Backes, J; Bolignano, P; Cook, B; Dodge, C; Gacek, A; Luckow, K; Rungta, N; ... Varming, C; + view all Backes, J; Bolignano, P; Cook, B; Dodge, C; Gacek, A; Luckow, K; Rungta, N; Tkachuk, O; Varming, C; - view fewer (2019) Semantic-based Automated Reasoning for AWS Access Policies using SMT. In: Proceedings of 2018 Formal Methods in Computer Aided Design (FMCAD). (pp. pp. 206-214). IEEE: Austin, TX, USA.

Preview

Text Semantic-based Automated Reasoning for AWS Access Policies using SMT.pdf - Accepted Version Download (352kB) | Preview

Abstract

Cloud computing provides on-demand access to IT resources via the Internet. Permissions for these resources are defined by expressive access control policies. This paper presents a formalization of the Amazon Web Services (AWS) policy language and a corresponding analysis tool, called ZELKOVA, for verifying policy properties. ZELKOVA encodes the semantics of policies into SMT, compares behaviors, and verifies properties. It provides users a sound mechanism to detect misconfigurations of their policies. ZELKOVA solves a PSPACE-complete problem and is invoked many millions of times daily.

Download activity - last month

Export as CSVXMLJSON

Download activity - last 12 months

Export as JSONXMLCSV

Downloads by country - last 12 months

Export as JSONXMLCSV

Archive Staff Only

View Item