Reachability analysis for AWS-based networks
Paper i proceeding, 2019

Cloud services provide the ability to provision virtual networked infrastructure on demand over the Internet. The rapid growth of these virtually provisioned cloud networks has increased the demand for automated reasoning tools capable of identifying misconfigurations or security vulnerabilities. This type of automation gives customers the assurance they need to deploy sensitive workloads. It can also reduce the cost and time-to-market for regulated customers looking to establish compliance certification for cloud-based applications. In this industrial case-study, we describe a new network reachability reasoning tool, called Tiros, that uses off-the-shelf automated theorem proving tools to fill this need. Tiros is the foundation of a recently introduced network security analysis feature in the Amazon Inspector service now available to millions of customers building applications in the cloud. Tiros is also used within Amazon Web Services (AWS) to automate the checking of compliance certification and adherence to security invariants for many AWS services that build on existing AWS networking features.

Författare

John Backes

Amazon

Sam Bayless

University of British Columbia (UBC)

Amazon

Byron Cook

Amazon

University College London (UCL)

Catherine Dodge

Amazon

Andrew Gacek

Amazon

Alan J. Hu

University of British Columbia (UBC)

Temesghen Kahsai

Amazon

Bill Kocik

Amazon

Evgenii Kotelnikov

Chalmers, Data- och informationsteknik, Formella metoder

Amazon

Forskning Andra publikationer

Jure Kukovec

Technische Universität Wien

Amazon

Sean McLaughlin

Amazon

Jason Reed

Semmle Inc

Neha Rungta

Amazon

John Sizemore

Amazon

Mark Stalzer

Amazon

Preethi Srinivasan

Amazon

Pavle Subotić

University College London (UCL)

Amazon

Carsten Varming

Amazon

Blake Whaley

Amazon

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 11562 LNCS 231-241
978-303025542-8 (ISBN)

31st International Conference on Computer Aided Verification, CAV 2019
New York, USA,

Ämneskategorier

Kommunikationssystem

Datavetenskap (datalogi)

Datorsystem

DOI

10.1007/978-3-030-25543-5_14

Publikationsdata kopplat till DOI

Mer information

Senast uppdaterat

2019-11-11

Feedback och support

Om du har frågor, behöver hjälp, hittar en bugg eller vill ge feedback kan du göra det här nedan. Du når oss också direkt per e-post research.lib@chalmers.se.

Om tjänsten

Research.chalmers.se innehåller information om forskning på Chalmers, publikationer och projekt inklusive information om finansiärer och samarbetspartners.

Läs mer om tjänsten, täckningsgrad och vilka som kan se informationen

Personuppgifter och cookies

Tillgänglighet

Citation Style Language
citeproc-js (Frank Bennett)

Länkar

Chalmers bibliotek
Chalmers forskning
Chalmers examensarbeten

Chalmers tekniska högskola

412 96 GÖTEBORG
TELEFON: 031-772 10 00
WWW.CHALMERS.SE