The Experts below are selected from a list of 7842768 Experts worldwide ranked by ideXlab platform
Hervé Debar - One of the best experts on this subject based on the ideXlab platform.
-
VESPA: Multi-layered Self-Protection for Cloud Resources
Proceedings of the 9th International Conference on Autonomic Computing, 2012Co-Authors: Aurélien Wailly, Marine Lacoste, Marc Lacoste, Hervé DebarAbstract:Self-Protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This paper presents VESPA, a Self-Protection architecture for cloud infrastructures overcoming such limitations. VESPA is policy-based, and regulates security at two levels, both within and across infrastructure layers. Flexible coordination between Self-Protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation of a VESPA implementation shows that the design is applicable for effective and flexible Self-Protection of cloud infrastructures.
-
ICAC - VESPA: multi-layered Self-Protection for cloud resources
Proceedings of the 9th international conference on Autonomic computing - ICAC '12, 2012Co-Authors: Aurélien Wailly, Marc Lacoste, Hervé DebarAbstract:Self-Protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This paper presents VESPA, a Self-Protection architecture for cloud infrastructures overcoming such limitations. VESPA is policy-based, and regulates security at two levels, both within and across infrastructure layers. Flexible coordination between Self-Protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation of a VESPA implementation shows that the design is applicable for effective and flexible Self-Protection of cloud infrastructures.
Qian Zhang - One of the best experts on this subject based on the ideXlab platform.
-
Efficient Algorithms for p-Self-Protection Problem in Static Wireless Sensor Networks
IEEE Transactions on Parallel and Distributed Systems, 2008Co-Authors: Yu Wang, Qian ZhangAbstract:Wireless sensor networks have been widely used in many surveillance applications. Due to the importance of sensor nodes in such applications, certain level of protection need to be provided to them. We study the self protection problem for static wireless sensor networks in this paper. Self protection problem focuses on using sensor nodes to provide protection to themselves instead of the target objects or certain target area, so that the sensor nodes can resist the attacks targeting on them directly. A wireless sensor network is p-self-protected, if at any moment, for any wireless sensor (active or non-active), there are at least p active sensors that can monitor it. The problem finding minimum p-Self-Protection is NP-complete, and no efficient self protection algorithms have been proposed. In this paper, we provide efficient centralized and distributed algorithms with constant approximation ratio for minimum p-Self-Protection problem in sensor networks with either homogeneous or heterogeneous sensing radius. In addition, we design efficient distributed algorithms to not only achieve p-Self-Protection but also maintain the connectivity of all active sensors. Our simulation confirms the performances of proposed algorithms.
-
the self protection problem in wireless sensor networks
ACM Transactions on Sensor Networks, 2007Co-Authors: Dan Wang, Qian Zhang, Jiangchuan LiuAbstract:Wireless sensor networks have recently been suggested for many surveillance applications, such as object monitoring, path protection, or area coverage. Since the sensors themselves are important and critical objects in the network, a natural question is whether they need certain level of protection, so as to resist the attacks targeting on them directly. If this is necessary, then who should provide this protection, and how it can be doneq We refer to the above problem as Self-Protection, as we believe the sensors themselves are the best (and often the only) candidates to provide such protection. In this article, we for the first time present a formal study on the Self-Protection problems in wireless sensor networks. We show that, if we simply focus on enhancing the quality of field or object covering, the sensors might not necessarily be self-protected, which in turn makes the system extremely vulnerable. We then investigate different forms of Self-Protections, and show that the problems are generally NP-complete. We develop efficient approximation algorithms for centrally controlled sensors. We further extend the algorithms to fully distributed implementation, and introduce a smart sleep-scheduling algorithm that minimizes the energy consumption.
Aurélien Wailly - One of the best experts on this subject based on the ideXlab platform.
-
End-to-end security architecture for cloud computing environments
2014Co-Authors: Aurélien WaillyAbstract:Since several years the virtualization of infrastructures became one of the major research challenges, consuming less energy while delivering new services. However, many attacks hinder the global adoption of Cloud computing. Self-Protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This thesis presents VESPA, a Self-Protection architecture for cloud infrastructures. Flexible coordination between Self-Protection loops allows enforcing a rich spectrum of security strategies. A multi-plane extensible architecture also enables simple integration of commodity security components.Recently, some of the most powerful attacks against cloud computing infrastructures target the Virtual Machine Monitor (VMM). In many case, the main attack vector is a poorly confined device driver. Current architectures offer no protection against such attacks. This thesis proposes an altogether different approach by presenting KungFuVisor, derived from VESPA, a framework to build self-defending hypervisors. The result is a very flexible Self-Protection architecture, enabling to enforce dynamically a rich spectrum of remediation actions over different parts of the VMM, also facilitating defense strategy administration. We showed the application to three different protection scheme: virus infection, mobile clouds and hypervisor drivers. Indeed VESPA can enhance cloud infrastructure security
-
VESPA: Multi-layered Self-Protection for Cloud Resources
Proceedings of the 9th International Conference on Autonomic Computing, 2012Co-Authors: Aurélien Wailly, Marine Lacoste, Marc Lacoste, Hervé DebarAbstract:Self-Protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This paper presents VESPA, a Self-Protection architecture for cloud infrastructures overcoming such limitations. VESPA is policy-based, and regulates security at two levels, both within and across infrastructure layers. Flexible coordination between Self-Protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation of a VESPA implementation shows that the design is applicable for effective and flexible Self-Protection of cloud infrastructures.
