Semantic-based Automated Reasoning for AWS Access Policies using SMT

John Backes, Pauline Bolignano, Byron Cook, Catherine Dodge, Andrew Gacek, Kasper Luckow, Neha Rungta, Oksana Tkachuk, Carsten Varming
2018 2018 Formal Methods in Computer Aided Design (FMCAD)  
Cloud computing provides on-demand access to IT resources via the Internet. Permissions for these resources are defined by expressive access control policies. This paper presents a formalization of the Amazon Web Services (AWS) policy language and a corresponding analysis tool, called ZELKOVA, for verifying policy properties. ZELKOVA encodes the semantics of policies into SMT, compares behaviors, and verifies properties. It provides users a sound mechanism to detect misconfigurations of their
more » ... licies. ZELKOVA solves a PSPACE-complete problem and is invoked many millions of times daily.
doi:10.23919/fmcad.2018.8602994 dblp:conf/fmcad/BackesBCDGLRTV18 fatcat:jnyqutkzbrdz3lhlhkud6gig4i