Toward Group-Based User-Attribute Policies in Azure-Like Access Control Systems - Data and Applications Security and Privacy XXXI
Conference Papers Year : 2017

Toward Group-Based User-Attribute Policies in Azure-Like Access Control Systems

Anna Lisa Ferrara
  • Function : Author
  • PersonId : 1026609
Anna Squicciarini
  • Function : Author
  • PersonId : 1010033
Cong Liao
  • Function : Author
  • PersonId : 1026635
Truc L. Nguyen
  • Function : Author
  • PersonId : 1026636

Abstract

Cloud resources are increasingly pooled together for collaboration among users from different administrative units. In these settings, separation of duty between resource and identity management is strongly encouraged, as it streamlines organization of resource access in cloud. Yet, this separation may hinder availability and accessibility of resources, negating access to authorized and entitled subjects. In this paper, we present an in-depth analysis of group-reachability in user attribute-based access control. Starting from a concrete instance of an Access Control supported by the Azure platform, we adopt formal verification methods to demonstrate how it is possible to mitigate access availability issues, which may arise as per-attribute criteria groups are deployed.
Fichier principal
Vignette du fichier
453481_1_En_20_Chapter.pdf (539.61 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01684364 , version 1 (15-01-2018)

Licence

Identifiers

Cite

Anna Lisa Ferrara, Anna Squicciarini, Cong Liao, Truc L. Nguyen. Toward Group-Based User-Attribute Policies in Azure-Like Access Control Systems. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.349-361, ⟨10.1007/978-3-319-61176-1_20⟩. ⟨hal-01684364⟩
71 View
98 Download

Altmetric

Share

More