Available on ORBilu since
09 September 2014
Doctoral thesis (Dissertations and theses)
CertiCloud and JShadObf. Towards Integrity and Software Protection in Cloud Computing Platforms
Bertholon, Benoit


Full Text
Bertholon - Thesis.pdf
Author postprint (3.58 MB)

All documents in ORBilu are protected by a user license.

Send to


Abstract :
[en] A simple concept that has emerged out of the notion of heterogeneous distributed computing is that of Cloud Computing (CC) where customers do not own any part of the infrastructure; they simply use the available services and pay for what they use. This approach is often viewed as the next ICT revolution, similar to the birth of the Web or the e-commerce. Indeed, since its advent in the middle of the 2000's, the CC paradigm arouse enthusiasm and interest from the industry and the private sector, probably because it formalizes a concept that reduces computing cost at a time where computing power is key to reach competitiveness. Despite the initiative of several major vendors to propose CC services (Amazon, Google, Microsoft etc.), several security research questions remain open to transform the current euphoria into a wide acceptance. Moreover, these questions are not always tackled from the user's point of view. In this context, the purpose of this thesis is to investigate and design novel mechanisms to cover the following domains: - Integrity and confidentiality of Infrastructure-as-a-Service (IaaS) infrastructures, to provide guarantees on programs and data running in a virtualised environment, either before, during or after a deployment on the CC platform. - Software protection on Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) architectures, using code obfuscation techniques. This dissertation details thus two main contributions. The first one is the development and implementation of CertiCloud, a CC framework which relies on the concepts developed in the Trusted Computing Group (TCG) together with hardware elements, i.e., Trusted Platform Module (TPM) to offer a secured and reassuring environment within IaaS platforms. At the heart of CertiCloud reside two protocols: TCRR and VerifyMyVM. When the first one asserts the integrity of a remote resource and permits to exchange a private symmetric key, the second authorizes the user to detect trustfully and on demand any tampering attempt on its running VM. These protocols being key components in the proposed framework, their analysis against known cryptanalytic attacks has been deeply analysed and testified by their successful validation by AVISPA [1] and Scyther [66], two reference tools for the automatic verification of security protocols. The second major contribution proposed in this manuscript is an obfuscation framework named JShadObf, designed to improve the protection of Javascript-based software running typically on SaaS and PaaS platforms. This framework combines obfuscation transformations, code complexity measurements and Multi-Objective Evolutionary Algorithms (MOEAs) to protect Javascript code, the most ubiquitous programming language at the heart of most modern web services deployed over those CC infrastructures such as Google Office Apps, Dropbox or Doodle.
Disciplines :
Computer science
Author, co-author :
Bertholon, Benoit ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Language :
Title :
CertiCloud and JShadObf. Towards Integrity and Software Protection in Cloud Computing Platforms
Defense date :
20 December 2013
Number of pages :
Institution :
Unilu - University of Luxembourg, Luxembourg, Luxembourg
Degree :
Docteur en Informatique
Funders :
Fonds National de la Recherche - FnR (PHD-09-142)


Number of views
149 (8 by Unilu)
Number of downloads
1082 (7 by Unilu)


Similar publications

Contact ORBilu