	US 12,443,716 B2
	Secure cloud computing architecture and security method
Dominique Bolignano, Paris (FR)
Assigned to PROVENRUN, Paris (FR)
Appl. No. 17/624,375
Filed by PROVENRUN, Paris (FR)
PCT Filed Jul. 1, 2020, PCT No. PCT/EP2020/068484 § 371(c)(1), (2) Date Jan. 3, 2022, PCT Pub. No. WO2021/001411, PCT Pub. Date Jan. 7, 2021.
Claims priority of application No. 1907284 (FR), filed on Jul. 1, 2019; and application No. 1907614 (FR), filed on Jul. 8, 2019.
Prior Publication US 2022/0358219 A1, Nov. 10, 2022
Int. Cl. G06F 21/57 (2013.01)

CPC G06F 21/57 (2013.01)

16 Claims

1. A secure cloud computing architecture comprising:

a first execution space (A) for data management and/or computer program execution in which the management of the data and/or the execution of the programs is/are controlled by a user; and

a second execution space (B) for data management and/or computer program execution in which the management of the data or the execution of the programs is controlled by a third-party operator;

first security policies (PSA) applied to the data or to the execution of the programs in the first execution space (A);

second security policies (PSB) applied to the data or to the execution of the programs in the second execution space (B);

a security property (P) expected by the user, compliance with the first and second security policies guaranteeing data management and/or computer program execution in accordance with the security property (P); and

a trust base (TCB) guaranteeing, in the absence of violation, the application of the second security policies (PSB) in the management of the data and/or the execution of the programs in the second execution space (B),

wherein the trust base comprises:

a hardware part having observers indicating unauthorised access,

wherein the trust base comprises a hardware security module comprising the hardware part of the trust base, and

a software part, the software part being made available to the user and/or to a representative of the user and/or to a third party trusted by the user,

wherein the observers indicating unauthorised access are visible to the user and/or the representative of the user and/or the third party trusted by the user,

wherein means are provided to the user to enable the user to be convinced that all of the execution paths of the software part of the trust base guarantee compliance with the second security policies, under normal operating conditions,

wherein the architecture further includes a hardware part of the trust base forming an additional security module (BTA), the additional security module being disposed at the entrance of a subset of servers and having means for filtering data packets entering the subset, the filtration including checking up that the data packets comply with a security policy.