Skip to Main content Skip to Navigation
Conference papers

Toward Group-Based User-Attribute Policies in Azure-Like Access Control Systems

Abstract : Cloud resources are increasingly pooled together for collaboration among users from different administrative units. In these settings, separation of duty between resource and identity management is strongly encouraged, as it streamlines organization of resource access in cloud. Yet, this separation may hinder availability and accessibility of resources, negating access to authorized and entitled subjects. In this paper, we present an in-depth analysis of group-reachability in user attribute-based access control. Starting from a concrete instance of an Access Control supported by the Azure platform, we adopt formal verification methods to demonstrate how it is possible to mitigate access availability issues, which may arise as per-attribute criteria groups are deployed.
Document type :
Conference papers
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download

https://hal.inria.fr/hal-01684364
Contributor : Hal Ifip <>
Submitted on : Monday, January 15, 2018 - 2:07:44 PM
Last modification on : Thursday, August 22, 2019 - 12:04:03 PM
Long-term archiving on: : Monday, May 7, 2018 - 2:44:18 PM

File

453481_1_En_20_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Anna Ferrara, Anna Squicciarini, Cong Liao, Truc Nguyen. Toward Group-Based User-Attribute Policies in Azure-Like Access Control Systems. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.349-361, ⟨10.1007/978-3-319-61176-1_20⟩. ⟨hal-01684364⟩

Share

Metrics

Record views

174

Files downloads

105