In order to achieve ’Security by Design’ ^[10] there needs to be a solution to the problem of security verification in the early phase of a software development life cycle. This paper proposes a system to assist with this verification in the context of composable systems, such as cloud based solutions. The system verifies functional specifications, such as TOSCA templates commonly used in cloud systems. The verification is performed using logic rewriting in the Maude language. The presentation will discuss how logic rewriting is ideally suited to provide essential security guidance to a cloud implementer.

^[10] Howard M and LeBlanc D. 2003. Writing Secure Code. 2nd ed. (2003), 768.

Douglas Millward is a Ph.D. student at the University of Essex, ably advised by Prof. Martin Reed and Dr. Nkaepe Olaniyi. Doug started his research later in life than many, after a successful career in academia and industry, developing, designing, teaching, and consulting on a variety of systems from traditional infrastructure to the cloud and IoT systems. Nkaepe has a BEng (Hons) in Electrical and Electronics Engineering and a Ph.D. in Optoelectronics, both from the University of Leeds. She heads up the Computing department of the University of Essex Online (Kaplan Open Learning). Her research interests lie in pedagogy in STEM, security regulations, and network security, with various publications in these areas. Martin Reed is a full professor in the School of Computer Science and Electronic Engineering at the University of Essex, UK. He has been awarded research funding by UK research councils, Industry, and EU research programmes in areas such as network/communication security, IoT security, future Internet architectures, optical network control planes, and media transportation over networks, leading to over 100 peer-reviewed papers. His work has resulted in patents, international impact, and inclusion in standards by ITU, IETF and 3GPP.