, 110 6.2.3 HTTP Authentication and Authorization for MirageOS Unikernels . . . 111 6.2.4 Application Firewalling for Mirage OS Unikernels, p.112

, 3.3 Performance with a pool of protected unikernels

.. .. Summary,

. .. Summary-of-contributions, 123 7.1.3 Generating Protected Unikernel Resources on The Fly

.. .. Discussions,

. .. Research-perspectives, 124 7.3.1 Exploiting Infrastructure-As-Code for Security Programmability

. .. List-of-publications,

. Ieee-cloudcom, PhD Symposium, pp.464-467, 2016.

?. M. Compastié, R. Badonnel, O. Festor, R. He, and M. Kassi-lahlou, Towards a Software-Defined Security Framework for Supporting Distributed Cloud, Proceedings of the 11th IFIP International Conference on Autonomous Infrastructure, Management and Security, pp.47-61, 2017.

?. M. Compastié, R. Badonnel, O. Festor, R. He, and M. Kassi-lahlou, Unikernel-based Approach for Software-Defined Security in Cloud Infrastructures, Proceeding of the IEEE/IFIP Network Operations and Management Symposium, pp.1-7, 2018.

?. M. Compastié, R. Badonnel, O. Festor, and R. He, Demo: On-The-Fly Generation of Unikernels for Software-Defined Security in Cloud Infrastructures, Proceeding of the 2018 IEEE/IFIP Network Operations and Management Symposium (NOMS), pp.1-2, 2018.

, Industrial Patents

?. M. Compastié and R. He, Procédé et Système pour Créer une Image d'une Application, Orange Patent filed with the INPI, 2018.

, Submission Work to International Peer-Reviewed Journals

?. M. Compastié, R. Badonnel, O. Festor, and R. He, Security Issues in System Virtualization And Solutions: A Survey

?. M. Compastié, R. Badonnel, O. Festor, and R. He, A TOSCA-Oriented Software-Defined Security Approach for Unikernel-Based Protected Clouds

. Ab--apache, HTTP Server Benchmarking Tool -Apache HTTP Server Version, vol.2, 2018.

P. Abate, A Modular Package Manager Architecture, Information and Software Technology, vol.55, pp.459-474, 2013.

C. Security-alliance, Top Threats to Cloud Computing v1, White Paper, 2010.

. Apt--debian and . Wiki,

C. Agostino-ardagna, An XACML-based Privacy-centered Access Control System, Proceedings of the First ACM Workshop on Information Security Governance. WISG '09, pp.49-58, 2009.

S. Arnautov, SCONE: Secure Linux Containers with Intel SGX, In: OSDI, vol.16, pp.689-703, 2016.

M. Artac, DevOps: Introducing Infrastructure-as-Code, 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C), pp.497-498, 2017.

S. Ayed, Achieving dynamicity in security policies enforcement using aspects". en, International Journal of Information Security, vol.17, pp.1615-5270, 2018.

A. Bacs, Slick: An Intrusion Detection System for Virtualized Storage Devices, Proceedings of the 31st Annual ACM Symposium on Applied Computing. SAC '16, pp.2033-2040, 2016.

T. Ball, VeriCon: Towards Verifying Controller Programs in Software-defined Networks, Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation. PLDI '14, pp.282-293, 2014.

P. Barham, Xen and the Art of Virtualization, SIGOPS Oper. Syst. Rev, vol.37, pp.164-177, 2003.

M. Barrère, R. Badonnel, and O. Festor, A SAT-based Autonomous Strategy for Security Vulnerability Management, 2014 IEEE Network Operations and Management Symposium (NOMS), pp.1-9, 2014.

A. Barresi, CAIN: Silently Breaking ASLR in the Cloud, In: WOOT, 2015.

A. Baumann, M. Peinado, and G. Hunt, Shielding Applications from an Untrusted Cloud with Haven, ACM Trans. Comput. Syst, vol.33, issue.3, 2015.

M. Bazm, Side-channels Beyond the Cloud Edge: New Isolation Threats and Solutions, 2017 1st Cyber Security in Networking Conference (CSNet). 2017 1st Cyber Security in Networking Conference (CSNet), pp.1-8, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01593144

F. Bellard, QEMU, A Fast and Portable Dynamic Translator, USENIX Annual Technical Conference, FREENIX Track, pp.41-46, 2005.

