Semantic-based Automated Reasoning for AWS Access Policies using SMT

被引：0

作者：

Backes, John ^{[1
]}

Bolignano, Pauline ^{[1
]}

Cook, Byron ^{[1
]}

Dodge, Catherine ^{[1
]}

Gacek, Andrew ^{[1
]}

Luckow, Kasper ^{[1
]}

Rungta, Neha ^{[1
]}

Tkachuk, Oksana ^{[1
]}

Varming, Carsten ^{[1
]}

机构：

[1] Amazon Web Serv, Seattle, WA 98109 USA

来源：

PROCEEDINGS OF THE 2018 18TH CONFERENCE ON FORMAL METHODS IN COMPUTER AIDED DESIGN (FMCAD) | 2018年

关键词：

TRUST MANAGEMENT;

D O I：

暂无

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

Cloud computing provides on-demand access to IT resources via the Internet. Permissions for these resources are defined by expressive access control policies. This paper presents a formalization of the Amazon Web Services (AWS) policy language and a corresponding analysis tool, called ZELKOVA, for verifying policy properties. ZELKOVA encodes the semantics of policies into SMT, compares behaviors, and verifies properties. It provides users a sound mechanism to detect misconfigurations of their policies. ZELKOVA solves a PSPACE-complete problem and is invoked many millions of times daily.

引用

页码：206 / 214

页数：9

共 50 条

[1] Semantic-Based Logic Representation and Reasoning for Automated Regulatory Compliance Checking
Zhang, Jiansong
El-Gohary, Nora M.
[J]. JOURNAL OF COMPUTING IN CIVIL ENGINEERING, 2017, 31 (01)
[2] A System for Semantic-Based Access Control
Amato, Flora
Mazzocca, Nicola
De Pietro, Giuseppe
Esposito, Massimo
[J]. 2013 EIGHTH INTERNATIONAL CONFERENCE ON P2P, PARALLEL, GRID, CLOUD AND INTERNET COMPUTING (3PGCIC 2013), 2013, : 442 - 446
[3] A Temporal Semantic-Based Access Control Model
Ravari, Ali Noorollahi
Amini, Morteza
Jalili, Rasool
[J]. ADVANCES IN COMPUTER SCIENCE AND ENGINEERING, 2008, 6 : 559 - 568
[4] Semantic-based data access services on the grid
Huang, H
Shi, ZZ
Cheng, Y
Qiu, LR
He, XX
[J]. PROCEEDINGS OF THE 8TH JOINT CONFERENCE ON INFORMATION SCIENCES, VOLS 1-3, 2005, : 1554 - 1557
[5] Semantic-Based Access to Composite Mobile Services
Yang, Xu
Bouguettaya, Athman
Liu, Xumin
[J]. INTERNATIONAL JOURNAL OF WEB SERVICES RESEARCH, 2011, 8 (03) : 70 - 100
[6] Semantic-based access to digital document databases
Esposito, F
Ferilli, S
Basile, TMA
Di Mauro, N
[J]. FOUNDATIONS OF INTELLIGENT SYSTEMS, PROCEEDINGS, 2005, 3488 : 373 - 381
[7] Abductive reasoning for keyword recovering in semantic-based keyword extraction
Kongkachandra, Rachada
Chamnongthai, Kosin
[J]. PROCEEDINGS OF THE FIFTH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: NEW GENERATIONS, 2008, : 714 - +
[8] A semantic-based access control mechanism for distributed systems
Sadeghi, Mersedeh
Sartor, Luca
Rossi, Matteo
[J]. 36TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, SAC 2021, 2021, : 1864 - 1873
[9] Semantic-based Obligation for Context-Based Access Control
Al-Wahah, Mouiad
Saaudi, Ahmed
Farkas, Csilla
[J]. PROCEEDINGS OF THE 16TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS, VOL 2: SECRYPT, 2019, : 535 - 540
[10] A Semantic-based Access Control Approach for Systems of Systems
Sadeghi, Mersedeh
Sartor, Luca
Rossi, Matteo
[J]. APPLIED COMPUTING REVIEW, 2021, 21 (04): : 5 - 19

← 1 2 3 4 5 →