Stratified Abstraction of Access Control Policies

The shift to cloud-based APIs has made application security critically depend on understanding and reasoning about policies that regulate access to cloud resources. We present stratified predicate abstraction, a new approach that summarizes complex security policies into a compact set of positive an...

Descripción completa

Detalles Bibliográficos
Autores principales: Backes, John, Berrueco, Ulises, Bray, Tyler, Brim, Daniel, Cook, Byron, Gacek, Andrew, Jhala, Ranjit, Luckow, Kasper, McLaughlin, Sean, Menon, Madhav, Peebles, Daniel, Pugalia, Ujjwal, Rungta, Neha, Schlesinger, Cole, Schodde, Adam, Tanuku, Anvesh, Varming, Carsten, Viswanathan, Deepa
Formato: Online Artículo Texto
Lenguaje:English
Publicado: 2020
Materias:
Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7363185/
http://dx.doi.org/10.1007/978-3-030-53288-8_9
Descripción
Sumario:The shift to cloud-based APIs has made application security critically depend on understanding and reasoning about policies that regulate access to cloud resources. We present stratified predicate abstraction, a new approach that summarizes complex security policies into a compact set of positive and declarative statements that precisely state who has access to a resource. We have implemented stratified abstraction and deployed it as the engine powering AWS’s IAM Access Analyzer service, and hence, demonstrate how formal methods and SMT can be used for security policy explanation .

Ejemplares similares