Paper Info
Title
A TOSCA-Oriented Software-Defined Security Approach for Unikernel-Based Protected Clouds
Abstract
Cloud infrastructures provide new facilities to build elaborated added-value services by composing and configuring a large variety of computing resources, from virtualized hardware devices to software products. In the meantime, they are further exposed to security attacks than traditional environments. The complexity of security management tasks has been increased by the multi-tenancy, heterogeneity and geographical distribution of these resources. They introduce critical issues for cloud service providers and their customers, with respect to security programmability and scenarios of adaptation to contextual changes. In this paper, we propose a software-defined security approach based on the TOSCA language, to enable unikernel-based protected clouds. We first introduce extensions of this language to describe unikernels and specify security constraints for their orchestrations. We then describe an architecture exploiting this extended version of TOSCA for automatically generating, deploying and adjusting cloud resources in the form of protected unikernels with a low attack surface. We finally detail a proof-of-concept prototype, and evaluate the proposed solution through extensive series of experiments.
Year
DOI
Venue
2019
10.1109/NETSOFT.2019.8806623
2019 IEEE Conference on Network Softwarization (NetSoft)
Keywords
Field
DocType
Cloud Environments,Software-Defined Security,Policy-Based Management,Security Orchestration,Unikernels
Unikernel,Cloud resources,Architecture,Attack surface,Computer security,Policy-based management,Computer science,Software,Cloud computing,Security management
Conference
ISBN
Citations 
PageRank 
978-1-5386-9377-3
0
0.34
References 
Authors
8
4
Name
Order
Citations
PageRank
Maxime Compastié100.34
Rémi Badonnel200.34
Olivier Festor366585.40
Ruan He411.71