Cloud Security Verification

We design an architecture for the verification of infrastructure clouds with respect to security goals. How can automated tools tackle the complexity of cloud topology?


Cloud topologies are complex!

Whereas ideal topologies of infrastructure clouds are usually shown in a well-ordered model, we discovered that actual production infrastructure have very complex topologies. How can we approach their complexity in tool-supported analysis?


Infrastructure Cloud Information Flow Analysis

We pursue the information flow analysis of virtualized infrastructures by graph coloring. Analyzing VM connections, network and storage we ask: How can we discover isolation breaches hidden in the actual configuration?


Smart Identity Card

European countries establish eID systems, while often debating the privacy benefits anonymous credential systems provide. Are these advanced systems feasible and efficient enough on a standard eID card?


Information Security

Information security means the protection of information and information systems.

Security means that the properties confidentiality, integrity and availability (CIA) are fulfilled, considering the dependability and security taxonomy [ALRL2004].

These properties need to be defined with respect to a system, trust and adversary model, and specified in an explicit security goal.

Information can be at rest or in communication, which implies the security of systems as well as protocols and can include hardware security, as well.

Other Interests: [Identity & Privacy]   [Applied Rigorous Methods]

Current Foci: Cloud and Cybercrime Security

  • Cloud Security Verification, which is information security for infrastructure cloud systems. It involves isolation analysis (confidentiality), topology configuration correctness (integrity/availability), and insider attacks (confidentiality, integrity and availability).

  • Cybercrime security (CCCS), which is security against crime committed by or through electronic means. Cybercrime inherently has a physical component as well as a human one.

Related Projects

Selected Papers

Sören Bleikertz, Thomas Groß, and Sebastian Mödersheim. Automated Verification of Virtualized Infrastructures. In Proceedings of the CCS Cloud Security Workshop(CCSW) 2011.

Sören Bleikertz, Thomas Groß, Matthias Schunter, and Konrad Eriksson. Automated Information Flow Analysis of Virtualized Infrastructures. In Proceedings of the European Symposium on Research in Computer Security (ESORICS) 2011.

Thomas Groß, Birgit Pfitzmann and Ahmad-Reza Sadeghi. Browser Model for Security Analysis of Browser-Based Protocols. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS), volume 3679 of Lecture Notes in Computer Science, pages 489-508. Springer-Verlag, Berlin Germany, September 2005.

Thomas Groß. Security analysis of the SAML single sign-on browser/artifact profile. In 19th Annual Computer Security Applications Conference (ACSAC 2003). IEEE Computer Society Press, 2003.


[ALRL2004] A. Avizienis, J.-C. Laprie, B. Randell and C. Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing. 1 (1), Jan. 2004, pp. 11-33.


User Menu