Stratified Abstraction of Access Control Policies

John Backes; Ulises Berrueco; Tyler Bray; Daniel Brim; Byron Cook; Andrew Gacek; Ranjit Jhala; Kasper Luckow; Sean McLaughlin; Madhav Menon; Daniel Peebles; Ujjwal Pugalia; Neha Rungta; Cole Schlesinger; Adam Schodde; Anvesh Tanuku; Carsten Varming; Deepa Viswanathan

Conference ProceedingsOPEN ACCESS

Stratified Abstraction of Access Control Policies

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2020) 12224 LNCS 165-176

DOI: 10.1007/978-3-030-53288-8_9

6Citations

8Readers

Abstract

The shift to cloud-based APIs has made application security critically depend on understanding and reasoning about policies that regulate access to cloud resources. We present stratified predicate abstraction, a new approach that summarizes complex security policies into a compact set of positive and declarative statements that precisely state who has access to a resource. We have implemented stratified abstraction and deployed it as the engine powering AWS’s IAM Access Analyzer service, and hence, demonstrate how formal methods and SMT can be used for security policy explanation.

Cite

CITATION STYLE

APA

Backes, J., Berrueco, U., Bray, T., Brim, D., Cook, B., Gacek, A., … Viswanathan, D. (2020). Stratified Abstraction of Access Control Policies. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12224 LNCS, pp. 165–176). Springer. https://doi.org/10.1007/978-3-030-53288-8_9

Stratified Abstraction of Access Control Policies

Abstract

Cite

Register to see more suggestions