Nordic Journal of Computing
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Logic in Computer Science: Modelling and Reasoning about Systems
Logic in Computer Science: Modelling and Reasoning about Systems
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Network configuration management via model finding
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
SAT-based model-checking for security protocols analysis
International Journal of Information Security
CADE-22 Proceedings of the 22nd International Conference on Automated Deduction
A toolkit for automating and visualizing VLAN configuration
Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
Security audits of multi-tier virtual infrastructures in public infrastructure clouds
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Automated information flow analysis of virtualized infrastructures
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Lucy in the sky without diamonds: Stealing confidential data in the cloud
DSNW '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops
A Virtualization Assurance Language for Isolation and Deployment
POLICY '11 Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks
RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications
| Hi-index | 0.00 |
Virtualized infrastructures and clouds present new challenges for security analysis and formal verification: they are complex environments that continuously change their shape, and that give rise to non-trivial security goals such as isolation and failure resilience requirements. We present a platform that connects declarative and expressive description languages with state-of-the art verification methods. The languages integrate homogeneously descriptions of virtualized infrastructures, their transformations, their desired goals, and evaluation strategies. The different verification tools range from model checking to theorem proving; this allows us to exploit the complementary strengths of methods, and also to understand how to best represent the analysis problems in different contexts. We consider first the static case where the topology of the virtual infrastructure is fixed and demonstrate that our platform allows for the declarative specification of a large class of properties. Even though tools that are specialized to checking particular properties perform better than our generic approach, we show with a real-world case study that our approach is practically feasible. We finally consider also the dynamic case where the intruder can actively change the topology (by migrating machines). The combination of a complex topology and changes to it by an intruder is a problem that lies beyond the scope of previous analysis tools and to which we can give first positive verification results.