PV4 CloudFORMALchecks common security best-practices and user-specified queries of a cloud configuration

Application domain/field

Type of tool

Security analyser?

Expected input

cfn (CloudFormation) configuration file


.json file

Expected output

.owl file that can be opened, navigated and queried in Protégé. The models are automatically checked against common security best-practices. For each of these properties it will determine whether it is TRUE, FALSE or UNKNOWN. These results are outputted in a .csv file.


Encodes AWS CloudFormation templates into Description Logic models.


Repository: https://github.com/claudiacauli/CloudFORMAL

Related papers

Pre-deployment Security Assessment for Cloud Services Through Semantic Reasoning (CAV '21)

Last publication date

15 July 2021

ProVerB specific

ProVerB is a part of SLEBoK. Last updated: February 2023.