Skip to Main content Skip to Navigation
Conference papers

Framework Implementation Based On Grid of Smart Cards To Authenticate Virtual Machines

Abstract : While Cloud and virtual infrastructure services can offer great flexibility and convenience for its users, these users no longer have control over the platform on which their services are run. Not only users do not have any guarantees that their services have not leaked any sensitive information, but they may be also subject to attacks by other malicious users in the system. To address this issue, the SecFuNet project proposes to integrate the secure microcontrollers in order to introduce, among its many services, authentication and authorization functions for Cloud and virtual environments. One of the main goals of the Security for Future Networks project (SecFuNet) is to develop a secure infrastructure for virtualized environments and Clouds in order to provide strong isolation among virtual infrastructures. In other words, any solution to this problem should guarantee that one virtual machine (VM) should not interfere with others. The objective is to develop a highly secure identification scheme based on Authentication and Authorization Infrastructures (AAIs). The SecFuNet identity model addresses two kinds of elements: users and nodes. For each of them an identity platform is provided dealing with OpenID, and grids of secure elements, to enforce confidentiality, integrity, and availability of the virtual infrastructure. The goal of this paper is to describe the implementation and the experimentation of the solution for identifying nodes in the SecFuNet architecture. In this implementation, we also employ low-cost smart cards. Only authorized users are allowed to create or instantiate virtual environments. Thus, users and hypervisors are equipped with secure elements, used to open TLS secure channels with strong mutual authentication. Finally, since the physical substrates are shared by several resources (Users, VMs ...), the proposed framework must ensure that one resource cannot interfere with the operations of another resource.
Document type :
Conference papers
Complete list of metadata

Cited literature [2 references]  Display  Hide  Download
Contributor : Hassane Aissaoui <>
Submitted on : Thursday, July 3, 2014 - 3:52:50 PM
Last modification on : Friday, January 8, 2021 - 5:42:03 PM
Long-term archiving on: : Friday, October 3, 2014 - 11:40:35 AM


Files produced by the author(s)


  • HAL Id : hal-01018084, version 1


Hassane Aissaoui, Pascal Urien, Guy Pujolle. Framework Implementation Based On Grid of Smart Cards To Authenticate Virtual Machines. SECRYPT 2014 - 11th International Conference on Security and Cryptography, Aug 2014, Vienne, Austria. pp.1-6. ⟨hal-01018084⟩



Record views


Files downloads