Amazon Web Services Testing Two ‘Provable’ Security Tools

To help its Amazon Web Services customers keep their data secure, the AWS Automated Reasoning Group is beta-testing two new tools, Zelkova and Tiros, which analyze security configurations, provide automated feedback on various set-ups and help administrators avoid mistakes that could endanger their data. Tiros focuses on checking for “unexpected access from the open Internet,” and Zelkova aids developers in understanding how permissive their setups are compared to existing infrastructure.

Wired reports that, “Zelkova also uses automated logic to play configurations out to their possible extremes.”

“What we’re hoping to achieve is to get a kind of provable security out of our systems,” said Bridgewater Associates security architect Greg Frascadore, whose company has been testing the new tools.


“By provable security I don’t mean that what we get out is infallible security. Instead what we’re trying to get is a formal analysis, and a methodical way that we have gone about verifying that the security controls we put into place are working the way we think they’re working. Our security objective here is to stop data exfiltration from AWS.” He added that, “a very important thing about these tools is that you can verify things during the design stage.”

“One of the things that we would really like is be able to do is security verification before we make a change to the actual AWS infrastructure, so before we put a vulnerability into the account,” he said.

Frascadore and Bridgewater technology/security lead Tim Kropp also reported that, “Tiros and Zelkova are still bare bones internal tools, with complicated and unfriendly user interfaces.” AWS will not reveal whether these tools will be more broadly distributed but “noted that Zelkova is already used in the S3 dashboard for automatic checks for things like which buckets can be publicly accessed.”

Wired opines that, just the fact that AWS is openly discussing the tools is “an indicator that the organization is seriously considering the best ways to deploy them.”

AWS vice president of security engineering/chief information officer Stephen Schmidt stated that his security goal for every company vice president is to “radically restrict and monitor human access to data.”

“The number that I used was 80 percent reduction in human access to data,” he said. “And the reaction I got from people was ‘you’re insane, this is impossible.’ And that is exactly why I chose that number, because it is impossible to achieve without automation. The goal is to guide people to build tools for things that they would otherwise do by hand.”

Aside from Tiros and Zelkova, “Schmidt wants AWS to keep building out mechanisms that protect customers in all different ways.” “Often organizations give their administrators excessive access to data because it’s the easiest thing to do, it’s the most convenient thing to do,” Schmidt said. “And I feel really, really strongly that we need to as an industry be draconian about restricting that access when it’s not absolutely necessary. If you keep the humans away from the data, you remove whole classes of attack.”