Security Assurance for Virtualized Environments (SAVE)

I've been researching in how far virtualized infrastructures and clouds can be abstracted sufficiently to allow a systematic analysis of their security properties. In particular, I'm interested in the applications and benefits of formal methods and model checking for large-scale heterogeneous systems. With the IBM Research project Security Assurance for Virtualized Infrastructures (SAVE), we've had some first promising results on verifying isolation properties of a production infrastructure of a global financial institution and continue to explore further properties. This project is a contribution to the validation work package of the FP7 EU project TCLOUDS.

Impact

The research prototype of our cloud security assurance analysis has been transferred to IBM as part of the IBM PowerSC Trusted Surveyor product in 2012. The research started during my time at IBM Research and continued in an industry collaboration at Newcastle.

Selected Paper

Sören Bleikertz, Thomas Groß, Matthias Schunter, and Konrad Eriksson. Automated Information Flow Analysis of Virtualized Infrastructures. In proceedings or the European Symposium on Research in Computer Security (ESORICS) 2011.