Secure Service Provisioning in a Public Cloud

Aslam, Mudassar

January 2012

The evolution of cloud technologies which allows the provisioning of IT resources over the Internet promises many benefits for the individuals and enterprises alike. However, this new resource provisioning model comes with the security challenges which did not exist in the traditional resource procurement mechanisms. We focus on the possible security concerns of a cloud user (e.g. an organization, government department, etc.) to lease cloud services such as resources in the form of Virtual Machines (VM) from a public Infrastructure-as-a-Service (IaaS) provider. There are many security critical areas in the cloud systems, such as data confidentiality, resource integrity, service compliance, security audits etc. In this thesis, we focus on the security aspects which result in the trust deficit among the cloud stakeholders and hence hinder a security sensitive user to benefit from the opportunities offered by the cloud computing. Based upon our findings from the security requirements analysis,we propose solutions that enable user trust in the public IaaS clouds. Our solutions mainly deal with the secure life cycle management of the user VM which include mechanisms for VM launch and migration. The VM launch and migration solutions ensure that the user VM is always protected in the cloud by only allowing it to run on the user trusted platforms. This is done by using trusted computing techniques that allow the users to remotely attest and hence rate the cloud platforms trusted or untrusted. We also provide a prototype implementation to prove the implementation feasibility of the proposed trust enabling principles used in the VM launch and migration solutions.

VM migration

trusted platforms

cloud security

IaaS

TPM

Security

Trusted Computing

Virtualization

Cloud Computing

trust

Security and Trust in Mobile Cloud Computing / La sécurité et la confiance pour le Cloud computing mobile

Le Vinh, Thinh

14 December 2017

Nous vivons aujourd’hui dans l'ère cybernétique où de nouvelles technologies naissent chaque jour avec la promesse de rendre la vie humaine plus confortable, pratique et sûre. Parmi ces nouvelles technologies, l'informatique mobile se développe en influençant la vie de l’utilisateur. En effet, les plates-formes mobiles (smartphone, tablette) sont devenues les meilleurs compagnons de l’utilisateur pour mener à bien ses activités quotidiennes, comme les activités commerciales ou de divertissement. En jouant ces rôles importants, les plates-formes mobiles doivent opérer dans des environnements de confiance. Dans cette thèse, nous étudions la sécurité des plates-formes mobiles en passant d’un niveau de sécurité primitif qui s’appuie sur les plates-formes de confiance, à un niveau plus sophistiqué qui se base sur de l’intelligence bio-inspirée. Plus précisément, après avoir abordé les défis du cloud computing mobile (MCC), nous développons une étude de cas appelée Droplock pour le cloud mobile et nous étudions son efficacité énergétique et ses performances pour illustrer le modèle MCC. En outre, en s’appuyant sur les plates-formes de confiance (comme les TPM), nous avons introduit un nouveau schéma d'attestation à distance pour sécuriser les plates-formes mobiles dans le contexte du cloud mobile. Pour améliorer le niveau de sécurité et être adaptatif au contexte, nous avons utilisé de la logique floue combinant un système de colonies de fourmis pour évaluer la confiance et la réputation du cloud mobile basé sur la notion de cloudlets. / As living in the cyber era, we admit that a dozen of new technologies have been born every day with the promises that making a human life be more comfortable, convenient and safe. In the forest of new technologies, mobile computing is raise as an essential part of human life. Normally, mobile devices have become the best companions in daily activities. They have served us from the simple activities like entertainment to the complicated one as business operations. As playing the important roles, mobile devices deserve to work in the environment which they can trust for serving us better. In this thesis, we investigate the way to secure mobile devices from the primitive security level (Trusted Platforms) to the sophisticated one (bio-inspired intelligence). More precisely, after addressing the challenges of mobile cloud computing (MCC), we have studied the real-case of mobile cloud computing, in terms of energy efficiency and performance, as well as proposed a demonstration of particular MCC model, called Droplock system. Moreover, taking advantages of trusted platform module functionality, we introduced a novel schema of remote attestation to secure mobile devices in the context of Mobile-Cloud based solution. To enhance the security level, we used fuzzy logic combining with ant colony system to assess the trust and reputation for securing another mobile cloud computing model based on the cloudlet notion.

Cloud computing

Sécurité

Systèmes de confiance

Plates-Formes mobiles

Logique floue

Efficacité énergétique

Cloud computing

Security

Trusted platforms

Mobile systems

Fuzzy logic

Energy efficiency

004.678 2

005.8