Published: Jun 15, 2017
The following paper has been accepted at the 32nd International Conference on ICT Systems Security and Privacy Protection (IFIPSEC 2017):
- Title: Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud
- Author: Umberto Morelli, Silvio Ranise
- Abstract: The heterogeneity of cloud computing platforms hinders the proper exploitation of cloud technologies since it prevents interoperability, promotes vendor lock-in and makes it very difficult to exploit the well-engineered security mechanisms made available by cloud providers. In this paper, we introduce a technique to help developers to specify and enforce access control policies in cloud applications. The main idea is twofold. First, use a high-level specification language with a formal semantics that allows to answer access requests abstracting from an access control mechanism available in a particular cloud platform. Second, exploit an automated translation mechanism to compute (equivalent) policies that can be enforced in two of the most widely used cloud platforms: AWS and Openstack. We illustrate the technique on a running example and report our experience with a prototype implementation.
- DOI: 10.1007/978-3-319-58469-0_20
About the conference
- Name: 32nd International Conference on ICT Systems Security and Privacy Protection (IFIPSEC 2017)
- Date: from May 29, 2017 to May 31, 2017
- Location: Rome, Italy
- Website: https://ifipsec.org/2017/
