Abstract: A method for managing a cloud computing system, capable of allocating computing and network resources to a plurality of clients, each client being associated with at least one user likely to access the computing and network resources allocated to the client by the cloud computing system. This method includes, for at least one client of the cloud computing system: providing to the client a meta-model having a plurality of elements defining an access control model and an access control policy for the client; receiving an instance of the meta-model provided by the client, this instance defining, for the client, an access control model and an access control policy based on this access control model; and applying the access control policy to control an access of a user of the client to at least one resource allocated to the client by the cloud computing system.

Abstract: A method for processing access requests and a web browser are disclosed. In one embodiment, the processing method may be applied by a gateway maintaining a database containing, for each from among a plurality of computer virtualization platforms, at least one service provided by this platform and connection information to this platform. In one embodiment, the method comprises receiving an access request to a computer virtualization service provided by a platform transmitted by a web browser of a terminal and, if the requested service is in the database, generating from associated connection information in the database with this service, a system application adapted to the service. The system application may be configured to connect to the platform to allow the terminal to negotiate the establishment and maintenance of a communication session with the latter. The method may also comprise sending the system application to the web browser.

Abstract: Method of processing a data packet relating to a service, said packet being conveyed by an interconnection gateway between a mobile communication network and a packet communication network, destined for said packet communication network The method comprises a step of obtaining by a virtualized node an identifier of the service to which the packet relates and a step of obtaining on the basis of the service identifier a sequence of at least one elementary network function for processing said packet The packet is transmitted to a virtualized node in order to apply the current function and if there exists a function following the current function in the sequence selection of selecting a next virtualized node able to implement said following function. If no function following the current function in the sequence exists, the virtualized node transmits the output packet to the packet communication network.

Abstract: A method for managing a cloud computing system, capable of allocating computing and network resources to a plurality of clients, each client being associated with at least one user likely to access the computing and network resources allocated to the client by the cloud computing system. This method includes, for at least one client of the cloud computing system: providing to the client a meta-model having a plurality of elements defining an access control model and an access control policy for the client; receiving an instance of the meta-model provided by the client, this instance defining, for the client, an access control model and an access control policy based on this access control model; and applying the access control policy to control an access of a user of the client to at least one resource allocated to the client by the cloud computing system.

Abstract: A method for managing virtualized software functions in a communication network includes: receiving a data model describing the functionality of a virtualized software function; generating a configuration interface defining the functionality, the interface being intended to be used for invoking the virtualized software function; generating and installing a first software agent, which implements the configuration interface, the first agent being configured to allow, when it is invoked, the calling of a virtual machine implementing the virtualized software function.

Abstract: A method which makes it possible to manage access control between a first entity and a second entity belonging to two security domains in a cloud network is disclosed. In one aspect the method comprises, if the entities belong to security domains implementing different access control policies, determining whether there exists a first access control rule between the first entity and a virtual entity within the security domain of the first entity, and a second access control second rule between the second entity and the virtual entity within the security domain of the second entity. If so, the method may comprise controlling access between the first and second entities as a function of the first and second rules.

Abstract: One embodiment is an authentication method comprising on receiving a request from the web browser of the terminal, the request including a user identifier, obtaining authentication data that is associated with the user identifier and that is stored in a database of the internal network, configuring a proxy server authorizing access via the access security entity to the internal network for a determined set of connection parameters, generating a first application from the connection parameters of the set, which application is protected using at least one determined portion of the authentication data and being configured to, on being executed by the web browser, set up a connection between the terminal and the proxy server using the parameters, this being done in response to the at least determined portion of the authentication data being supplied and transmitting the first application to the web browser of the terminal.

Abstract: Disclosed is a method comprising updating a first model describing a pool of computer and network resources and a second multi-level hierarchical model describing an entity, each level having at least one element containing one or more users of the entity and associated with an algorithm for allocating at least a portion of the pool, the union of the elements at any level containing all of the users, such that the first and second models represent a current state of the pool of resources and a current state of the entity. Upon request from a user to access a resource specified in the request, resources may be identified by applying the algorithms of the second model to the current state of the pool represented by the first model, verifying compatibility between the identified resources and the resource specified in the request, and rejecting the request in the event of incompatibility.

Abstract: In one embodiment disclosed herein is a method of processing a request made by a terminal of a user to access a resource made available to a client entity by a platform of a cloud computer service supplier. The method is performed by a server situated between the terminal and the platform utilizing distinct instructions for each client entity. The method comprises verifying that the user is authorized to access the computer resource via the terminal by applying to the user and to the resource an access control model and an access control policy corresponding to the model.

