Cargando…
Stratified Abstraction of Access Control Policies
The shift to cloud-based APIs has made application security critically depend on understanding and reasoning about policies that regulate access to cloud resources. We present stratified predicate abstraction, a new approach that summarizes complex security policies into a compact set of positive an...
| Autores principales: | , , , , , , , , , , , , , , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7363185/ http://dx.doi.org/10.1007/978-3-030-53288-8_9 |
| _version_ | 1783559619576070144 |
|---|---|
| author | Backes, John Berrueco, Ulises Bray, Tyler Brim, Daniel Cook, Byron Gacek, Andrew Jhala, Ranjit Luckow, Kasper McLaughlin, Sean Menon, Madhav Peebles, Daniel Pugalia, Ujjwal Rungta, Neha Schlesinger, Cole Schodde, Adam Tanuku, Anvesh Varming, Carsten Viswanathan, Deepa |
| author_facet | Backes, John Berrueco, Ulises Bray, Tyler Brim, Daniel Cook, Byron Gacek, Andrew Jhala, Ranjit Luckow, Kasper McLaughlin, Sean Menon, Madhav Peebles, Daniel Pugalia, Ujjwal Rungta, Neha Schlesinger, Cole Schodde, Adam Tanuku, Anvesh Varming, Carsten Viswanathan, Deepa |
| author_sort | Backes, John |
| collection | PubMed |
| description | The shift to cloud-based APIs has made application security critically depend on understanding and reasoning about policies that regulate access to cloud resources. We present stratified predicate abstraction, a new approach that summarizes complex security policies into a compact set of positive and declarative statements that precisely state who has access to a resource. We have implemented stratified abstraction and deployed it as the engine powering AWS’s IAM Access Analyzer service, and hence, demonstrate how formal methods and SMT can be used for security policy explanation . |
| format | Online Article Text |
| id | pubmed-7363185 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-73631852020-07-16 Stratified Abstraction of Access Control Policies Backes, John Berrueco, Ulises Bray, Tyler Brim, Daniel Cook, Byron Gacek, Andrew Jhala, Ranjit Luckow, Kasper McLaughlin, Sean Menon, Madhav Peebles, Daniel Pugalia, Ujjwal Rungta, Neha Schlesinger, Cole Schodde, Adam Tanuku, Anvesh Varming, Carsten Viswanathan, Deepa Computer Aided Verification Article The shift to cloud-based APIs has made application security critically depend on understanding and reasoning about policies that regulate access to cloud resources. We present stratified predicate abstraction, a new approach that summarizes complex security policies into a compact set of positive and declarative statements that precisely state who has access to a resource. We have implemented stratified abstraction and deployed it as the engine powering AWS’s IAM Access Analyzer service, and hence, demonstrate how formal methods and SMT can be used for security policy explanation . 2020-06-13 /pmc/articles/PMC7363185/ http://dx.doi.org/10.1007/978-3-030-53288-8_9 Text en © The Author(s) 2020 Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. |
| spellingShingle | Article Backes, John Berrueco, Ulises Bray, Tyler Brim, Daniel Cook, Byron Gacek, Andrew Jhala, Ranjit Luckow, Kasper McLaughlin, Sean Menon, Madhav Peebles, Daniel Pugalia, Ujjwal Rungta, Neha Schlesinger, Cole Schodde, Adam Tanuku, Anvesh Varming, Carsten Viswanathan, Deepa Stratified Abstraction of Access Control Policies |
| title | Stratified Abstraction of Access Control Policies |
| title_full | Stratified Abstraction of Access Control Policies |
| title_fullStr | Stratified Abstraction of Access Control Policies |
| title_full_unstemmed | Stratified Abstraction of Access Control Policies |
| title_short | Stratified Abstraction of Access Control Policies |
| title_sort | stratified abstraction of access control policies |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7363185/ http://dx.doi.org/10.1007/978-3-030-53288-8_9 |
| work_keys_str_mv | AT backesjohn stratifiedabstractionofaccesscontrolpolicies AT berruecoulises stratifiedabstractionofaccesscontrolpolicies AT braytyler stratifiedabstractionofaccesscontrolpolicies AT brimdaniel stratifiedabstractionofaccesscontrolpolicies AT cookbyron stratifiedabstractionofaccesscontrolpolicies AT gacekandrew stratifiedabstractionofaccesscontrolpolicies AT jhalaranjit stratifiedabstractionofaccesscontrolpolicies AT luckowkasper stratifiedabstractionofaccesscontrolpolicies AT mclaughlinsean stratifiedabstractionofaccesscontrolpolicies AT menonmadhav stratifiedabstractionofaccesscontrolpolicies AT peeblesdaniel stratifiedabstractionofaccesscontrolpolicies AT pugaliaujjwal stratifiedabstractionofaccesscontrolpolicies AT rungtaneha stratifiedabstractionofaccesscontrolpolicies AT schlesingercole stratifiedabstractionofaccesscontrolpolicies AT schoddeadam stratifiedabstractionofaccesscontrolpolicies AT tanukuanvesh stratifiedabstractionofaccesscontrolpolicies AT varmingcarsten stratifiedabstractionofaccesscontrolpolicies AT viswanathandeepa stratifiedabstractionofaccesscontrolpolicies |