Projet de recherche doctoral numero :3416


Date depot: 1 janvier 1900
Titre: End-to-end Security Architecture and Self-Protection Mechanisms for Cloud Computing Environments
Directeur de thèse: Hervé DEBAR (LTCI (EDMH))
Domaine scientifique: Sciences et technologies de l'information et de la communication
Thématique CNRS : Non defini

Resumé: {{SUJET ATTRIBUE NE PAS CANDIDATER}} --- The rise of cloud computing opens a whole new future for telcos like Orange. This disruptive distributed computing model for large-scale networks is based on the idea of outsourcing corporate IT infrastructures to third parties, a shared pool of computing, storage, and networking resources and services becoming accessible rapidly and on demand. Forecasted benefits include flexible and dynamic resource provisioning, simpler and automated administration of IT infrastructures, and sharing of nearly unlimited CPU, bandwidth, or storage space thanks to resource virtualization, with scalability improvements and massive cost reductions in terms of infrastructure management. Several major IT players like Amazon, Microsoft and Google are thus already proposing cloud computing solutions. However, open systems and shared resources raise many security challenges, making security one of the major barriers to adoption of cloud computing technologies [4]. In addition to traditional threats, new issues should be addressed such as: vulnerabilities due to virtualization of computing infrastructures [1]; unclear effectiveness of traditional network security in terms of authorization and placement of security controls in fully virtualized networks; data isolation and privacy management in multi-tenant environments; and above all how to build and manage trust between users and cloud service providers. If traditional security techniques such as encryption remain relevant for cloud infrastructures, those new threats require specific protection mechanisms. Unfortunately, few solutions are available to tackle those challenges [6][7]. Available mechanisms are highly heterogeneous and fragmented, with lack of an overall vision how to orchestrate them into an integrated security architecture for cloud environments. Besides, the strong dependency of threats on the cloud service delivery and deployment models , the extremely short response times required to activate system defenses efficiently, and the impossibility of manual security maintenance call for a flexible, dynamic, and automated security management of cloud infrastructures, which is clearly lacking today. The ambition of this PhD is to provide elements of answer to those unsolved issues.

Doctorant.e: Wailly Aurelien