Abstract: Method of processing a data packet relating to a service, said packet being conveyed by an interconnection gateway between a mobile communication network and a packet communication network, destined for said packet communication network, said method comprising a step of obtaining by a virtualized node an identifier of the service to which the packet relates, characterized in that said method furthermore comprises: —a step of obtaining on the basis of the service identifier a sequence of at least one elementary network function for processing said packet; —for processing the packet, the first function of the sequence corresponding at the first iteration to a current function, the packet being transmitted at the input of a virtualized node able to implement a current function: —application of the current function to the input packet so as to obtain an output packet by the virtualized node; —if there exists a function following the current function in the sequence; —selection of a next virtualized node able to i

Abstract: One embodiment disclosed herein serves to establish a trust relationship for sharing resources between a trustee tenant and a trustor tenant in a cloud network. It comprises receiving a requirement file (REQ) from the trustee tenant said file including at least one permission desired by the tenant, searching for and identifying at least one opportunity file sent by a trustor tenant, this file including at least the permissions, and storing information representative of a trust relationship for sharing resources between the tenants.

Abstract: A method is provided for supervising security of an architecture having a plurality of interconnected clouds. A cloud includes a plurality of resources and a security supervisor. The plurality of resources forms in the cloud a plurality of groups of resources associated respectively with a security domain. A security controller supervises the resources of the domain, and a plurality of physical machines contains the resources of the plurality of clouds. The method includes: receiving a security event by a security controller of a first cloud, originating from a first resource associated with a first security domain; dispatching said security event to the security supervisor of the first cloud; and dispatching by the security supervisor of the first cloud a security order in reaction to the security event to at least one second security controller of the first cloud and dispatching the security order by the second security controller to a second resource supervised by the second controller.

Abstract: One embodiment is an authentication method comprising on receiving a request from the web browser of the terminal, the request including a user identifier, obtaining authentication data that is associated with the user identifier and that is stored in a database of the internal network, configuring a proxy server authorizing access via the access security entity to the internal network for a determined set of connection parameters, generating a first application from the connection parameters of the set, which application is protected using at least one determined portion of the authentication data and being configured to, on being executed by the web browser, set up a connection between the terminal and the proxy server using the parameters, this being done in response to the at least determined portion of the authentication data being supplied and transmitting the first application to the web browser of the terminal.

Abstract: A method which makes it possible to manage access control between a first entity and a second entity belonging to two security domains in a cloud network is disclosed. In one aspect the method comprises, if the entities belong to security domains implementing different access control policies, determining whether there exists a first access control rule between the first entity and a virtual entity within the security domain of the first entity, and a second access control second rule between the second entity and the virtual entity within the security domain of the second entity. If so, the method may comprise controlling access between the first and second entities as a function of the first and second rules.

Abstract: A method for processing access requests and a web browser are disclosed. In one embodiment, the processing method may be applied by a gateway maintaining a database containing, for each from among a plurality of computer virtualization platforms, at least one service provided by this platform and connection information to this platform. In one embodiment, the method comprises receiving an access request to a computer virtualization service provided by a platform transmitted by a web browser of a terminal and, if the requested service is in the database, generating from associated connection information in the database with this service, a system application adapted to the service. The system application may be configured to connect to the platform to allow the terminal to negotiate the establishment and maintenance of a communication session with the latter. The method may also comprise sending the system application to the web browser.

Abstract: Disclosed is a method comprising updating a first model describing a pool of computer and network resources and a second multi-level hierarchical model describing an entity, each level having at least one element containing one or more users of the entity and associated with an algorithm for allocating at least a portion of the pool, the union of the elements at any level containing all of the users, such that the first and second models represent a current state of the pool of resources and a current state of the entity. Upon request from a user to access a resource specified in the request, resources may be identified by applying the algorithms of the second model to the current state of the pool represented by the first model, verifying compatibility between the identified resources and the resource specified in the request, and rejecting the request in the event of incompatibility.

Abstract: One embodiment disclosed herein serves to establish a trust relationship for sharing resources between a trustee tenant and a trustor tenant in a cloud network. It comprises receiving a requirement file (REQ) from the trustee tenant said file including at least one permission desired by the tenant, searching for and identifying at least one opportunity file sent by a trustor tenant, this file including at least the permissions, and storing information representative of a trust relationship for sharing resources between the tenants.

Abstract: A method is provided for supervising security of an architecture having a plurality of interconnected clouds. A cloud includes a plurality of resources and a security supervisor. The plurality of resources forms in the cloud a plurality of groups of resources associated respectively with a security domain. A security controller supervises the resources of the domain, and a plurality of physical machines contains the resources of the plurality of clouds. The method includes: receiving a security event by a security controller of a first cloud, originating from a first resource associated with a first security domain; dispatching said security event to the security supervisor of the first cloud; and dispatching by the security supervisor of the first cloud a security order in reaction to the security event to at least one second security controller of the first cloud and dispatching the security order by the second security controller to a second resource supervised by the second controller.

Abstract: In one embodiment disclosed herein is a method of processing a request made by a terminal of a user to access a resource made available to a client entity by a platform of a cloud computer service supplier.