Formal Reasoning About the Security of Amazon Web Services

@inproceedings{Cook2018FormalRA,
  title={Formal Reasoning About the Security of Amazon Web Services},
  author={Byron Cook},
  booktitle={CAV},
  year={2018}
}
  • B. Cook
  • Published in CAV 14 July 2018
  • Computer Science
We report on the development and use of formal verification tools within Amazon Web Services (AWS) to increase the security assurance of its cloud infrastructure and to help customers secure themselves. We also discuss some remaining challenges that could inspire future research in the community. 

Pre-Deployment Security Assessment for Cloud Services through Semantic Reasoning (Extended Abstract)

TLDR
This case study shows that Description Logic modeling and inference capabilities can be used to improve the safety of cloud configurations and develops a tool to encode template files into logic in Amazon Web Services' proprietary declarative language.

An OWASP Top Ten Driven Survey on Web Application Protection Methods

TLDR
The most critical web vulnerabilities according to OWASP Top Ten, their corresponding attacks, and their countermeasures and the application of these countermeasures will guarantee the protection of the WAs against the most severe attacks and prevent several unknown exploits.

Code‐level model checking in the software development workflow at Amazon Web Services

TLDR
A style of applying symbolic model checking developed over the course of four years at Amazon Web Services is described, finding that it can prove the correctness of industrial low‐level C‐based systems with reasonable effort and predictability.

Code-Level Model Checking in the Software Development Workflow

  • Nathan ChongB. Cook M. Tuttle
  • Computer Science
    2020 IEEE/ACM 42nd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)
  • 2020
TLDR
This experience report describes a style of applying symbolic model checking developed over the course of four years at Amazon Web Services that can prove the correctness of industrial low-level C-based systems with reasonable effort and predictability.

Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities

TLDR
This work identifies a security vulnerability that occurs during an upgrade even when the initial and final states of the infrastructure are secure, and shows that those vulnerability are possible in Amazon’s AWS and Google Cloud.

Actions over Core-closed Knowledge Bases

TLDR
An action language to model mutating actions, that is, actions that change the structural configuration of a given deployment by adding, modifying, or deleting resources, is introduced.

Better Counterexamples for Dafny

TLDR
An open-source tool is introduced that transforms counterexamples generated by the SMT solver to a more userfriendly format that maps to the Dafny syntax and is suitable for further processing.

CoVeriTeam: On-Demand Composition of Cooperative Verification Systems

TLDR
CoVeriTeam is a language and tool for on-demand composition of cooperative approaches that provides a systematic and modular way to combine existing tools in order to leverage their full potential.

Scaling static analyses at Facebook

Key lessons for designing static analyses tools deployed to find bugs in hundreds of millions of lines of code.

Verification Witnesses

TLDR
The conceptual principles of verification witnesses are presented, a description of how to use them is given, a technical specification of the exchange format for witnesses is provided, and an extensive experimental study on the application of witness-based result validation is performed, using the validators CPAchecker, UAutomizer, CPA-witness2test, and FShell-wITNESS2test.
...

References

SHOWING 1-10 OF 36 REFERENCES

Verifying cloud services: present and future

TLDR
G gaps in existing cloud technology in terms of the verification tools provided to users are identified and challenges and new research directions that can help bridge these gaps are discussed.

How Amazon web services uses formal methods

TLDR
Engineers use TLA+ to prevent serious but subtle bugs from reaching production and find ways to reduce the number of bugs in the final product.

Design and validation of a trust-based opportunity-enabled risk management system

TLDR
This paper presents a methodology called opportunity-enabled risk management (OPPRIM), which supports the decision-making process in access control to remote corporate assets, which relies on a logic-based risk policy model combining estimations of trust, threats and opportunities.

Nagini: A Static Verifier for Python

TLDR
Nagini is an automated, modular verifier for statically-typed, concurrent Python 3 programs, built on the Viper verification infrastructure, that can verify memory safety, functional properties, termination, deadlock freedom, and input/output behavior.

Software Verification and System Assurance

  • J. Rushby
  • Computer Science
    2009 Seventh IEEE International Conference on Software Engineering and Formal Methods
  • 2009
TLDR
The idea that software may be possibly perfect and that the authors can contemplate its probability of (im)perfection is reviewed and shown how it provides a bridge between correctness, which is the goal of software verification (and especially formal verification), and the probabilistic properties such as reliability that are the targets for system-level assurance.

JaVerT: JavaScript verification toolchain

TLDR
This work introduces JaVerT, a semi-automatic JavaScript Verification Toolchain, based on separation logic and aimed at the specialist developer wanting rich, mechanically verified specifications of critical JavaScript code.

Reasoning about Probabilistic Defense Mechanisms against Remote Attacks

TLDR
This paper argues that by representing security notions in this setting as events in probabilistic games, similarly as done with cryptographic security definitions, concrete and asymptotic guarantees can be obtained against realisticattackers.

Model checking boot code from AWS data centers

TLDR
CBMC is now the first source-level static analysis tool to extract the memory layout described in a linker script for use in its analysis, and it is proved that the initial boot code running in data centers at Amazon Web Services is memory safe.

The Meaning of Attack-Resistant Programs

TLDR
This paper introduces a formal notion of partial compliance of a computer program w.r.t a nonexploitability specification and discusses informally why an enhancement to PointGuard complies with the attack-resistance definition.

CloudSDV Enabling Static Driver Verifier Using Microsoft Azure

TLDR
The experience of enabling Static Driver Verifier to use the Microsoft Azure cloud computing platform and the results of using CloudSDV on single drivers and driver suites using various configurations of the cloud relative to a local machine are described.