A. Bessani, The TClouds Platform: Concept, Architecture and Instantiations, Proceedings of the 2Nd International Workshop on Dependability Issues in Cloud Computing. DISCCO '13, vol.1, 2013.

B. Parducci, H. Lockhart, and E. Rissanen, eXtensible Access Control Markup Language (XACML) Version 3, 2013.

T. Binz, TOSCA: Portable Automated Deployment and Management of Cloud Applications, Advanced Web Services. Ed. by Athman Bouguettaya, Quan Z. Sheng, and Florian Daniel, pp.527-549, 2014.

P. Daniel, M. Bovet, and . Cesati, Understanding the Linux Kernel: from I/O ports to Process Management, vol.929, 2005.

A. Bratterud, IncludeOS: A Minimal, Resource Efficient Unikernel for Cloud Services, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), pp.250-257, 2015.

A. Bratterud, A. Happe, and R. Duncan, Enhancing Cloud Security and Privacy: The Unikernel Solution, Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, 2017.

J. Cappos, A Look in the Mirror: Attacks on Package Managers, Proceedings of the 15th ACM Conference on Computer and Communications Security. CCS '08, pp.565-574, 2008.

M. Carbone, D. Zamboni, and W. Lee, Taming Virtualization, IEEE Security Privacy, vol.6, issue.1, pp.1540-7993, 2008.

M. Carpenter, T. Liston, and E. Skoudis, Hiding Virtualization from Attackers and Malware, IEEE Security Privacy, vol.5, pp.1540-7993, 2007.

S. Checkoway and H. Shacham, Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface, Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems. ASPLOS '13, pp.253-264, 2013.

R. David, K. J. Cheriton, and . Duda, A Caching Model of Operating System Kernel Functionality, Proceedings of the 1st USENIX Conference on Operating Systems Design and Implementation. OSDI '94, 1994.

M. Christodorescu, Cloud Security Is Not (Just) Virtualization Security: a Short Paper, Proceedings of the 2009 ACM workshop on Cloud computing security -CCSW '09. the 2009 ACM workshop, p.97, 2009.

, Linux man page, 2018.

C. J. Chung, NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems, IEEE Transactions on Dependable and Secure Computing, vol.10, pp.1545-5971, 2013.

, Cohttp: Very lightweight HTTP Server using Lwt or Async. MirageOS, 2017.

P. Colp, Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor, Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. SOSP '11, pp.189-202, 2011.

J. Criswell, N. Dautenhahn, and V. Adve, Virtual Ghost: Protecting Applications from Hostile Operating Systems, Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems. AS-PLOS '14, pp.81-96, 2014.

N. Dautenhahn, Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation, SIGARCH Comput. Archit. News, vol.43, pp.163-5964, 2015.

R. Di-cosmo, S. Zacchiroli, and P. Trezentos, Package Upgrades in FOSS Distributions: Details and Challenges, Proceedings of the 1st International Workshop on Hot Topics in Software Upgrades. HotSWUp '08, vol.7, pp.1-7, 2008.
URL : https://hal.archives-ouvertes.fr/hal-00359847

. Docker--build, Ship, and Run Any App, Anywhere, 2018.

. Docker, , 2017.

G. Dreo, ICEMAN: An architecture for secure federated inter-cloud identity management, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013). 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013), pp.1207-1210, 2013.

R. Dua, A. R. Raja, and D. Kakadia, Virtualization vs Containerization to Support PaaS, 2014 IEEE International Conference on Cloud Engineering, pp.610-614, 2014.

D. R. Engler, M. F. Kaashoek, and J. O'toole, Exokernel: An Operating System Architecture for Application-level Resource Management, SIGOPS Oper. Syst. Rev, vol.29, pp.251-266, 1995.

. Eu-gdpr-information-portal and . Eu, , 2018.

. Seyed-kaveh-fayazbakhsh, FlowTags: Enforcing Network-wide Policies in the Presence of Dynamic Middlebox Actions, Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking -HotSDN '13. the second ACM SIGCOMM workshop. Hong Kong, p.19, 2013.

