Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud

Abstract : The heterogeneity of cloud computing platforms hinders the proper exploitation of cloud technologies since it prevents interoperability, promotes vendor lock-in and makes it very difficult to exploit the well-engineered security mechanisms made available by cloud providers. In this paper, we introduce a technique to help developers to specify and enforce access control policies in cloud applications. The main idea is twofold. First, use a high-level specification language with a formal semantics that allows to answer access requests abstracting from an access control mechanism available in a particular cloud platform. Second, exploit an automated translation mechanism to compute (equivalent) policies that can be enforced in two of the most widely used cloud platforms: AWS and Openstack. We illustrate the technique on a running example and report our experience with a prototype implementation.
Document type :
Conference papers
Complete list of metadatas

Cited literature [12 references]  Display  Hide  Download

https://hal.inria.fr/hal-01649021
Contributor : Hal Ifip <>
Submitted on : Monday, November 27, 2017 - 10:32:30 AM
Last modification on : Monday, November 27, 2017 - 10:33:59 AM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2020-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Umberto Morelli, Silvio Ranise. Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. pp.296-309, ⟨10.1007/978-3-319-58469-0_20⟩. ⟨hal-01649021⟩

Share

Metrics

Record views

68