Paper Info
Title
Unikernel-based approach for software-defined security in cloud infrastructures.
Abstract
The heterogeneity of cloud resources implies substantial overhead to deploy and configure adequate security mechanisms. In that context, we propose a software-defined security strategy based on unikernels to support the protection of cloud infrastructures. This approach permits to address management issues by uncoupling security policy from their enforcement through programmable security interfaces. It also takes benefits from unikernel virtualization properties to support this enforcement and provide resources with low attack surface. These resources correspond to highly constrained configurations with the strict minimum for a given period. We describe the management framework supporting this software-defined security strategy, formalizing the generation of unikernel images that are dynamically built to comply with security requirements over time. Through an implementation based on MirageOS, and extensive experiments, we show that the cost induced by our security integration mechanisms is small while the gains in limiting the security exposure are high.
Year
Venue
Keywords
2018
IEEE IFIP Network Operations and Management Symposium
Security Management,Cloud Infrastructures and Services,Software-Defined Security,Resource Virtualization,Unikernel
Field
DocType
ISSN
Unikernel,Virtualization,Attack surface,Computer science,Software,Enforcement,Security policy,Cloud computing,Security management,Distributed computing
Conference
1542-1201
Citations 
PageRank 
References 
0
0.34
0
Authors
5
Name
Order
Citations
PageRank
Maxime Compastié100.34
Remi Badonnel215422.43
Olivier Festor366585.40
Ruan He411.71
Mohamed Kassi-Lahlou500.34