Unikernel-based Approach for Software-Defined Security in Cloud Infrastructures

Maxime Compastié 1, 2, 3 Rémi Badonnel 2, 3 Olivier Festor 2, 3 Ruan He 1 Mohamed Kassi-Lahlou 1
2 MADYNES - Management of dynamic networks and services
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
3 RESIST - Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : The heterogeneity of cloud resources implies substantial overhead to deploy and configure adequate security mechanisms. In that context, we propose a software-defined security strategy based on unikernels to support the protection of cloud infrastructures. This approach permits to address management issues by uncoupling security policy from their enforcement through programmable security interfaces. It also takes benefits from unikernel virtualization properties to support this enforcement and provide resources with low attack surface. These resources correspond to highly constrained configurations with the strict minimum for a given period. We describe the management framework supporting this software-defined security strategy, formalizing the generation of unikernel images that are dynamically built to comply with security requirements over time. Through an implementation based on MirageOS, and extensive experiments, we show that the cost induced by our security integration mechanisms is small while the gains in limiting the security exposure are high.
Complete list of metadatas

Cited literature [29 references]  Display  Hide  Download

https://hal.inria.fr/hal-01798793
Contributor : Maxime Compastié <>
Submitted on : Monday, May 28, 2018 - 4:12:08 PM
Last modification on : Thursday, February 7, 2019 - 5:34:46 PM
Long-term archiving on : Wednesday, August 29, 2018 - 2:48:53 PM

File

HAL-draft-unikernel-based-appr...
Files produced by the author(s)

Identifiers

Collections

Citation

Maxime Compastié, Rémi Badonnel, Olivier Festor, Ruan He, Mohamed Kassi-Lahlou. Unikernel-based Approach for Software-Defined Security in Cloud Infrastructures. NOMS 2018 - IEEE/IFIP Network Operations and Management Symposium, Apr 2018, Taipei, Taiwan. ⟨10.1109/NOMS.2018.8406155⟩. ⟨hal-01798793⟩

Share

Metrics

Record views

382

Files downloads

600