Towards a trusted grid architecture

Cooper, Andrew

January 2010

The malicious host problem is challenging in distributed systems such as grids and clouds. Rival organisations may share the same physical infrastructure. Administrators might deliberately or accidentally compromise users' data. The thesis concerns the development of a security architecture that allows users to place a high degree of trust in remote systems to process their data securely. The problem is tackled through a new security layer that ensures users' data can only be accessed within a trusted execution environment. Access to encrypted programs and data is authorised by a key management service using trusted computing attestation. Strong data integrity and confidentiality protection on remote hosts is provided by the job security manager virtual machine. The trusted grid architecture supports the enforcement of digital rights management controls. Subgrids allow users to define a strong trusted boundary for delegated grid jobs. Recipient keys enforce a trusted return path for job results to help users create secure grid workflows. Mandatory access controls allow stakeholders to mandate the software that is available to grid users. A key goal of the new architecture is backwards compatibility with existing grid infrastructure and data. This is achieved using a novel virtualisation architecture where the security layer is pushed down to the remote host, so it does not need to be pre-installed by the service provider. A new attestation scheme, called origin attestation, supports the execution of unmodified, legacy grid jobs. These features will ease the transition to a trusted grid and help make it practical for deployment on a global scale.

621.382

Gestion d'une architecture hétérogène distribuée à l'aide du SDN / Management of a heterogeneous distributed architecture with the SDN

Gonzalez santamaria, Carlos

19 December 2017

Les acteurs majeurs d'Internet ont mis en place dans leurs datacenters de plus en plus de virtualisation pour permettre de faire fonctionner plusieurs systèmes d'exploitation simultanément sur un même serveur physique. Cette technologie a permis de faire des économies énergétiques et financières importantes. Elle utilise également au niveau de la recherche depuis peu de temps, en particulier dans le domaine des réseaux. Traditionnellement, ce sont des équipements physiques tels que des commutateurs ou des routeurs qui se chargent du transfert de l'information, à la suite d'une programmation effectuée par les administrateurs. Dorénavant, ces équipements sont également virtualisés et la décision prise pour l'acheminement de l'information se fait de manière logiciel. Des expérimentations de cette technologie de virtualisation du réseau, aussi appelé Software-Defined Network (SDN), ont été mise en place par Google pour relier ses principaux datacenters [1], au travers le monde.Dans le cadre de ce projet, nous présentons une nouvelle architecture basée sur les concepts du SDN, pour les réseaux avec ou sans infrastructure. Cette architecture est composée de réseaux filaires, sans fil et ad-hoc. Elle est ensuite proposée pour intégrer des objets communicants dans un domaine du réseau SDN. Différents domaines sont alors interconnectés pour que la gestion du réseau soit distribuée, sans toutefois réduire le niveau de sécurité. Cette étude propose une nouvelle architecture sécurisée et distribuée pour l'IoT (Internet des Objets). / Recently, the giants of the Internet are adopting every day more and more the benefits of virtualization within the data center. Each virtualized application and its operating system can run simultaneously from one physical device. This technology reduces significantly power consumption, energy consumption, as well as operational cost. Furthermore, not long ago, this promising solution is studied by the research communities to be extended for network virtualization deployment. In traditional network physical device like routers and/or switches are responsible to transfer the information from one point to another, following the instructions previously programmed by a network administrator. At this time, the physical networking devices can be virtualized, providing an intelligent abstraction via virtual network software that makes easy to deploy and manage network resources. The search giant Google has deployed SDN to experiment with the inter-connection between their data center around the world [1].With the exponential growth of devices connected to the Internet, security network is one of the hardest challenge for network managers. Maintaining and securing such large scale and heterogeneous network is a challenging task. In this context, the new networking paradigm, the Software Defined Networking (SDN), introduces many opportunities and provides the potential to overcome those challenges. In our approach, we first propose a new SDN based architecture for networking with or without infrastructure, that we call an SDN domain. This domain includes wired network, wireless network and Ad-Hoc networks. Next, a second architecture includes sensor networks in an SDN-based network and in a domain. Third, interconnecting multiple domains and we describe how we can enhance the security of each domain and how to distribute the security rules in order not to compromise the security of one domain. Finally, we present a new secure and distributed architecture for ad-hoc networks and IoT (Internet of Things).

Réseaux ad-Hoc

Sdn

Openflow

Sécurité informatique

Cluster

Routage

Sdn

Openflow

Grid of Security

Network ad-Hoc

Cluster

Routing

004.6