Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud

Abstract : The heterogeneity of cloud computing platforms hinders the proper exploitation of cloud technologies since it prevents interoperability, promotes vendor lock-in and makes it very difficult to exploit the well-engineered security mechanisms made available by cloud providers. In this paper, we introduce a technique to help developers to specify and enforce access control policies in cloud applications. The main idea is twofold. First, use a high-level specification language with a formal semantics that allows to answer access requests abstracting from an access control mechanism available in a particular cloud platform. Second, exploit an automated translation mechanism to compute (equivalent) policies that can be enforced in two of the most widely used cloud platforms: AWS and Openstack. We illustrate the technique on a running example and report our experience with a prototype implementation.
Type de document :
Communication dans un congrès
Sabrina De Capitani di Vimercati; Fabio Martinelli. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-502, pp.296-309, 2017, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-58469-0_20〉
Liste complète des métadonnées

Littérature citée [13 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01649021
Contributeur : Hal Ifip <>
Soumis le : lundi 27 novembre 2017 - 10:32:30
Dernière modification le : lundi 27 novembre 2017 - 10:33:59

Fichier

 Accès restreint
Fichier visible le : 2020-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Umberto Morelli, Silvio Ranise. Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud. Sabrina De Capitani di Vimercati; Fabio Martinelli. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-502, pp.296-309, 2017, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-58469-0_20〉. 〈hal-01649021〉

Partager

Métriques

Consultations de la notice

24