Professor Tevfik Bultan received an Amazon Research Award for his research on "Automatically Detecting Bugs in Identity and Access Management Policies."
In this project, Professor Bultan and his students will address a crucial security issue in cloud computing. Due to ubiquitous use of software services, protecting the confidentiality of private information stored in compute clouds is becoming an increasingly critical problem. AWS Identity and Access Management (IAM) service allows software developers to write policies that specify authorization and access control rules for the information resources of a software service. Although IAM provides a mechanism for protecting confidentiality of information, without verification and validation techniques that can assist developers in writing policies, complex policy specifications are likely to have errors that can lead to unintended and unauthorized access to data, possibly with disastrous consequences. In this project, Prof. Bultan and his students will develop an automated IAM policy verification framework which involves 1) conversion of policy specifications to logical constraints, and 2) identifying inconsistencies among policies using constraint solving techniques.
The Amazon Research Award (ARA) program will provide $80,000 of funding and a $20,000 in kind contribution for using Amazon Web Services (AWS), Amazon's cloud computing platform, to support Professor Bultan's research.