A Formal Approach for the Verification of AWS IAM Access Control Policies

Abstract : Cloud computing offers elastic, scalable and on-demand network access to a shared pool of computing resources, such as storage, computation and others. Resources can be rapidly and elastically provisioned and the users pay for what they use. One of the major challenges in Cloud computing adoption is security and in this paper we address one important security aspect, the Cloud authorization. We have provided a formal Attribute Based Access Control (ABAC) model, that is based on Event-Calculus and is able to model and verify Amazon Web Services (AWS) Identity and Access Management (IAM) policies. The proposed approach is expressive and extensible. We have provided generic Event-Calculus modes and provided tool support to automatically convert JSON based IAM policies in Event-Calculus. We have also presented performance evaluation results on actual IAM policies to justify the scalability and practicality of the approach.
Type de document :
Communication dans un congrès
Flavio De Paoli; Stefan Schulte; Einar Broch Johnsen. 6th European Conference on Service-Oriented and Cloud Computing (ESOCC), Sep 2017, Oslo, Norway. Springer International Publishing, Lecture Notes in Computer Science, LNCS-10465, pp.59-74, 2017, Service-Oriented and Cloud Computing. 〈10.1007/978-3-319-67262-5_5〉
Liste complète des métadonnées

Littérature citée [26 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01677620
Contributeur : Hal Ifip <>
Soumis le : lundi 8 janvier 2018 - 15:01:17
Dernière modification le : mardi 24 avril 2018 - 13:29:49

Fichier

 Accès restreint
Fichier visible le : 2020-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Ehtesham Zahoor, Zubaria Asma, Olivier Perrin. A Formal Approach for the Verification of AWS IAM Access Control Policies. Flavio De Paoli; Stefan Schulte; Einar Broch Johnsen. 6th European Conference on Service-Oriented and Cloud Computing (ESOCC), Sep 2017, Oslo, Norway. Springer International Publishing, Lecture Notes in Computer Science, LNCS-10465, pp.59-74, 2017, Service-Oriented and Cloud Computing. 〈10.1007/978-3-319-67262-5_5〉. 〈hal-01677620〉

Partager

Métriques

Consultations de la notice

212