We design an architecture for the verification of infrastructure clouds with respect to security goals. How can automated tools tackle the complexity of cloud topology?
Whereas ideal topologies of infrastructure clouds are usually shown in a well-ordered model, we discovered that actual production infrastructure have very complex topologies. How can we approach their complexity in tool-supported analysis?
We pursue the information flow analysis of virtualized infrastructures by graph coloring. Analyzing VM connections, network and storage we ask: How can we discover isolation breaches hidden in the actual configuration?
European countries establish eID systems, while often debating the privacy benefits anonymous credential systems provide. Are these advanced systems feasible and efficient enough on a standard eID card?
I'm researching cryptography applications to identity management, mostly in the areas of privacy-enhancing technology (PET), zero-knowledge proofs of knowledge and anonymous credential systems. My overall goal is to establish a combination of strong authentication and privacy in identity management. Much of my past research has been on IBM's anonymous credential system Identity Mixer. Watch IBM's Identity Mixer YouTube video!. Beyond its integration into standardized identity federation protocols, I've contributed to a highly efficient attribute encoding for resource-constrained environments based on prime numbers and divisibility. I'm a contributor to the Identity Mixer community page.
Read more...I've been researching in how far virtualized infrastructures and clouds can be abstracted sufficiently to allow a systematic analysis of their security properties. In particular, I'm interested in the applications and benefits of formal methods and model checking for large-scale heterogeneous systems. With the IBM Research project Security Assurance for Virtualized Infrastructures (SAVE), we've had some first promising results on verifying isolation properties of a production infrastructure of a global financial institution and continue to explore further properties. This project is a contribution to the validation work package of the FP7 EU project TCLOUDS.
Read more...