CritiX pursues excellence in research, with the right balance between science and technology. We study new theories and conduct proof-of-concept experiments. We always strive for our publications to describe our research as clearly as possible, and for our demonstrations to be convincing and captivating. We all rejoice when our research impacts the real world, because we believe science is made for others. You may learn more about our culture in the CritiX Research Book of Style.
Internet and Cloud Infrastructures Resilience
Internet and the cloud have two main weak points in terms of security and dependability on which we focus our research on: cloud computing (CC), and software-defined networking (SDN).
Cloud computing has been an extremely successful process and business model. Yet, the dependence of the IT world on clouds is probably not yet matched by adequate levels of robustness. This can be testified by the numerous failures of cloud provider services made public, that have caused service and data loss, as well as confidentiality leaks. Existing approaches (e.g., privileged or federated) provide only partial mitigations to this problem and require an ample margin of trust on the providers. Following the basic principles of design for resilience, our research here specifically draws from early advances on using the multi-cloud or cloud-of-clouds paradigm as a path to achieve resilience for cloud computing, leveraging the availability of multiple cloud environments to create diverse ecosystems. Such a vision obviously reiterates the need to resist advanced persistent threats with fault tolerance, in that the cloud infrastructure may be partially controlled by attackers and yet remain secure and dependable. Ransomware attacks like Wannacry in 2017 would have been much less effective had these paradigms been part of the industry standards.
Software-defined networking is another research interest for our group. SDN is an emerging paradigm that consists in the separation of the control plane and the data plane. Whilst centralising the control logic, and offering network programmability are crucial elements of the value proposition of SDN, they also introduce serious security and dependability issues. In particular, they offer new fault and attack planes, that open the doors to new threats that did not exist before, or were harder to exploit. An attack similar to Stuxnet could have dramatic consequences in a highly configurable and programmable network, albeit ill-protected. It is more than likely that such advanced persistent threats will be developed against SDNs, if there is an opportunity for success. In this context, we plan to study approaches that consider security and dependability of the SDN itself as first-class properties of future SDNs, built into their design and not bolted on. Avenues for such research include security of control plane communications, or controller resilience.