How can we specify high-level security goals for clouds and be sure that the infrastructure actually fulfills the goals?
Presented at the EU Cyber Security and Privacy Forum 2012.
Scaling API-first – The story of a global engineering organization
VALID Rules - A language for cloud verification (EU CSP\’12)
1. VALID Rules
A Language for Cloud Security
Dr. Thomas Gross
joint work with
Sören Bleikertz, IBM Research
Sebastian Mödersheim, DTU Informatics
[Work partially done while at IBM Research - Zurich]
3. A Tale of a Bank's Private Cloud
Bank offloads IT to (private) cloud
Isolation of security zones
Network:
VLAN isolation
Storage:
Backup
Different storage volumes High Zone
Compute: Security
Covert-channels Low
unconsidered Security
[Photo:http://www.flickr.com/photos/teegardin/5737823348/]
4. The Ideal World: Cloud Topology
D0 VM1 VM2 D0 VM1 VM2 D0 VM1 VM2 VMs
Xen VMWare System p Hypervisors
HW HW HW
vSwitch vSwitch vSwitch Virtual Net
pSwitch Physical Net
S1 S2 Storage
WAN Global Net
5. The Real World
1,300 VMs
25,000 Nodes
30,000 Edges
[Data from a customer case study with a global financial institution]
6. Combat Against Complexity
Our Opponent
Complex Topology
Multi-tenancy
Changing System
Our Battle Plan
Versatile Tool Chain
Free Specification
of Security Goals
“Days of a startup”
http://www.flickr.com/photos/tangysd/
7. How to specify security goals?
[A Virtualization Assurance Language for Isolation and Deployment; POLICY'11]
25. Problem Solvers
Dynamic Problem Solvers: AVANTSSAR platform
Input: ASLan/IF (basis of VALID)
OFMC
SAT-MC
Cl-AtSe
Static Problem Solvers:
Input: proprietary language for first-order logic
SPASS
ProVerif
SuccintSolver
26. Verification of Zone Isolation
The Challenge
Three security zones Test, Base, High
Multiple VMs in each zone (contains(zone, vm))
Network isolation realized using VLANs
Input: Policy and information flow graph
Output: Isolation breach
28. VALID Rules for Goal Specification
Expressive Policy Language
Pattern matching on positive facts
Logical predicates as constraints
Efficient Verification with Versatile Tool Chain
Next Big Step: Dynamic Problems
29. Get in Touch!
thomas.gross@ncl.ac.uk
Thomas Gross http://www.thomasgross.net
Computing Science@
http://www.cs.ncl.ac.uk
http://cccs.ncl.ac.uk