Analyzing Component Composability of Cloud Security Configurations

被引：1

作者：

Muniasamy, Kandasamy ^{[1
]}

Chadha, Rohit ^{[2
]}

Calyam, Prasad ^{[2
]}

Sethumadhavan, M. ^{[1
]}

机构：

[1] Amrita Vishwa Vidyapeetham, TIFAC CORE Cyber Secur, Coimbatore 641112, Tamil Nadu, India

[2] Univ Missouri, Dept Elect Engn & Comp Sci, Columbia, MO 65211 USA

来源：

IEEE ACCESS | 2023年 / 11卷

关键词：

Security; Cognition; Databases; Cloud computing security; Symbols; Large-scale systems; Buildings; Formal concept analysis; Cloud security; composability; formal analysis; policy-based verification;

D O I：

10.1109/ACCESS.2023.3340690

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Security is a major concern when building large-scale computer systems. Cloud services have made it easier to provision large-scale systems on demand over the Internet. While the cloud service providers provide the required building blocks such as compute units, database servers, and storage, customers are still responsible for securely combining these systems to satisfy their organization's security policy. The secure development and operation of such large-scale systems present technical challenges. Composing a larger system using components with known security properties that satisfy a given security policy without re-analyzing the individual components is a difficult problem. In this study, we attempted to analyze the composability of components from a security perspective using first-order predicate logic. We posit that if we build a system using individual components that satisfy a security policy, the composed system will be sound with regard to that policy. Additionally, the methodology can be used to identify drifts or violations during future changes in the system by running checks during the system release cycles for continuous verification.

引用

页码：139935 / 139951

页数：17

共 50 条

[31] Analyzing Security and Privacy issues for Multi-Cloud Service Providers Using Nessus
Singh, Tarlok
Kumar, Ajay
2023 5th International Conference on Electrical, Computer and Communication Technologies, ICECCT 2023, 2023,
[32] Implementation of Cloud Component for Security Monitoring and Comprehensive Guarantee of Identifier Resolution System
Na, Zhongli
Liu, Wei
Li, Kai
2022 3RD INFORMATION COMMUNICATION TECHNOLOGIES CONFERENCE (ICTC 2022), 2022, : 167 - 172
[33] Cloud native security and the security posture of cloud resources
Tejero, Hector
Electronics World, 2023, 128 (2029):
[34] How Do Asynchronous Communication Models Impact the Composability of Information Flow Security?
Gerlach, Lena
Gerking, Christopher
FORMAL ASPECTS OF COMPONENT SOFTWARE, FACS 2024, 2024, 15189 : 127 - 145
[35] Analyzing multiple configurations of a C program
Garrido, A
Johnson, R
ICSM 2005: PROCEEDINGS OF THE 21ST IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE, 2005, : 379 - 388
[36] Security in the Cloud
Anthes, Gary
COMMUNICATIONS OF THE ACM, 2010, 53 (11) : 16 - 18
[37] Analyzing security costs
Mercuri, RT
COMMUNICATIONS OF THE ACM, 2003, 46 (06) : 15 - 18
[38] A rigorous security analysis of a decentralized electronic voting protocol in the universal composability framework
Khazaei, Shahram
Rezaei-Aliabadi, Mehri
JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2018, 43 : 99 - 109
[39] Cloud Computing: Cloud Security to Trusted Cloud
Wu Jiyi
Shen Qianli
Zhang Jianlin
Xie Qi
NEW TRENDS AND APPLICATIONS OF COMPUTER-AIDED MATERIAL AND ENGINEERING, 2011, 186 : 596 - 600
[40] Crowdsourced Exploration of Security Configurations
Ismail, Qatrunnada
Ahmed, Tousif
Kapadia, Apu
Reiter, Michael K.
CHI 2015: PROCEEDINGS OF THE 33RD ANNUAL CHI CONFERENCE ON HUMAN FACTORS IN COMPUTING SYSTEMS, 2015, : 467 - 476

← 1 2 3 4 5 →