| During the past decades, the evolution of technology has drastically changed our ways. All major enterprises, government services, and even us as individuals, rely on computers and networks. They have become a part of our personal and professional lives and represent nowadays a critical infrastructure as the amount of data stored numerically as well as its sensitivity has grown considerably.;This evolution continues with the rise of cloud computing. In this new model, one can access software, digital storage or infrastructure without constraints, as the hardware is pooled in remote data center, accessed seamlessly via Internet.;Security has become a major concern in computer science in general and in the cloud in particular, as enterprises moving to the cloud would have to export some of their sensitive data. Therefore, the cloud providers need to offer a level of security which matches what the companies have in their on-site installations.;A middlebox is a network appliance that inspects and filters packets for purposes other than packet forwarding. A firewall is a good example of a middlebox.;Existing solutions to secure the cloud rarely take in consideration the traversal of middle-boxes, as they focus mainly on creating an isolation between the different tenants. Furthermore, the solutions considering the traversal of middlebox sequences do so in a way which does not permit the migration of nodes.;Through our project, we aim to create a cloud architecture allowing the application of security policies per tenant. The security will consist in sequences of middleboxes to be traversed, as it is the way commonly used by enterprises to secure their networks. The enforcement of security policies will have to take in consideration the multi-tenant aspect of the cloud, as well as the node migration.;Particularly, traffic should traverse middleboxes in the sequence required by the tenant and should not traverse unnecessary middleboxes. The enforcement of policies should be automatically re-configured due to VM migrations.;In this work, we propose a method of leveraging the current Software-Defined Network (SDN) architecture for efficient policy enforcement. SDN is a form of network architecture in which the control plane is separated from the data plane, allowing the network to be centrally managed. Therefore, the tenants define the security design they want to apply to their Virtual Machine (VM)s, or groups of VMs. In order to identify the security policies, we use an Application ID (AppID), which actually refers to a chain of middleboxes to be traversed.;We assume that the running hypervisor has the capability to add this AppID into the flow when a VM emits packets. When the first packet of a flow reaches a switch, it is forwarded to the network controller, which in turn retrieves the AppID from the packet. Based on the AppID, the controller determines the chain of middleboxes to be traversed.;In order to route the packets through the middleboxes, our model defines labels to apply to each flow of packets (EEL-tags). The latter are divided in generic EEL-tag (gTag) and instance EEL-tag (iTag). Each gTag corresponds to a middlebox type, and each iTag corresponds to a middlebox instance. The security chain is defined by a chain of gTags. The iTags are added to the packets in order to route the packets across the network, defining what is the next middlebox the packet must be sent to.;By using the EEL-tags, this model provides a simple way to automatically enforce security policies, while keeping them consistent despite node migration. Furthermore, we allow the network to be partitioned in different zones, each zone being ruled by a specific controller. When the VM source and destination belong to different zones, the enforcement of security policies can be spread between the different zones.;We created a prototype of our model that we tested in a simulated environment. Although many aspects of our implementation will have to be improved in order to obtain a viable commercial solution, testing our prototype provided us with a proof of concept. Particularly, it showed how the security policies remain consistent despite node migration. |
