Cedar: A language for expressing fast, safe, and fine-grained authorization policies
Cedar is a new authorization policy language developed as the core of AWS’s recently released Amazon Verified Permissions (AVP) service. Cedar policies are used to express fine-grained permissions on behalf of applications. Cedar was designed to be ergonomic, fast, safe, and analyzable. Cedar’s simple and intuitive syntax supports common authorization use-cases with easy-to-understand policies. Cedar’s policy structure ensures that access requests can be authorized quickly. Cedar’s policy validator leverages gradual typing to help policy writers avoid mistakes but not get in their way. Cedar’s design has been finely balanced to enable a sound and complete logical encoding, which allows analysts to precisely reason about what policies do, e.g., to ensure that when refactoring a set of policies, the authorized permissions do not change. Cedar is built using a high-assurance process we call verification-guided development. Its authorization engine and validator are formally modeled in the Dafny programming language. Cedar’s core development team proves safety and security properties about those models in Dafny, and runs millions of automated differential tests to check that the implementations of the Cedar authorization engine and validator, written in Rust, agree with the Dafny models
Mike Hicks is a Senior Principal Scientist at Amazon Web Services, and Professor Emeritus at the University of Maryland, where we co-founded and directed the laboratory for Programming Languages research (PLUM).
Mike’s research explores programming languages and security. He is a Fellow of the Association of Computing Machinery (ACM), Editor-in-Chief of Proceedings of the ACM on Programming Languages, and prior Chair of ACM’s Special Interest Group on Programming Languages. He currently co-leads the development of Cedar, the policy language underpinning the new Amazon Verified Permissions authorization service.