The shift to cloud-based APIs has made application security critically depend on understanding and reasoning about policies that regulate access to cloud resources. We present stratified predicate abstraction, a new approach that summarizes complex security policies into a compact set of positive and declarative statements that precisely state who has access to a resource. We have implemented stratified abstraction and deployed it as the engine powering AWS’s IAM Access Analyzer service, and hence, demonstrate how formal methods and SMT can be used for security policy explanation.
CITATION STYLE
Backes, J., Berrueco, U., Bray, T., Brim, D., Cook, B., Gacek, A., … Viswanathan, D. (2020). Stratified Abstraction of Access Control Policies. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12224 LNCS, pp. 165–176). Springer. https://doi.org/10.1007/978-3-030-53288-8_9
Mendeley helps you to discover research relevant for your work.