-
ICAC - VESPA: multi-layered Self-Protection for cloud resources
Proceedings of the 9th international conference on Autonomic computing - ICAC '12, 2012Co-Authors: Aurélien Wailly, Marc Lacoste, Hervé DebarAbstract:Self-Protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This paper presents VESPA, a Self-Protection architecture for cloud infrastructures overcoming such limitations. VESPA is policy-based, and regulates security at two levels, both within and across infrastructure layers. Flexible coordination between Self-Protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation of a VESPA implementation shows that the design is applicable for effective and flexible Self-Protection of cloud infrastructures.
Marc Lacoste - One of the best experts on this subject based on the ideXlab platform.
-
Self-defending clouds : myth and realities
2012Co-Authors: Marc Lacoste, Aurelien Wailly, Hervé DebarAbstract:Security is a growing concern as it remains the last barrier to widespread adoption of cloud environments. However, is today's cloud security Lucy in the Sky with Diamonds? Expected to be strong, flexible, efficient, and simple? But surprisingly, being neither? A new approach, making clouds self-defending, has been heralded as a possible element of answer to the cloud protection challenge. This paper presents an overview of today's state and advances in the field of cloud infrastructure self-defense. Four key Self-Protection principles are identified for IaaS Self-Protection to be effective. For each layer, mechanisms actually deployed to deliver security are analyzed to see how well they fulfill those principles. The main remaining research challenges are also discussed to yield truly mature self-defending clouds
-
VESPA: Multi-layered Self-Protection for Cloud Resources
Proceedings of the 9th International Conference on Autonomic Computing, 2012Co-Authors: Aurélien Wailly, Marine Lacoste, Marc Lacoste, Hervé DebarAbstract:Self-Protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This paper presents VESPA, a Self-Protection architecture for cloud infrastructures overcoming such limitations. VESPA is policy-based, and regulates security at two levels, both within and across infrastructure layers. Flexible coordination between Self-Protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation of a VESPA implementation shows that the design is applicable for effective and flexible Self-Protection of cloud infrastructures.
-
ICAC - VESPA: multi-layered Self-Protection for cloud resources
Proceedings of the 9th international conference on Autonomic computing - ICAC '12, 2012Co-Authors: Aurélien Wailly, Marc Lacoste, Hervé DebarAbstract:Self-Protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This paper presents VESPA, a Self-Protection architecture for cloud infrastructures overcoming such limitations. VESPA is policy-based, and regulates security at two levels, both within and across infrastructure layers. Flexible coordination between Self-Protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation of a VESPA implementation shows that the design is applicable for effective and flexible Self-Protection of cloud infrastructures.
Yu Wang - One of the best experts on this subject based on the ideXlab platform.
-
Efficient Algorithms for p-Self-Protection Problem in Static Wireless Sensor Networks
IEEE Transactions on Parallel and Distributed Systems, 2008Co-Authors: Yu Wang, Qian ZhangAbstract:Wireless sensor networks have been widely used in many surveillance applications. Due to the importance of sensor nodes in such applications, certain level of protection need to be provided to them. We study the self protection problem for static wireless sensor networks in this paper. Self protection problem focuses on using sensor nodes to provide protection to themselves instead of the target objects or certain target area, so that the sensor nodes can resist the attacks targeting on them directly. A wireless sensor network is p-self-protected, if at any moment, for any wireless sensor (active or non-active), there are at least p active sensors that can monitor it. The problem finding minimum p-Self-Protection is NP-complete, and no efficient self protection algorithms have been proposed. In this paper, we provide efficient centralized and distributed algorithms with constant approximation ratio for minimum p-Self-Protection problem in sensor networks with either homogeneous or heterogeneous sensing radius. In addition, we design efficient distributed algorithms to not only achieve p-Self-Protection but also maintain the connectivity of all active sensors. Our simulation confirms the performances of proposed algorithms.
