Candidate: Boyun Zhang
Title: AWS Identity-based Policies with "Read", "Write" and "Execute" Actions
Date: December 3, 2020
Time: 1:00 PM
Place: Remote
Supervisor(s): Tripunitara, Mahesh
Abstract:
This thesis address AWS identity-based policies with “read”, “write” and “execute” actions. AWS is a large provider of cloud computing, security is an important property that an application that runs in AWS must meet. Towards this, AWS provides users of their services a powerful mechanism, and associated syntax, to articulate identity-based policies which is managed the permission granted to an identity which include the IAM user, group or role. The current design of the syntax for AWS requires the specification, by the owner of the cloud application, of the actions to which a user or role is authorized. While for UNIX operating system which also manage resource in a manner similar to AWS but with three actions only: “read”, “write” and “execute”. We hypothesize that a syntax for identity-based security policies in AWS in which the possible set of actions is restricted to “read”, “write” and “execute” actions are more usable from the standpoint of the ease and accuracy with which such policies can be articulated, than the current design. We discuss the design and carrying out of a small-scale human participant study to validate this hypothesis. We have carried out the study with 20 participants. We present the results from analyzing the data we collected from the study. The result of the study demonstrates that for specifying security policies in AWS, it will make users who seeks to articulate such policies become much easier to adhere least-privilege.