W. Felter, An Updated Performance Comparison of Virtual Machines and Linux Containers, 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), pp.171-172, 2015.

, The Linux Foundation. Bridge. url

T. Garfinkel and M. Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection, In: Ndss, vol.3, pp.191-206, 2003.

J. Geffner and . Vulnerability,

W. Glozer, wrk: Modern HTTP Benchmarking Tool. original-date: 2012-03-20T11:12:28Z. Sept. 5, 2017, 2017.

A. Goel, The Taser Intrusion Recovery System, SIGOPS Oper. Syst. Rev, vol.39, pp.163-5980, 2005.

R. P. Goldberg, Survey of Virtual Machine Research, Computer 7, pp.34-45, 1974.

G. Gu, Building a Security OS With Software Defined Infrastructure, Proceedings of the 8th Asia-Pacific Workshop on Systems. APSys '17, vol.4, 2017.

W. Gu, Characterization of Linux Kernel Behavior under Errors, International Conference on Dependable Systems and Networks, 2003. Proceedings.(DSN). 2003 International Conference on Dependable Systems and Networks, vol.00, p.459, 2003.

, Container Runtime Sandbox, 2018.

S. Hachana, N. Cuppens-boulahia, and F. Cuppens, Mining a high level access control policy in a network with multiple firewalls, Journal of Information Security and Applications. Security, Privacy and Trust in Future Networks and Mobile Computing, vol.20, pp.2214-2126, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01207768

A. Hakiri, Software-Defined Networking: Challenges and research opportunities for Future Internet, Computer Networks, vol.75, pp.1389-1286, 2014.

R. Hastings and B. Joyce, Purify: Fast Detection of Memory Leaks and Access Errors, Proceedings of the Winter 1992 USENIX Conference, pp.125-138, 1991.

R. He, SDAC: A New Software-Defined Access Control Paradigm for Cloud-Based Systems, Information and Communications Security, pp.570-581, 2018.

T. Heo, Control Group v2, 2015.

J. Heyens, K. Greshake, and E. Petryka, MongoDB Databases at Risk, Center for IT-Security, Privacy, and Accountability, 2015.

G. Hurel, Towards Cloud-based Compositions of Security Functions for Mobile Devices, IFIP/IEEE International Symposium on Integrated Network Management (IM). 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp.578-584, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01093041

J. , P. J. Jeong, and H. Kim, Software-Defined Networking Based Security Services using Interface to Network Security Functions, 2015.

T. Jaeger, R. Sailer, and X. Zhang, Analyzing Integrity Protection in the SELinux Example Policy, Proceedings of the 12th Conference on USENIX Security Symposium, vol.12, pp.5-5, 2003.

X. Jiang, X. Wang, and D. Xu, Stealthy Malware Detection Through Vmm-based "Out-of-the-box, Proceedings of the 14th ACM Conference on Computer and Communications Security. CCS '07, pp.128-138, 2007.

J. Martin, Code-injection Vulnerabilities in Web Applications -Exemplified at Cross-site Scripting, it -Information Technology Methoden und innovative Anwendungen der Informatik und Informationstechnik, vol.53, pp.256-160, 2011.

H. Kang, M. Le, and S. Tao, Container and Microservice Driven Design for Cloud Infrastructure DevOps, 2016 IEEE International Conference on Cloud Engineering (IC2E)

, IEEE International Conference on Cloud Engineering (IC2E), pp.202-211, 2016.

, Kata Containers -The Speed of Containers, the Security of VMs, 2018.

J. O. Kephart and D. M. Chess, The Vision of Autonomic Computing, Computer, vol.36, issue.1, 2003.

S. T. King and P. M. Chen, SubVirt: implementing malware with virtual machines, 2006 IEEE Symposium on Security and Privacy (S P'06), vol.14, p.327, 2006.

A. Kivity, KVM: the Linux Virtual Machine Monitor, Proceedings of the Linux symposium. Linux Symposium, vol.1, pp.225-230, 2007.

G. Klein, seL4: Formal Verification of an OS Kernel, Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles. SOSP '09, pp.207-220, 2009.

P. Kocher, J. Jaffe, and B. Jun, Differential Power Analysis, Advances in Cryptology -CRYPTO' 99: 19th Annual International Cryptology Conference, 1999.

