Securing Cloud-Native Applications

Cloud-based software is typically composed, in part, of resources made available by the cloud provider (e.g. storage, compute, network, database, etc.) and connected through networks. To govern access to these resources, cloud providers offer Identity and Access Management (IAM) services to their customers. With IAM, administrators can define policies that dictate who can access what resources with varying levels of granularity. On top of IAM, administrators are also required to restrict network-level connectivity between the various components in a system to prevent data leaks while maintaining functionality. While administrators are encouraged to strive for least privilege, designing and maintaining secure yet functional IAM and network policies is far from easy. In this talk, we will share our insights into the challenges involved in inferring and checking security policies for cloud-based software and highlight open problems that would benefit from the help of the research community.