Cloud Resource Protection via Automated Security Property Reasoning
As cloud computing gains widespread adoption across various industries, securing cloud resources has become a top priority for cloud providers. However, ensuring configuration security among highly interconnected cloud resources is challenging due to the complexities of resource modeling, correlation analysis, and large-scale security checks. To tackle those practical challenges, we propose Security Invariants (SI), a precise, effective, and scalable tool that proactively protects cloud resources by automated security reasoning. We have integrated SI into the rigorous Amazon Web Services (AWS) security review process. Partnered with security engineers and other security scanners, SI periodically scans billions of cloud resources in pre-launch services for potential security risks, maximizing the security guarantees of cloud applications. The continuous assessment of evolving resources not only brings a deep understanding of cloud security risks but also introduces a generalized solution from the holistic security analysis perspective.
Thu 31 OctDisplayed time zone: Pacific Time (US & Canada) change
10:30 - 12:00 | Cloud and Systems Research Papers / Journal-first Papers / Industry Showcase at Carr Chair(s): Amel Bennaceur The Open University, UK | ||
10:30 15mTalk | FaaSConf: QoS-aware Hybrid Resources Configuration for Serverless Workflows Research Papers Yilun Wang Anhui University, Pengfei Chen Sun Yat-sen University, Hui Dou Anhui University, Yiwen Zhang Anhui University, Guangba Yu Sun Yat-sen University, Zilong He Sun Yat-sen University, Haiyu Huang Sun Yat-sen University Pre-print | ||
10:45 15mTalk | Challenges & Opportunities in Automating DBMS: A Qualitative Study Industry Showcase Yifan WANG Orange/ INRIA, Pierre Bourhis University of Lille, Inria, CRIStAL UMR CNRS 9189, Romain Rouvoy University Lille 1 and INRIA, Patrick Royer Orange | ||
11:00 15mTalk | Test-suite-guided discovery of least privilege for cloud infrastructure as code Journal-first Papers DOI | ||
11:15 15mTalk | Microservice Decomposition Techniques: An Independent Tool Comparison Research Papers Yingying Wang University of British Columbia, Sarah Bornais The University of British Columbia, Julia Rubin The University of British Columbia Pre-print | ||
11:30 10mTalk | Towards Long-Term Scientific Model Sustainment at Sandia National Laboratories Industry Showcase Christian Gilbertson Sandia National Labs, Reed Milewicz Sandia National Laboratories, Eric Berquist Sandia National Labs, Aaron Brundage Sandia National Labs, John Engelmann Sandia National Labs, Brian Evans Sandia National Labs, Nicholas Francis Sandia National Labs, Ernest Friedman-Hill Sandia National Labs, Samuel Grayson Sandia National Labs, Evan Harvey Sandia National Labs, Eric Ho Sandia National Labs, Edward Hoffman Sandia National Labs, Kevin Irick Sandia National Labs, Anagha Krishna Sandia National Labs, Aaron Moreno Sandia National Labs, Joshua Teves Sandia National Labs | ||
11:40 10mTalk | Cloud Resource Protection via Automated Security Property Reasoning Industry Showcase Zhixing Xu Amazon Web Services, Shengjian Guo Amazon Web Services, Oksana Tkachuk Amazon Web Services, Saeed Nejati Amazon Web Services, Niloofar Razavi Amazon Web Services, George Argyros Amazon Web Services | ||