H. Berlin, , pp.388-397, 1999.

K. Kolyshkin, Virtualization in Linux, White paper, vol.3, p.39, 2006.

J. Kook, Optimization of out of Memory Killer for Embedded Linux Environments, Proceedings of the 2011 ACM Symposium on Applied Computing. SAC '11, pp.633-634, 2011.

T. Koorevaar, Dynamic Enforcement of Security Policies in Multi-Tenant Cloud Networks, 2012.

K. Kortchinsky, Cloudburst, Black Hat, 2009.

J. Larkby-lahet, Xomb: an Exokernel for Modern 64-bit, Multicore Hardware, WSO-VII Workshop de Sistemas Operacionais, pp.1991-1998, 2010.

K. K. Lau and Z. Wang, Software Component Models, IEEE Transactions on Software Engineering, vol.33, pp.98-5589, 2007.

C. Li, A. Raghunathan, and N. K. Jha, Secure Virtual Machine Execution under an Untrusted Management OS, 2010 IEEE 3rd International Conference on Cloud Computing, pp.172-179, 2010.

D. Lie, A. Chandramohan, M. Thekkath, and . Horowitz, Implementing an Untrusted Operating System on Trusted Hardware, Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles. SOSP '03, pp.178-192, 2003.

J. Liedtke, On Micro-kernel Construction, Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles. SOSP '95, pp.237-250, 1995.

C. H. Lin, C. H. Chen, and C. S. Laih, A Study and Implementation of Vulnerability Assessment and Misconfiguration Detection, IEEE Asia-Pacific Services Computing Conference, pp.1252-1257, 2008.

, Linux Containers -LXC -Introduction, 2018.

J. Liu, Leveraging Software-defined Networking for Security Policy Enforcement, Information Sciences 327.Supplement C, pp.288-299, 2016.

T. Lodderstedt, D. Basin, and J. Doser, SecureUML: A UML-Based Modeling Language for Model-Driven Security, UML 2002 -The Unified Modeling Language, pp.426-441, 2002.

M. Lorch, First Experiences Using XACML for Access Control in Distributed Systems, Proceedings of the 2003 ACM Workshop on XML Security. XMLSEC '03, pp.25-37, 2003.

B. M. Luettmann and A. C. Bender, Man-in-the-middle attacks on auto-updating software, Bell Labs Technical Journal, vol.12, pp.1538-7305, 2007.

S. Luo and M. Salem, Orchestration of software-defined security services, 2016 IEEE International Conference on Communications Workshops (ICC). 2016 IEEE International Conference on Communications Workshops (ICC), pp.436-441, 2016.

A. Madhavapeddy, Jitsu: Just-In-Time Summoning of Unikernels, Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI '15). 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI '15), pp.559-573, 2015.

A. Madhavapeddy and D. J. Scott, Unikernels: Rise of the Virtual Library Operating System, Queue 11.11 (Dec. 2013), vol.30

A. Madhavapeddy, Unikernels: Library Operating Systems for the Cloud, SIGPLAN Not, vol.48, pp.461-472, 2013.

E. Maler, Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML), 2003.

F. Mancinelli, Managing the Complexity of Large Free and Open Source Package-Based Software Distributions, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06). 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06), pp.199-208, 2006.
URL : https://hal.archives-ouvertes.fr/hal-00149566

P. Matousek, VENOM, Don't Get Bitten, 2015.

P. Mell and T. Grance, The NIST Definition of Cloud Computing, 2011.

.. C. Paul-menage,

, Mirage Skeleton: Examples of simple MirageOS Applications -Static website TLS. Mira-geOS, 2017.

. Mitre and . Cve-, , 1744.

. Mitre and . Cve-, , 2013.

. Mitre and . Cve-, , 2015.

. Mitre and . Cve-, , 2016.

. Mitre and . Cve-, , 2016.

. Mitre and . Cve-, , 2016.

M. Module, , 2018.

M. Morbitzer, SEVered: Subverting AMD's Virtual Machine Encryption, Proceedings of the 11th European Workshop on Systems Security. EuroSec'18, vol.1, pp.1-1, 2018.

