Actions over Core-closed Knowledge Bases
Abstract
We present new results on the application of semantic- and knowledge-based reasoning techniques to the analysis of cloud deployments. In particular, to the security of Infrastructure as Code configuration files, encoded as description logic knowledge bases. We introduce an action language to model mutating actions; that is, actions that change the structural configuration of a given deployment by adding, modifying, or deleting resources. We mainly focus on two problems: the problem of determining whether the execution of an action, no matter the parameters passed to it, will not cause the violation of some security requirement (static verification), and the problem of finding sequences of actions that would lead the deployment to a state where (un)desirable properties are (not) satisfied (plan existence and plan synthesis). For all these problems, we provide definitions, complexity results, and decision procedures.
Citation
Proceedings of the 11th International Joint Conference on Automated Reasoning
View/ Open
Date
2022Author
Cauli, Claudia
Ortiz, Magdalena
Piterman, Nir
Publication type
conference paper, peer reviewed
Language
eng