Contributor : Maxime COMPASTIÉ Connect in order to contact the contributor
Submitted on : Monday, May 28, 2018 - 4:12:08 PM
Last modification on : Saturday, June 25, 2022 - 7:40:45 PM
Long-term archiving on: : Wednesday, August 29, 2018 - 2:48:53 PM


Files produced by the author(s)




Maxime Compastié, Rémi Badonnel, Olivier Festor, Ruan He, Mohamed Kassi-Lahlou. Unikernel-based Approach for Software-Defined Security in Cloud Infrastructures. NOMS 2018 - IEEE/IFIP Network Operations and Management Symposium, Apr 2018, Taipei, Taiwan. ⟨10.1109/NOMS.2018.8406155⟩. ⟨hal-01798793⟩



Record views


Files downloads