Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud - ICT Systems Security and Privacy Protection (SEC 2017)
Conference Papers Year : 2017

Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud

Umberto Morelli
  • Function : Author
  • PersonId : 1023829
Silvio Ranise
  • Function : Author
  • PersonId : 1022677

Abstract

The heterogeneity of cloud computing platforms hinders the proper exploitation of cloud technologies since it prevents interoperability, promotes vendor lock-in and makes it very difficult to exploit the well-engineered security mechanisms made available by cloud providers. In this paper, we introduce a technique to help developers to specify and enforce access control policies in cloud applications. The main idea is twofold. First, use a high-level specification language with a formal semantics that allows to answer access requests abstracting from an access control mechanism available in a particular cloud platform. Second, exploit an automated translation mechanism to compute (equivalent) policies that can be enforced in two of the most widely used cloud platforms: AWS and Openstack. We illustrate the technique on a running example and report our experience with a prototype implementation.
Fichier principal
Vignette du fichier
449885_1_En_20_Chapter.pdf (4.16 Mo) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01649021 , version 1 (27-11-2017)

Licence

Identifiers

Cite

Umberto Morelli, Silvio Ranise. Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. pp.296-309, ⟨10.1007/978-3-319-58469-0_20⟩. ⟨hal-01649021⟩
85 View
164 Download

Altmetric

Share

More