A. Mouat, Using Docker: Developing and Deploying Software with Containers, 2015.

K. Nance, M. Bishop, and B. Hay, Virtual Machine Introspection: Observation or Interference?, In: IEEE Security Privacy, vol.6, pp.1540-7993, 2008.

A. Kumar-nayak, Resonance: Dynamic Access Control for Enterprise Networks, Proceedings of the 1st ACM Workshop on Research on Enterprise Networking. WREN '09, pp.11-18, 2009.

L. Nelson, Hyperkernel: Push-Button Verification of an OS Kernel, Proceedings of the 26th Symposium on Operating Systems Principles. SOSP '17, pp.252-269, 2017.

H. B. Robert, B. P. Netzer, and . Miller, What Are Race Conditions?: Some Issues and Formalizations, ACM Lett. Program. Lang. Syst, vol.1, issue.1, pp.1057-4514, 1992.

. Ocaml-package and . Manager,

F. Op, The FU Rootkit, 2008.

V. M. Oracle and . Virtualbox, , 2018.

T. Ormandy, An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments, vol.10, 2007.

D. Palma and T. Spatzier, Topology and Orchestration Specification for Cloud Applications (TOSCA)". In: Organization for the Advancement of Structured Information Standards (OASIS), 2013.

M. , SecMANO: Towards Network Functions Virtualization (NFV) Based Security MANagement and Orchestration, IEEE Trustcom, pp.598-605, 2016.

M. Pattaranantakul, A First Step Towards Security Extension for NFV Orchestrator, Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. SDN-NFVSec '17, 2017.

M. Pattaranantakul, NFV Security Survey: From Use Case Driven Threat Analysis to State-of-the-Art Countermeasures, IEEE Communications Surveys & Tutorials, pp.1553-877, 2018.

B. D. Payne, Lares: An Architecture for Secure Active Monitoring Using Virtualization, 2008 IEEE Symposium on Security and Privacy, pp.233-247, 2008.

M. Pearce, S. Zeadally, and R. Hunt, Virtualization: Issues, Security Threats, and Solutions, In: ACM Comput. Surv, vol.45, issue.2, 2013.

J. Pincus and B. Baker, Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns, IEEE Security Privacy, vol.2, issue.4, pp.1540-7993, 2004.

J. Gerald, R. P. Popek, and . Goldberg, Formal Requirements for Virtualizable Third Generation Architectures, Commun. ACM, vol.17, issue.7, pp.412-421, 1974.

D. E. Porter, Rethinking the Library OS from the Top Down, SIGARCH Comput. Archit. News, vol.39, pp.163-5964, 2011.

F. Qin, S. Lu, and Y. Zhou, SafeMem: Exploiting ECC-memory for Detecting Memory Leaks and Memory Corruption During Production Runs, 11th International Symposium on High-Performance Computer Architecture, pp.291-302, 2005.

D. Quist, V. Smith, and O. Computing, Detecting the Presence of Virtual Machines Using the Local Data Table, Offensive Computing, 2006.

, RabbitMQ -Messaging that just works, 2018.

R. Riley, X. Jiang, and D. Xu, Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing, Recent Advances in Intrusion Detection: 11th International Symposium, 2008.

H. Berlin, , pp.1-20, 2008.

T. Ristenpart, Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-party Compute Clouds, Proceedings of the 16th ACM Conference on Computer and Communications Security. CCS '09, pp.199-212, 2009.

S. John, C. E. Robin, and . Irvine, Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor, Proceedings of the 9th USENIX Security Symposium. 9th USENIX Security, pp.129-144, 2000.

A. A. Rafael-román-otero and . Aravind, MiniOS: An Instructional Platform for Teaching Operating Systems Projects, Proceedings of the 46th ACM Technical Symposium on Computer Science Education. SIGCSE '15, pp.430-435, 2015.

. Olubisi-atinuke-runsewe, A Policy-Based Management Framework for Cloud Computing Security, 2014.

M. Rutkowski and L. Boutier, TOSCA Simple Profile in YAML Version 1.1, OASIS Committee Specification Draft, 2016.

J. Sahoo, S. Mohapatra, and R. Lath, Virtualization: A Survey on Concepts, Taxonomy and Associated Security Issues, 2010 Second International Conference on Computer and Network Technology, pp.222-226, 2010.

