We design an architecture for the verification of infrastructure clouds with respect to security goals. How can automated tools tackle the complexity of cloud topology?
Virtualized infrastructures can yield great complexity. Even one considers the topology of an infrastructure, that is, how hypervisors, virtual machines, networks and storages are connected, we face a complex configuration problem. How can we be sure that the system is configured correctly and securely?
We created a system to verify security properties of infrastructure clouds against abstract security goals. The system analyzes the actual configuration of the virtualized infrastructure (real state) and obtains a graph model. It receives security goals in the language VALID as input to check against (ideal state). Form that, it compiles problem instances for problem solvers, that is model checkers and first-order logic solvers. So to say, it creates hard nuts to crack for standard analysis tools.