Title Pre-deployment Description Logic-based Reasoning for Cloud Infrastructure Security
Content The thesis is centered around the practical application of doing formal automated analyses that are in the scope of cloud security reviews. Infrastructure on the cloud is deployed through configuration files. We propose to analyze these code files pre-deployment using logical reasoning. In particular, we investigate the usage of description logics, and how these can be tailored to model and reason about potentially incomplete and uncertain information related to exposure to security vulnerabilities.
Structure of the Thesis The thesis is a compilation thesis. It is organized in an introductory section (Kappa) followed by three chapters based on the following three papers:
- Pre-deployment Security Assessment for Cloud Services Through Semantic Reasoning,
Claudia Cauli, Meng Li, Nir Piterman, Oksana Tkachuk
CAV 2021 – Full Version
- Closed- and Open-world Reasoning in DL-Lite for Cloud Infrastructure Security ,
Claudia Cauli, Magdalena Ortiz, Nir Piterman
KR 2021 – Full Version
- Actions over Core-closed Knowledge Bases ,
Claudia Cauli, Magdalena Ortiz, Nir Piterman
To appear at IJCAR 2022 arXiv