R. Sailer, Building a MAC-based security architecture for the Xen open-source hypervisor, 21st Annual Computer Security Applications Conference (ACSAC'05)

, , vol.10, p.285, 2005.

. Team-teso and . Scut, Exploiting Format String Vulnerabilities, 2001.

H. Shacham, On the Effectiveness of Address-space Randomization, Proceedings of the 11th ACM Conference on Computer and Communications Security. CCS '04, pp.298-307, 2004.

E. Al, -. Shaer, and S. Al-haj, FlowChecker: Configuration Analysis and Verification of Federated Openflow Infrastructures, Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration. SafeConfig '10, pp.37-44, 2010.

S. Shin, FRESCO: Modular Composable Security Services for Software-Defined Networks, NDSS. 2013

J. Solomon, User Data Persistence in Physical Memory, Digital Investigation, vol.4, pp.1742-2876, 2007.

S. Soltesz, Container-based Operating System Virtualization: A Scalable, High-performance Alternative to Hypervisors, SIGOPS Oper. Syst. Rev, vol.41, issue.3, pp.275-287, 2007.

U. Steinberg and B. Kauer, NOVA: A Microhypervisor-based Secure Virtualization Architecture, Proceedings of the 5th European Conference on Computer Systems. 5th European Conference on Computer Systems. EuroSys '10, pp.209-222, 2010.

J. Szefer and R. B. Lee, A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing, 2011 31st International Conference on Distributed Computing Systems Workshops, pp.248-252, 2011.

, The Solo5 Unikernel Project. Solo5, 2017.

, The Xen Project, the Powerful Open Source Industry Standard for Virtualization

P. Torr, Demystifying the Threat Modeling Process, IEEE Security Privacy, vol.3, issue.5, pp.1540-7993, 2005.

U. Tupakula and V. Varadharajan, TVDSEC: Trusted Virtual Domain Security, 2011 Fourth IEEE International Conference on Utility and Cloud Computing, pp.57-64, 2011.

F. Valsorda, Escaping a chroot jail/1, 2013.

Y. Verginadis, PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services, Journal of Grid Computing, vol.15, pp.219-234, 2017.

P. Verissimo, A. Bessani, and M. Pasin, The TClouds architecture: Open and resilient cloud-of-clouds computing, IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN 2012, pp.1-6, 2012.

, VMware Virtualization for Desktop & Server, Application, Public & Hybrid Clouds, 2018.

C. A. Waldspurger, Memory Resource Management in VMware ESX Server, SIGOPS Oper. Syst. Rev, vol.36, pp.163-5980, 2002.

A. Walla, Live Updating in Unikernels, vol.118, 2017.

A. Waller, Policy Based Management for Security in Cloud Computing, Secure and Trust Computing, Data Management, and Applications, pp.130-137, 2011.

D. Waltermire, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP version 1.2, NIST Special Publication, vol.800, p.126, 2011.

D. Williams, Run Mirage Unikernels on KVM/QEMU with Solo5, 2016.

D. Williams and R. Koller, Unikernel Monitors: Extending Minimalism Outside of the Box, 8th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 16). USENIX Association, 2016.

R. Wojtczuk, Subverting the Xen hypervisor, Black Hat USA, 2008.

R. Wojtczuk and J. Rutkowska, Attacking Intel Trusted Execution Technology, Black Hat DC 2009, 2009.

R. Wojtczuk and J. Rutkowska, Following the White Rabbit: Software attacks against Intel VT-d technology, 2011.

X. Minios, , 2017.

Y. Xiao, One Cloud Flops: Cross-vm Row Hammer Attacks and Privilege Escalation, Proceedings of the 25th USENIX Security Symposium. 25th USENIX Security Symposium, p.18, 2016.

Y. , Overview of the Internet of Things, 2018.

Y. Zhang, Cross-VM Side Channels and Their Use to Extract Private Keys, Proceedings of the 2012 ACM Conference on Computer and Communications Security. CCS '12, pp.305-316, 2012.

F. Zhou, Scheduler Vulnerabilities and Coordinated Attacks in Cloud Computing, Journal of Computer Security, vol.21, pp.533-559, 2013.