Backes, J; Berrueco, U; Bray, T; Brim, D; Cook, B; Gacek, A; Jhala, R; ... Viswanathan, D; + view all Backes, J; Berrueco, U; Bray, T; Brim, D; Cook, B; Gacek, A; Jhala, R; Luckow, K; McLaughlin, S; Menon, M; Peebles, D; Pugalia, U; Rungta, N; Schlesinger, C; Schodde, A; Tanuku, A; Varming, C; Viswanathan, D; - view fewer (2020) Stratified Abstraction of Access Control Policies. In: International Conference on Computer Aided Verification CAV 2020: Computer Aided Verification. (pp. pp. 165-176). Springer, Cham

Preview

Text Backes2020_Chapter_StratifiedAbstractionOfAccessC.pdf - Published Version Download (817kB) | Preview

Abstract

The shift to cloud-based APIs has made application security critically depend on understanding and reasoning about policies that regulate access to cloud resources. We present stratified predicate abstraction, a new approach that summarizes complex security policies into a compact set of positive and declarative statements that precisely state who has access to a resource. We have implemented stratified abstraction and deployed it as the engine powering AWS’s IAM Access Analyzer service, and hence, demonstrate how formal methods and SMT can be used for security policy explanation.

Download activity - last month

Export as JSONXMLCSV

Download activity - last 12 months

Export as CSVJSONXML

Downloads by country - last 12 months

Export as CSVXMLJSON

Archive Staff Only

View Item