Amazon Web Services (AWS) announced at the North American Open Source Summit that two projects are open sourcing Cedar and SnapChange; designed to address issues surrounding software supply chain security. Both projects are part of AWS's ongoing effort to contribute intellectual property to the open source community, said David Nalley, director of open source marketing at AWS.
Cedar is a language for defining permissions as policies, including automatic reasoning to mathematically prove that an IT environment is secure. It is also a specification for evaluation strategies. Use Cedar policies to control what each user of your application is allowed to do and what resources they can access.
Cedar employs automated reasoning techniques. This capability is especially important in enabling organizations to mathematically prove that compliance requirements have been met. AWS has been using Cedar to provide IT organizations with the ability to write authorization policies as code that can be deployed anywhere, most widely in the managed AWS Verified Permissions service.
SnapChange is a fuzzing tool that cybersecurity researchers can use to discover vulnerabilities by replaying physical memory snapshots in KVM virtual machines. Fuzz testing discovers software security issues by monitoring how a system behaves when it processes random data. SnapChange is the first effort of an internal AWS team called Find & Fix.