The University of Southampton
University of Southampton Institutional Repository

Toward group-based user-attribute policies in azure-like access control systems

Toward group-based user-attribute policies in azure-like access control systems
Toward group-based user-attribute policies in azure-like access control systems
Cloud resources are increasingly pooled together for collaboration among users from different administrative units. In these settings, separation of duty between resource and identity management is strongly encouraged, as it streamlines organization of resource access in cloud. Yet, this separation may hinder availability and accessibility of resources, negating access to authorized and entitled subjects. In this paper, we present an in-depth analysis of group-reachability in user attribute-based access control. Starting from a concrete instance of an Access Control supported by the Azure platform, we adopt formal verification methods to demonstrate how it is possible to mitigate access availability issues, which may arise as per-attribute criteria groups are deployed.
0302-9743
Springer
Ferrara, Anna
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Squicciarinni, Anna
7ce82907-6085-4953-bf6e-9ac828c93a8a
Liao, Cong
b0ce6f70-f1d4-4833-9df8-c71add059e6c
Nguyen Lam, Truc
0a373da7-0868-466d-a3b8-060868037acc
Ferrara, Anna
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Squicciarinni, Anna
7ce82907-6085-4953-bf6e-9ac828c93a8a
Liao, Cong
b0ce6f70-f1d4-4833-9df8-c71add059e6c
Nguyen Lam, Truc
0a373da7-0868-466d-a3b8-060868037acc

Ferrara, Anna, Squicciarinni, Anna, Liao, Cong and Nguyen Lam, Truc (2017) Toward group-based user-attribute policies in azure-like access control systems. In IFIP Annual Conference on Data and Applications Security and Privacy: DBSec 2017: Data and Applications Security and Privacy XXXI. vol. 10359, Springer.. (doi:10.1007/978-3-319-61176-1).

Record type: Conference or Workshop Item (Paper)

Abstract

Cloud resources are increasingly pooled together for collaboration among users from different administrative units. In these settings, separation of duty between resource and identity management is strongly encouraged, as it streamlines organization of resource access in cloud. Yet, this separation may hinder availability and accessibility of resources, negating access to authorized and entitled subjects. In this paper, we present an in-depth analysis of group-reachability in user attribute-based access control. Starting from a concrete instance of an Access Control supported by the Azure platform, we adopt formal verification methods to demonstrate how it is possible to mitigate access availability issues, which may arise as per-attribute criteria groups are deployed.

Text
main - Accepted Manuscript
Download (552kB)

More information

Accepted/In Press date: 26 April 2017
e-pub ahead of print date: 22 June 2017
Organisations: Electronics & Computer Science, Cyber Security

Identifiers

Local EPrints ID: 411929
URI: http://eprints.soton.ac.uk/id/eprint/411929
ISSN: 0302-9743
PURE UUID: d51e39cd-ee71-4309-8b5c-6892eb632663

Catalogue record

Date deposited: 30 Jun 2017 16:30
Last modified: 07 Oct 2020 04:43

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×