Authorization is a fundamental problem in modern distributed systems, and the ''policies-as-code'' paradigm has emerged as a promising solution to decouple access control logic from application code. However, most policy languages lack the ability to handle stateful policies directly. This limitation forces developers to manage policy-related state within the application code, reintroducing the very coupling that policies as code aims to eliminate and opening the door to security vulnerabilities. To address this gap, we introduce Strobilus, a language designed to express effects over policy-specific data. Strobilus is built to seamlessly complement and integrate with Amazon's Cedar, allowing developers to write stateful policies without modifying Cedar's core syntax or evaluation engine. Strobilus is distinguished by its formal semantics, a strong typing system, and a guarantee of termination, which facilitates rigorous analysis and verification of policies. We have developed a prototype implementation in Rust, which demonstrates that Strobilus may lead to significant performance improvements over external methods for policy data management. This approach aims to fully realizes the promise of ''policies-as-code'' by providing a comprehensive, safe, and verifiable solution for both stateless and stateful authorization policies.

Strobilus: enriching cedar with stateful policies / Baldo, M., Di Gianantonio, P., Paier, M., Miculan, M.. - (2026), pp. 205-216. (SACMAT '26: The 31st ACM Symposium on Access Control Models and Technologies Waterloo, Canada 8/07/2026) [10.1145/3750555.3811892].

Strobilus: enriching cedar with stateful policies

Baldo Massimiliano
;
Paier Matteo;
2026

Abstract

Authorization is a fundamental problem in modern distributed systems, and the ''policies-as-code'' paradigm has emerged as a promising solution to decouple access control logic from application code. However, most policy languages lack the ability to handle stateful policies directly. This limitation forces developers to manage policy-related state within the application code, reintroducing the very coupling that policies as code aims to eliminate and opening the door to security vulnerabilities. To address this gap, we introduce Strobilus, a language designed to express effects over policy-specific data. Strobilus is built to seamlessly complement and integrate with Amazon's Cedar, allowing developers to write stateful policies without modifying Cedar's core syntax or evaluation engine. Strobilus is distinguished by its formal semantics, a strong typing system, and a guarantee of termination, which facilitates rigorous analysis and verification of policies. We have developed a prototype implementation in Rust, which demonstrates that Strobilus may lead to significant performance improvements over external methods for policy data management. This approach aims to fully realizes the promise of ''policies-as-code'' by providing a comprehensive, safe, and verifiable solution for both stateless and stateful authorization policies.
2026
979-8-4007-2107-6
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.11771/42498
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • OpenAlex ND
social impact