Overview

SecurePG is a Java-based tool that allows policy administrators to generate, verify and enforce abstract Access Control (AC) policies in two of the most widely used Cloud Service Providers: Amazon AWS and OpenStack.

The framework enables:

Policy Generation. Permissions specification through a high-level language that allows cloud developers to express access control requirements as a provider-independent, semi-column separated list of sentences (parsed with an ANTLR grammar). Policy authoring through hints and interactive advices.

Policy Verification. Use of the SMT-based tool (ref. here - paper available in FBK/ST), that implements the Content-based Protection and Release (CPR) AC model, to analyse the authorizations before the enforcement in the cloud.

Policy Enforcement. Push button technology to enforce the entities and their permissions in pre-existing AWS environments.

In version 1.0, support is currently limited to the AWS IAM and S3 services and the corresponding services of OpenStack: Keystone and Swift. [UPD] Version 2.0 extends the support to AWS IoT and edge-oriented applications.

The tool is available here on request. Please, send an email to Umberto Morelli or Silvio Ranise to unlock the access.

Relevant papers

  1. A.Tahir, M.Umberto, R.Silvio, Z.Nicola, “A Lazy Approach to Access Control as a Service (ACaaS) for IoT”, to appear in SACMAT 2018: 23rd ACM Symposium on Access Control Models and Technologies
  2. M.Umberto, R.Silvio, “Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud”, In IFIPSEC ‘17: Proceedings of the 32nd IFIP TC 11 International Conference, SEC 2017, Rome, Italy, May 29-31, 2017.