Security Posture Analysis

A cloud environment, such as Oracle Cloud, allows to protect a deployed application and its assets using a multitude of security measures including encryption, authentication, identity and access control, network segmentation. However, even though these security measures can in general provide strong security guarantees, configuration of these mechanisms is complex issue. As a result, misconfigured or overly permissive policies can lead to security breaches. Due to the fragmented nature of security configurations, security analysis of a deployed application is not straightforward. The tools targeting individual components exist, however, they cannot analyse interactions between different policies. To address this issue, we developed an intermediate representation that allows to model the different security policies as a single system and an associated policy language capable of analysing the security posture of a cloud application in its entirety using assertions based on first-order logic.