Cloud Security Verification

We design an architecture for the verification of infrastructure clouds with respect to security goals. How can automated tools tackle the complexity of cloud topology?


MORE INFO

Cloud topologies are complex!

Whereas ideal topologies of infrastructure clouds are usually shown in a well-ordered model, we discovered that actual production infrastructure have very complex topologies. How can we approach their complexity in tool-supported analysis?


MORE INFO

Infrastructure Cloud Information Flow Analysis

We pursue the information flow analysis of virtualized infrastructures by graph coloring. Analyzing VM connections, network and storage we ask: How can we discover isolation breaches hidden in the actual configuration?


MORE INFO

Smart Identity Card

European countries establish eID systems, while often debating the privacy benefits anonymous credential systems provide. Are these advanced systems feasible and efficient enough on a standard eID card?


MORE INFO
0123

Cloud Security Verification

Architecture for static cloud verification

We design an architecture for the verification of infrastructure clouds with respect to security goals. How can automated tools tackle the complexity of cloud topology?

Virtualized infrastructures can yield great complexity. Even one considers the topology of an infrastructure, that is, how hypervisors, virtual machines, networks and storages are connected, we face a complex configuration problem. How can we be sure that the system is configured correctly and securely?

We created a system to verify security properties of infrastructure clouds against abstract security goals. The system analyzes the actual configuration of the virtualized infrastructure (real state) and obtains a graph model. It receives security goals in the language VALID as input to check against (ideal state). Form that, it compiles problem instances for problem solvers, that is model checkers and first-order logic solvers. So to say, it creates hard nuts to crack for standard analysis tools.

Relevant Projects

Cloud Security Verification

Security Assurance for Heterogeneous Virtualized Environments (SAVE)

Login

User Menu