Framework Implementation Based On Grid of Smart Cards To Authenticate Virtual Machines

Abstract : While Cloud and virtual infrastructure services can offer great flexibility and convenience for its users, these users no longer have control over the platform on which their services are run. Not only users do not have any guarantees that their services have not leaked any sensitive information, but they may be also subject to attacks by other malicious users in the system. To address this issue, the SecFuNet project proposes to integrate the secure microcontrollers in order to introduce, among its many services, authentication and authorization functions for Cloud and virtual environments. One of the main goals of the Security for Future Networks project (SecFuNet) is to develop a secure infrastructure for virtualized environments and Clouds in order to provide strong isolation among virtual infrastructures. In other words, any solution to this problem should guarantee that one virtual machine (VM) should not interfere with others. The objective is to develop a highly secure identification scheme based on Authentication and Authorization Infrastructures (AAIs). The SecFuNet identity model addresses two kinds of elements: users and nodes. For each of them an identity platform is provided dealing with OpenID, and grids of secure elements, to enforce confidentiality, integrity, and availability of the virtual infrastructure. The goal of this paper is to describe the implementation and the experimentation of the solution for identifying nodes in the SecFuNet architecture. In this implementation, we also employ low-cost smart cards. Only authorized users are allowed to create or instantiate virtual environments. Thus, users and hypervisors are equipped with secure elements, used to open TLS secure channels with strong mutual authentication. Finally, since the physical substrates are shared by several resources (Users, VMs ...), the proposed framework must ensure that one resource cannot interfere with the operations of another resource.
Type de document :
Communication dans un congrès
SECRYPT 2014 - 11th International Conference on Security and Cryptography, Aug 2014, Vienne, Austria. IEEE, pp.1-6
Liste complète des métadonnées

Littérature citée [2 références]  Voir  Masquer  Télécharger

https://hal.archives-ouvertes.fr/hal-01018084
Contributeur : Hassane Aissaoui <>
Soumis le : jeudi 3 juillet 2014 - 15:52:50
Dernière modification le : mercredi 20 février 2019 - 14:41:18
Document(s) archivé(s) le : vendredi 3 octobre 2014 - 11:40:35

Fichier

SECRYPT_2014-07-28.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01018084, version 1

Citation

Hassane Aissaoui, Pascal Urien, Guy Pujolle. Framework Implementation Based On Grid of Smart Cards To Authenticate Virtual Machines. SECRYPT 2014 - 11th International Conference on Security and Cryptography, Aug 2014, Vienne, Austria. IEEE, pp.1-6. 〈hal-01018084〉

Partager

Métriques

Consultations de la notice

520

Téléchargements de fichiers

171