DSTN Scholars
Youssoupha GAYE
Problem :
Cloud computing now makes it possible to outsource the analysis and sharing of resources. However, this increases the security and confidentiality risks associated with data and access management, and raises new security challenges. Indeed, the cloud is becoming the central nerve of Internet services, making the use of mobile devices more attractive to users. The downside of this ubiquitous use of cloud services is an increase in the number of vulnerabilities and threats. Larger data sets are built up in the cloud, making them more attractive to security attacks. Multi-vendor cloud federations offer a very promising future for cloud computing, mobile cloud computing, the Internet of Things and Big Data applications. This takes the security challenge to a new level.
A federated cloud, also known as a community cloud, is a logical combination of two or more clouds from private, public or even federated clouds. In this combination, two or more clouds often have similar security, compliance and jurisdictional objectives. There are different environments/toolkits, specifications or architectures such as: European Federated Cloud, Massachusetts Open Cloud, mOSAIC, IEEE P2302 and Openstack Keystone.
In Africa, computing and resource sharing are becoming a vital necessity to enable research communities to build datasets across the continent, and to have local computing resources at their disposal. This can be achieved through federated clouds. Securing a federated cloud that enables multiple cloud service providers to collaborate and delegate services becomes more challenging in the African context, where content-level connectivity is low and the network is very scarce.
This thesis is linked to the development of a security framework for FEDGEN (Federated Genomics cloud computing infrastructure) (i.e. a data center) to enable African populations to benefit from genomics-based research and development. This poses two security problems. The first is that the infrastructure needs to be protected in order to detect malicious behavior, and the second is to guarantee privacy when data is used across borders (national level). The particularity of the datasets in SEC-FEDGEN is that they contain highly sensitive data that cannot be sent outside the domain for reasons of confidentiality, while still allowing analysis. This challenge is compounded by the need to share health data for international research and machine learning techniques that are being developed elsewhere. The main scientific challenges that will be addressed in this PhD are:
- Data protection and anomaly detection framework for the federated cloud
- Violation of data confidentiality between federated cloud entities
- Spreading security vulnerabilities
- Safety level negotiation
In the literature, there are a multitude of proposals for solving this type of problem. We have the delegation model based on SDN (Software Defined Networks), the game-theoretic model and the protocol-based model. However, an effective data security model should enable federated cloud services to be built and extended with interfaces for SLAs (Service Level Agreements) that can enable interfaces compliant with national data protection legislation.
- State of the art on security and privacy in federated cloud computing.
- Propose a data security model adapted to the federated distributed cloud (confidentiality, integrity monitoring, distributed anomaly detection, etc.).
- Propose a model for protecting private data in a federated cloud with cloudlets located in different jurisdictions (interoperability, verification of anonymization, access model, compliance, etc.).
- Build a federated cloud based on a public (Huawei, AWS and Google) and private (FEDGEN, Small Grid) cloud service.
- Create a federated cloud based on public cloud providers.
- Implement the framework and models proposed on the FEDGEN test bench.