Automated Verification of Virtualized Infrastructures

Publication: Research - peer-reviewArticle in proceedings – Annual report year: 2011

View graph of relations

Virtualized infrastructures and clouds present new challenges for security analysis and formal verification: they are complex environments that continuously change their shape, and that give rise to non-trivial security goals such as isolation and failure resilience requirements. We present a platform that connects declarative and expressive description languages with state-of-the art verification methods. The languages integrate homogeneously descriptions of virtualized infrastructures, their transformations, their desired goals, and evaluation strategies. The different verification tools range from model checking to theorem proving; this allows us to exploit the complementary strengths of methods, and also to understand how to best represent the analysis problems in different contexts. We consider first the static case where the topology of the virtual infrastructure is fixed and demonstrate that our platform allows for the declarative specification of a large class of properties. Even though tools that are specialized to checking particular properties perform better than our generic approach, we show with a real-world case study that our approach is practically feasible. We finally consider also the dynamic case where the intruder can actively change the topology (by migrating machines). The combination of a complex topology and changes to it by an intruder is a problem that lies beyond the scope of previous analysis tools and to which we can give first positive verification results.
Original languageEnglish
Title of host publicationCCSW '11 Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Publication date2011
ISBN (print)978-1-4503-1004-8
StatePublished - 2011
EventACM workshop on Cloud computing security workshop - Chicago, Illinois, USA


ConferenceACM workshop on Cloud computing security workshop
CityChicago, Illinois, USA
Period01/01/2011 → …

Bibliographical note

© ACM, 2011. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CCSW'11,

CitationsWeb of Science® Times Cited: No match on DOI


  • Assurance, Formal specification, Virtualization, Cloud, Isolation, Information flow, System verification
Download as:
Download as PDF
Select render style:
Download as HTML
Select render style:
Download as Word
Select render style:

Download statistics

No data available

ID: 6312616