This invention relates to a method for securing data and/or applications in a “cloud” computing architecture. More specifically, it relates to a method in which the architecture comprises:—a set of virtual servers identified by server identifiers, each virtual server being associated with one or more virtual memory disks, each virtual memory disk being materialized in the form of one or several memory spaces in one or more physical memory disks,—an administration interface which allows a remote user to access, via an Internet-type network, one or more virtual servers which is/are dedicated to said user in the set of virtual servers by means of a key which is specific to the user and/or each virtual server, and for administering said dedicated virtual servers and/or interface components for creating and managing the set of virtual servers.
Infrastructures-as-a-Services (IaaS) are computer infrastructures that have recently been introduced in cloud computing architectures. Such IaaS infrastructures are, for example, provided by Amazon™, Rackspace™, Sun Microsystems™, IBM™, Microsoft™ as well as by certain providers. Today, Amazon™ is the leading provider of such infrastructures. The Infrastructure-as-a-Service provided by Amazon™ is known as EC2™.
Securing the data managed within a dynamic cloud computing architecture is a complex task. Indeed, this data is managed by virtual servers and is stored on disks, which are virtual themselves, and not by physical servers and physical disks distinct from each other.
Attacks or tampering intended to obtain a user's data in a cloud architecture are generally side-channel attacks that may not only originate from the outside, that is, from third parties not using the architecture, but also from other users of the architecture or even service providers. For example, such side-channel attacks may use the shared infrastructure's administration data in order to derive information relating to applications or users.
As a result, service users have only a limited degree of confidence in the ability of cloud computing architectures to preserve their data's integrity and confidentiality.
Of course, methods for securing data through encryption have been imagined. However, these methods are complex to implement and cumbersome to administer, particularly when a large number of virtual servers managing multiple and diversified data are available to the users. Also, these methods are conventional and are designed to be deployed within specific activity frameworks which undergo little or only very gradual change. They are not applicable to the dynamic architectures of cloud computing.