Reachability analysis for AWS-based networks
Paper i proceeding, 2019

Cloud services provide the ability to provision virtual networked infrastructure on demand over the Internet. The rapid growth of these virtually provisioned cloud networks has increased the demand for automated reasoning tools capable of identifying misconfigurations or security vulnerabilities. This type of automation gives customers the assurance they need to deploy sensitive workloads. It can also reduce the cost and time-to-market for regulated customers looking to establish compliance certification for cloud-based applications. In this industrial case-study, we describe a new network reachability reasoning tool, called Tiros, that uses off-the-shelf automated theorem proving tools to fill this need. Tiros is the foundation of a recently introduced network security analysis feature in the Amazon Inspector service now available to millions of customers building applications in the cloud. Tiros is also used within Amazon Web Services (AWS) to automate the checking of compliance certification and adherence to security invariants for many AWS services that build on existing AWS networking features.

Författare

John Backes

Amazon

Sam Bayless

University of British Columbia (UBC)

Amazon

Byron Cook

Amazon

University College London (UCL)

Catherine Dodge

Amazon

Andrew Gacek

Amazon

Alan J. Hu

University of British Columbia (UBC)

Temesghen Kahsai

Amazon

Bill Kocik

Amazon

Evgenii Kotelnikov

Chalmers, Data- och informationsteknik, Formella metoder

Amazon

Jure Kukovec

Technische Universität Wien

Amazon

Sean McLaughlin

Amazon

Jason Reed

Semmle Inc

Neha Rungta

Amazon

John Sizemore

Amazon

Mark Stalzer

Amazon

Preethi Srinivasan

Amazon

Pavle Subotić

University College London (UCL)

Amazon

Carsten Varming

Amazon

Blake Whaley

Amazon

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 11562 LNCS 231-241

31st International Conference on Computer Aided Verification, CAV 2019
New York, USA,

Ämneskategorier

Kommunikationssystem

Datavetenskap (datalogi)

Datorsystem

DOI

10.1007/978-3-030-25543-5_14

Mer information

Senast uppdaterat

2019-11-11