The heterogeneity of cloud computing platforms hinders the proper exploitation of cloud technologies since it prevents interoperability, promotes vendor lock-in and makes it very difficult to exploit the well-engineered security mechanisms made available by cloud providers. In this paper, we introduce a technique to help developers to specify and enforce access control policies in cloud applications. The main idea is twofold. First, use a high-level specification language with a formal semantics that allows to answer access requests abstracting from an access control mechanism available in a particular cloud platform. Second, exploit an automated translation mechanism to compute (equivalent) policies that can be enforced in two of the most widely used cloud platforms: AWS and Openstack.We illustrate the technique on a running example and report our experience with a prototype implementation.

Assisted authoring, analysis and enforcement of access control policies in the cloud / Morelli, U.; Ranise, S.. - 502:(2017), pp. 296-309. ((Intervento presentato al convegno 32nd International Conference on ICT Systems Security and Privacy Protection, IFIP SEC 2017 tenutosi a ita nel 2017 [10.1007/978-3-319-58469-0_20].

Assisted authoring, analysis and enforcement of access control policies in the cloud

Ranise S.
2017-01-01

Abstract

The heterogeneity of cloud computing platforms hinders the proper exploitation of cloud technologies since it prevents interoperability, promotes vendor lock-in and makes it very difficult to exploit the well-engineered security mechanisms made available by cloud providers. In this paper, we introduce a technique to help developers to specify and enforce access control policies in cloud applications. The main idea is twofold. First, use a high-level specification language with a formal semantics that allows to answer access requests abstracting from an access control mechanism available in a particular cloud platform. Second, exploit an automated translation mechanism to compute (equivalent) policies that can be enforced in two of the most widely used cloud platforms: AWS and Openstack.We illustrate the technique on a running example and report our experience with a prototype implementation.
IFIP Advances in Information and Communication Technology
HEIDELBERGER PLATZ 3, D-14197 BERLIN, GERMANY
Springer New York LLC
978-3-319-58468-3
978-3-319-58469-0
Morelli, U.; Ranise, S.
Assisted authoring, analysis and enforcement of access control policies in the cloud / Morelli, U.; Ranise, S.. - 502:(2017), pp. 296-309. ((Intervento presentato al convegno 32nd International Conference on ICT Systems Security and Privacy Protection, IFIP SEC 2017 tenutosi a ita nel 2017 [10.1007/978-3-319-58469-0_20].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333126
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? 3
social impact