Unikernel-based Approach for Software-Defined Security in Cloud Infrastructures

Abstract : The heterogeneity of cloud resources implies substantial overhead to deploy and configure adequate security mechanisms. In that context, we propose a software-defined security strategy based on unikernels to support the protection of cloud infrastructures. This approach permits to address management issues by uncoupling security policy from their enforcement through programmable security interfaces. It also takes benefits from unikernel virtualization properties to support this enforcement and provide resources with low attack surface. These resources correspond to highly constrained configurations with the strict minimum for a given period. We describe the management framework supporting this software-defined security strategy, formalizing the generation of unikernel images that are dynamically built to comply with security requirements over time. Through an implementation based on MirageOS, and extensive experiments, we show that the cost induced by our security integration mechanisms is small while the gains in limiting the security exposure are high.
Type de document :
Communication dans un congrès
NOMS 2018 - IEEE/IFIP Network Operations and Management Symposium, Apr 2018, Taipei, Taiwan. Proceedings of the IEEE/IFIP Network Operations and Management Symposium. 〈10.1109/NOMS.2018.8406155〉
Liste complète des métadonnées

Littérature citée [29 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01798793
Contributeur : Maxime Compastié <>
Soumis le : lundi 28 mai 2018 - 16:12:08
Dernière modification le : mercredi 28 novembre 2018 - 09:06:18
Document(s) archivé(s) le : mercredi 29 août 2018 - 14:48:53

Fichier

HAL-draft-unikernel-based-appr...
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Maxime Compastié, Rémi Badonnel, Olivier Festor, Ruan He, Mohamed Kassi-Lahlou. Unikernel-based Approach for Software-Defined Security in Cloud Infrastructures. NOMS 2018 - IEEE/IFIP Network Operations and Management Symposium, Apr 2018, Taipei, Taiwan. Proceedings of the IEEE/IFIP Network Operations and Management Symposium. 〈10.1109/NOMS.2018.8406155〉. 〈hal-01798793〉

Partager

Métriques

Consultations de la notice

306

Téléchargements de fichiers

307