You are here

Security of Cloud-based and Service-oriented Applications and Infrastructures

Cloud computing and Service-oriented Applications provide access to data and resources in open (networked)   environments in which several services share the same platform. The main security challenge is thus to ensure that only authorized entities (not only competing services but even service providers) can access the resources. Access control (AC) is the main mechanism to mediate access between entities and resources.  In particular, AC should permit the best trade-off between the release (availability) and the disclosure of sensitive information (confidentiality). While doing this, AC should also guarantee the privacy of the entity requesting authorization and take into account the device used to access information together with other contextual information (e.g., time of the day and location).
Indeed, these are daunting tasks both at the level of design and enforcement of policies.The development of automated techniques for the analysis of policies and the synthesis of monitors for their run-time enforcement can help designers to reconcile what they intend to authorize with what the policies actually authorize as well as to avoid differences between what policies authorize and what is actually enforced.

Some results:

  • New decidability result for the user-role reachability problem of Administrative Role-Based Access Control (ARBAC) policies without separate administration assumption [1]
  • New decidability result for the user-role reachability problem of ARBAC policies with attributes for role provisioning without separate administration assumption [2]
  • New access control model for NATO networking infrastructure for information sharing in missions [3]

Selected publications:

[1] A. Armando, S. Ranise, Scalable automated symbolic analysis of administrative role-based access control policies by SMT solving, in «JOURNAL OF COMPUTER SECURITY», vol. 20, pp. 309 -352, 2012.

[2] Alberti F., Armando A., Ranise S., Efficient Symbolic Automated Analysis of Administrative Attribute-based RBAC-Policies, in Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2011.

[3]Ar mando A., Grasso M., Oudkerk S., Ranise S., Wrona K., Content-based information protection and release in NATO operations, in Symposium on Access Control Models and Technologies (SACMAT), 2013.

Wednesday, 16 October, 2013