GGrantIndex
← Search

SHF: Small: Differential Policy Verification and Repair for Access Control in the Cloud

$515,992FY2018CSENSF

University Of California-Santa Barbara, Santa Barbara CA

Investigators

Abstract

Due to ubiquitous use of software services, protecting the confidentiality of private information stored in compute clouds is becoming an increasingly critical problem. Users frequently trust sensitive personal information such as financial or medical records to software services. Protection of such private data is of paramount importance for users. In order to prevent disastrous data breaches (which do happen), software developers must accurately specify who can access the data resources and in what ways. Although access control specification languages and libraries provide mechanisms for protecting confidentiality of information in software systems, without automated techniques that can assist developers in writing and checking access control policies, complex policy specifications are likely to have errors that lead to unintended and unauthorized access to data, possibly with disastrous consequences. This project will expose graduate and undergraduate students to security and analysis problems in cloud-based systems through a variety of educational activities including courses, seminars and individual research mentoring. This project develops automated techniques that help software developers in protecting users' data and preventing dangerous exposure of private information. In particular, the investigators develop automated techniques that help software developers in identifying and eliminating errors in access control policies by converting policy specifications to logical constraints and identifying inconsistencies among policies using constraint solving techniques. The project also investigates methods to automatically generating inputs that demonstrate inconsistencies among policies, and automatically generating repairs that remove the inconsistencies among the policies. Within the scope of this project the investigators develop and use novel constraint solving techniques for policy analysis, particularly focusing on analysis of complex numeric and text manipulation operations that are error-prone. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →
SHF: Small: Differential Policy Verification and Repair for Access Control in the Cloud · GrantIndex