Semantic-based Automated Reasoning for AWS Access Policies using SMT

Backes, John; Bolignano, Pauline; Cook, Byron; Dodge, Catherine; Gacek, Andrew; Luckow, Kasper Søe; Rungta, Neha; Tkachuk, Oksana; Varming, Carsten

doi:10.23919/fmcad.2018.8602994

Cited by 71 publications

(33 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since our goal is to minimize the input WES to a form which is easy to handle by an SMT-Solver, the limit is still appropriate. We measured the time used by each solver 3 to reach a verdict, the verdict and the number of SMT-solver calls. If a solver times out we treat it as an "Unknown" verdict -although we will write it in the result tables as a timeout.…”

Section: The Benchmark Consists Of Five Tracksmentioning

confidence: 99%

“…The reason is that we simplify formulas and eventually reach one that the SMT-solver can handle. The table sometimes indicates an 3 Here we refer to each instantiation of Woorpje as a different solver increase in solving time for an instance, whenever the count of SMT-solver calls goes up. In this cases the SMT-solver was usually not able to find a solution within the given timeout limits or simply was not able to draw any conclusion at all.…”

Section: The Benchmark Consists Of Five Tracksmentioning

confidence: 99%

“…word equations arise naturally when performing symbolic execution of string heavy languages (e.g. JavaScript and Java) [11,27], and the need for verifying correctness of security policies [3]. To address these needs, a series of dedicated string solvers were developed [1,4,7,9,17,20,28].…”

mentioning

confidence: 99%

See 2 more Smart Citations

Rule-based Word Equation Solving

Day

Kulczynski

Manea

et al. 2020

Proceedings of the 8th International Conference on Formal Methods in Software Engineering

View full text Add to dashboard Cite

We present a transformation-system-based technique in the framework of string solving, by reformulating a classical combinatorics on words result, the Lemma of Levi. We further enrich the induced rules by simplification steps based on results from the combinatorial theory of word equations, as well as by the addition of linear length constraints. This transformation-system approach cannot solve all equations efficiently by itself. To improve the efficiency of our transformation-system approach we integrate existing successful string solvers, which are called based on several heuristics. The experimental evaluation we performed shows that integrating our technique as an inprocessing step improves in general the performance of existing solvers.

show abstract

Section: The Benchmark Consists Of Five Tracksmentioning

confidence: 99%

Section: The Benchmark Consists Of Five Tracksmentioning

confidence: 99%

See 1 more Smart Citation

Rule-based Word Equation Solving

Day

Kulczynski

Manea

et al. 2020

Proceedings of the 8th International Conference on Formal Methods in Software Engineering

View full text Add to dashboard Cite

show abstract

“…In our context: how does the security analyst know whether the policy is, in fact not too strict or too permissive? Zelkova [2] is already used by users of Amazon's Simple Storage Service (S3) to determine whether any of their "data buckets" are publicly accessible. More generally, the AWS Config service provides templated Zelkova checks that can be filled in by users to validate their policies.…”

Section: Overviewmentioning

confidence: 99%

“…Second, the policy elements can interact with each other in subtle ways that make the net effect of a policy unclear. Previously, we developed Zelkova [2], a tool that encodes policies as logical formulas and then uses SMT solvers [3,8] to answer questions about policies, e.g. whether a particular policy is correct, too strict, or too permissive.…”

Section: Introductionmentioning

confidence: 99%

Stratified Abstraction of Access Control Policies

Backes

Berrueco

Bray

et al. 2020

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

The shift to cloud-based APIs has made application security critically depend on understanding and reasoning about policies that regulate access to cloud resources. We present stratified predicate abstraction, a new approach that summarizes complex security policies into a compact set of positive and declarative statements that precisely state who has access to a resource. We have implemented stratified abstraction and deployed it as the engine powering AWS's IAM Access Analyzer service, and hence, demonstrate how formal methods and SMT can be used for security policy explanation.

show abstract

Code‐level model checking in the software development workflow at Amazon Web Services

et al. 2021

Self Cite

View full text Add to dashboard Cite

This article describes a style of applying symbolic model checking developed over the course of four years at Amazon Web Services (AWS). Lessons learned are drawn from proving properties of numerous C‐based systems, for example, custom hypervisors, encryption code, boot loaders, and an IoT operating system. Using our methodology, we find that we can prove the correctness of industrial low‐level C‐based systems with reasonable effort and predictability. Furthermore, AWS developers are increasingly writing their own formal specifications. As part of this effort, we have developed a CI system that allows integration of the proofs into standard development workflows and extended the proof tools to provide better feedback to users. All proofs discussed in this article are publicly available on GitHub.

show abstract

Semantic-based Automated Reasoning for AWS Access Policies using SMT

Cited by 71 publications

References 17 publications

Rule-based Word Equation Solving

Rule-based Word Equation Solving

Stratified Abstraction of Access Control Policies

Code‐level model checking in the software development workflow at Amazon Web Services

Contact Info

Product

Resources

About