Pre-deployment Description Logic-based Reasoning for Cloud Infrastructure Security
Naturvetenskap & IT
Claudia Cauli disputerar i ämnet data- och informationsteknik.
Claudia Cauli disputerar i ämnet data- och informationsteknik.
The term cloud is a generic term that denotes the on-demand availability of virtual computer resources such as storage, databases, and computing power. Users purchase these resources following a pay-as-you-use model and use them to build an online infrastructure composed of several smaller pieces. When they do so, we say they are “deploying a cloud infrastructure”. Ensuring that the cloud infrastructure is secure and not vulnerable to attacks is crucial. Ideally, this needs to be done before the resources are deployed, removing any risks of malicious attackers exploiting the system. Unfortunately, securing cloud infrastructure is exceptionally challenging: the infrastructure may be highly complex, and threats could arise virtually anywhere.
In this thesis, we study ways to use mathematical logics to reason about cloud infrastructure security. In particular, we investigate a logic called “description logic,” often used to describe facts about potentially unknown domains, like the exact behavior of each interacting agent. By modeling the cloud as logical formulae, this thesis answers questions like “is a vulnerability potentially present?”, “is a protection certainly in place?”, “what changes can be applied to fix a vulnerability?”. Applying this research to real deployments will increase the trust that users have in the cloud.