27 research outputs found
Formal reasoning about the security of amazon web services
We report on the development and use of formal verification tools within Amazon Web Services (AWS) to increase the security assurance of its cloud infrastructure and to help customers secure themselves. We also discuss some remaining challenges that could inspire future research in the community
Thoughts about using Constraint Solvers in Action
SMT solvers power many automated security analysis tools today. Nevertheless, a smooth integration of SMT solvers into programs is still a challenge that lead to different approaches for doing it the right way. In this paper, we review the state of the art for interacting with constraint solvers. Based on the different ideas found in literature we deduce requirements for a constraint solving service simplifying the integration challenge. We identify that for some of those ideas, it is required to run large scale experiments for evaluating some of the ideas behind the requirements empirically. We show that the platform is capable of running such an experiment for the case of measuring the impacts of seeds on the solver runtime
The development and deployment of formal methods in the UK
UK researchers have made major contributions to the technical ideas
underpinning formal approaches to the specification and development of computer
systems. Perhaps as a consequence of this, some of the significant attempts to
deploy theoretical ideas into practical environments have taken place in the
UK. The authors of this paper have been involved in formal methods for many
years and both have tracked a significant proportion of the whole story. This
paper both lists key ideas and indicates where attempts were made to use the
ideas in practice. Not all of these deployment stories have been a complete
success and an attempt is made to tease out lessons that influence the
probability of long-term impact.Comment: This work has been submitted to the IEEE for possible publication.
Copyright may be transferred without notice, after which this version may no
longer be accessibl
Improving Cloud Governance by Increasing Observability
Rise in popularity of Cloud computing has introduced new challenges for IT-governance. The multitude of different services and possible configurations Cloud providers offer can make it hard to get a comprehensive overview of the environment. To successfully govern an organisations Cloud environment it is important to be able to easily make accurate and reliable observations of the environments state, security, and changes to the configurations.
This thesis takes a look into the research literature to find out what kinds of risks have been identified in governing the Cloud environment and ways to mitigate them. One of the latest advancements in improving the Cloud governance is the introduction of automated formal reasoning tools for configuration analysis.
One customer case where multiple vendors are building services on multiple cloud accounts is used as an example. Architecture for application, security, and audit log collection, indexing, and monitoring is described. Special attention is given to the identity and access management requirements. The thesis concludes with the assessment of the selected approach and tools and services used to implement it. Some alternative solutions, possible improvements, and further development to the implementation are considered
Code-level model checking in the software development workflow at Amazon Web Services
This article describes a style of applying symbolic model checking developed over the course of four years at Amazon Web Services (AWS). Lessons learned are drawn from proving properties of numerous Cābased systems, for example, custom hypervisors, encryption code, boot loaders, and an IoT operating system. Using our methodology, we find that we can prove the correctness of industrial lowālevel Cābased systems with reasonable effort and predictability. Furthermore, AWS developers are increasingly writing their own formal specifications. As part of this effort, we have developed a CI system that allows integration of the proofs into standard development workflows and extended the proof tools to provide better feedback to users. All proofs discussed in this article are publicly available on GitHub
Checking Trustworthiness of Probabilistic Computations in a Typed Natural Deduction System
In this paper we present the probabilistic typed natural deduction calculus
TPTND, designed to reason about and derive trustworthiness properties of
probabilistic computational processes, like those underlying current AI
applications. Derivability in TPTND is interpreted as the process of extracting
samples of possibly complex outputs with a certain frequency from a given
categorical distribution. We formalize trust for such outputs as a form of
hypothesis testing on the distance between such frequency and the intended
probability. The main advantage of the calculus is to render such notion of
trustworthiness checkable. We present a computational semantics for the terms
over which we reason and then the semantics of TPTND, where logical operators
as well as a Trust operator are defined through introduction and elimination
rules. We illustrate structural and metatheoretical properties, with particular
focus on the ability to establish under which term evolutions and logical rules
applications the notion of trustworhtiness can be preserved
Parameter Synthesis for Markov Models
Markov chain analysis is a key technique in reliability engineering. A
practical obstacle is that all probabilities in Markov models need to be known.
However, system quantities such as failure rates or packet loss ratios, etc.
are often not---or only partially---known. This motivates considering
parametric models with transitions labeled with functions over parameters.
Whereas traditional Markov chain analysis evaluates a reliability metric for a
single, fixed set of probabilities, analysing parametric Markov models focuses
on synthesising parameter values that establish a given reliability or
performance specification . Examples are: what component failure rates
ensure the probability of a system breakdown to be below 0.00000001?, or which
failure rates maximise reliability? This paper presents various analysis
algorithms for parametric Markov chains and Markov decision processes. We focus
on three problems: (a) do all parameter values within a given region satisfy
?, (b) which regions satisfy and which ones do not?, and (c)
an approximate version of (b) focusing on covering a large fraction of all
possible parameter values. We give a detailed account of the various
algorithms, present a software tool realising these techniques, and report on
an extensive experimental evaluation on benchmarks that span a wide range of
applications.Comment: 38 page