Authorization is a fundamental problem in modern distributed systems, and the ''policies-as-code'' paradigm has emerged as a promising solution to decouple access control logic from application code. However, most policy languages lack the ability to handle stateful policies directly. This limitation forces developers to manage policy-related state within the application code, reintroducing the very coupling that policies as code aims to eliminate and opening the door to security vulnerabilities. To address this gap, we introduce Strobilus, a language designed to express effects over policy-specific data. Strobilus is built to seamlessly complement and integrate with Amazon's Cedar, allowing developers to write stateful policies without modifying Cedar's core syntax or evaluation engine. Strobilus is distinguished by its formal semantics, a strong typing system, and a guarantee of termination, which facilitates rigorous analysis and verification of policies. We have developed a prototype implementation in Rust, which demonstrates that Strobilus may lead to significant performance improvements over external methods for policy data management. This approach aims to fully realizes the promise of ''policies-as-code'' by providing a comprehensive, safe, and verifiable solution for both stateless and stateful authorization policies.
Strobilus: enriching cedar with stateful policies / Baldo, M., Di Gianantonio, P., Paier, M., Miculan, M.. - (2026), pp. 205-216. (SACMAT '26: The 31st ACM Symposium on Access Control Models and Technologies Waterloo, Canada 8/07/2026) [10.1145/3750555.3811892].
Strobilus: enriching cedar with stateful policies
Baldo Massimiliano
;Paier Matteo;
2026
Abstract
Authorization is a fundamental problem in modern distributed systems, and the ''policies-as-code'' paradigm has emerged as a promising solution to decouple access control logic from application code. However, most policy languages lack the ability to handle stateful policies directly. This limitation forces developers to manage policy-related state within the application code, reintroducing the very coupling that policies as code aims to eliminate and opening the door to security vulnerabilities. To address this gap, we introduce Strobilus, a language designed to express effects over policy-specific data. Strobilus is built to seamlessly complement and integrate with Amazon's Cedar, allowing developers to write stateful policies without modifying Cedar's core syntax or evaluation engine. Strobilus is distinguished by its formal semantics, a strong typing system, and a guarantee of termination, which facilitates rigorous analysis and verification of policies. We have developed a prototype implementation in Rust, which demonstrates that Strobilus may lead to significant performance improvements over external methods for policy data management. This approach aims to fully realizes the promise of ''policies-as-code'' by providing a comprehensive, safe, and verifiable solution for both stateless and stateful authorization policies.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.


