Cloud Security Verification

We design an architecture for the verification of infrastructure clouds with respect to security goals. How can automated tools tackle the complexity of cloud topology?


MORE INFO

Cloud topologies are complex!

Whereas ideal topologies of infrastructure clouds are usually shown in a well-ordered model, we discovered that actual production infrastructure have very complex topologies. How can we approach their complexity in tool-supported analysis?


MORE INFO

Infrastructure Cloud Information Flow Analysis

We pursue the information flow analysis of virtualized infrastructures by graph coloring. Analyzing VM connections, network and storage we ask: How can we discover isolation breaches hidden in the actual configuration?


MORE INFO

Smart Identity Card

European countries establish eID systems, while often debating the privacy benefits anonymous credential systems provide. Are these advanced systems feasible and efficient enough on a standard eID card?


MORE INFO
0123

Cloud topologies are complex!

sample

Whereas ideal topologies of infrastructure clouds are usually shown in a well-ordered model, we discovered that actual production infrastructure have very complex topologies. How can we approach their complexity in tool-supported analysis?

In a real-world analysis performed at IBM Research for a global financial institution, we found that the topology of virtualized infrastructures can yield great complexity.

The configuration of large numbers of hosts, hypervisors, virtual machines, storage systems and networks bears risks for faults and inconsistencies beyond the capability of manual checking.

We concluded that we need automated tools, which not only do this analysis for us, but can be configured freely with an abstract language for security goals.

Relevant Projects

Cloud Security Verification

Security Assurance for Heterogeneous Virtualized Environments (SAVE)

Login

User Menu