Toward group-based user-attribute policies in azure-like access control systems

Anna Lisa Ferrara, Anna Squicciarini, Cong Liao, Truc L. Nguyen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Cloud resources are increasingly pooled together for collaboration among users from different administrative units. In these settings, separation of duty between resource and identity management is strongly encouraged, as it streamlines organization of resource access in cloud. Yet, this separation may hinder availability and accessibility of resources, negating access to authorized and entitled subjects. In this paper, we present an in-depth analysis of group-reachability in user attribute-based access control. Starting from a concrete instance of an Access Control supported by the Azure platform, we adopt formal verification methods to demonstrate how it is possible to mitigate access availability issues, which may arise as per-attribute criteria groups are deployed.

Original languageEnglish (US)
Title of host publicationData and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings
EditorsSencun Zhu, Giovanni Livraga
PublisherSpringer Verlag
Pages349-361
Number of pages13
ISBN (Print)9783319611754
DOIs
StatePublished - 2017
Event31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2017 - Philadelphia, United States
Duration: Jul 19 2017Jul 21 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10359 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2017
CountryUnited States
CityPhiladelphia
Period7/19/177/21/17

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Toward group-based user-attribute policies in azure-like access control systems'. Together they form a unique fingerprint.

Cite this