TY - GEN
T1 - Toward group-based user-attribute policies in azure-like access control systems
AU - Ferrara, Anna Lisa
AU - Squicciarini, Anna
AU - Liao, Cong
AU - Nguyen, Truc L.
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2017.
PY - 2017
Y1 - 2017
N2 - Cloud resources are increasingly pooled together for collaboration among users from different administrative units. In these settings, separation of duty between resource and identity management is strongly encouraged, as it streamlines organization of resource access in cloud. Yet, this separation may hinder availability and accessibility of resources, negating access to authorized and entitled subjects. In this paper, we present an in-depth analysis of group-reachability in user attribute-based access control. Starting from a concrete instance of an Access Control supported by the Azure platform, we adopt formal verification methods to demonstrate how it is possible to mitigate access availability issues, which may arise as per-attribute criteria groups are deployed.
AB - Cloud resources are increasingly pooled together for collaboration among users from different administrative units. In these settings, separation of duty between resource and identity management is strongly encouraged, as it streamlines organization of resource access in cloud. Yet, this separation may hinder availability and accessibility of resources, negating access to authorized and entitled subjects. In this paper, we present an in-depth analysis of group-reachability in user attribute-based access control. Starting from a concrete instance of an Access Control supported by the Azure platform, we adopt formal verification methods to demonstrate how it is possible to mitigate access availability issues, which may arise as per-attribute criteria groups are deployed.
UR - http://www.scopus.com/inward/record.url?scp=85021959174&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85021959174&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-61176-1_20
DO - 10.1007/978-3-319-61176-1_20
M3 - Conference contribution
AN - SCOPUS:85021959174
SN - 9783319611754
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 349
EP - 361
BT - Data and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings
A2 - Zhu, Sencun
A2 - Livraga, Giovanni
PB - Springer Verlag
T2 - 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2017
Y2 - 19 July 2017 through 21 July 2017
ER -