A Formal Approach for the Verification of AWS IAM Access Control Policies - Service-Oriented and Cloud Computing
Conference Papers Year : 2017

A Formal Approach for the Verification of AWS IAM Access Control Policies

Abstract

Cloud computing offers elastic, scalable and on-demand network access to a shared pool of computing resources, such as storage, computation and others. Resources can be rapidly and elastically provisioned and the users pay for what they use. One of the major challenges in Cloud computing adoption is security and in this paper we address one important security aspect, the Cloud authorization. We have provided a formal Attribute Based Access Control (ABAC) model, that is based on Event-Calculus and is able to model and verify Amazon Web Services (AWS) Identity and Access Management (IAM) policies. The proposed approach is expressive and extensible. We have provided generic Event-Calculus modes and provided tool support to automatically convert JSON based IAM policies in Event-Calculus. We have also presented performance evaluation results on actual IAM policies to justify the scalability and practicality of the approach.
Fichier principal
Vignette du fichier
449571_1_En_5_Chapter.pdf (918.95 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01677620 , version 1 (08-01-2018)

Licence

Identifiers

Cite

Ehtesham Zahoor, Zubaria Asma, Olivier Perrin. A Formal Approach for the Verification of AWS IAM Access Control Policies. 6th European Conference on Service-Oriented and Cloud Computing (ESOCC), Sep 2017, Oslo, Norway. pp.59-74, ⟨10.1007/978-3-319-67262-5_5⟩. ⟨hal-01677620⟩
382 View
699 Download

Altmetric

Share

More