18371034. ACCESS CONTROL POLICY ANALYSIS IN A MULTI-PROVIDER NETWORK ENVIRONMENT (Amazon Technologies, Inc.)
ACCESS CONTROL POLICY ANALYSIS IN A MULTI-PROVIDER NETWORK ENVIRONMENT
Organization Name
Inventor(s)
Chungha Sung of Cupertino CA US
Loris D'antoni of Madison WI US
ACCESS CONTROL POLICY ANALYSIS IN A MULTI-PROVIDER NETWORK ENVIRONMENT
This abstract first appeared for US patent application 18371034 titled 'ACCESS CONTROL POLICY ANALYSIS IN A MULTI-PROVIDER NETWORK ENVIRONMENT
Original Abstract Submitted
Techniques for analyzing access control policies across multiple provider networks. These techniques compile various policies into a unified policy language broad enough to include diverse policy features, yet specific enough for automated analysis. An automated differential testing method is employed to confirm the accuracy of this compilation by generating access requests, ensuring both original and translated policies consistently grant or deny access. Moreover, an abstraction technique is used to simplify and correlate the complex details of different policies, enabling easier user inquiries about them. For instance, users can determine if an account has write access in one network but not in another. This abstraction sometimes involves replacing actions in original policies, ensuring their compatibility in the target policy language.
