Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Identifying the semantic and textual differences between two versions of a program
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Algebraic decision diagrams and their applications
ICCAD '93 Proceedings of the 1993 IEEE/ACM international conference on Computer-aided design
Isomorph-free model enumeration: a new method for checking relational specifications
ACM Transactions on Programming Languages and Systems (TOPLAS)
Revised5 report on the algorithmic language scheme
ACM SIGPLAN Notices
Automating first-order relational logic
SIGSOFT '00/FSE-8 Proceedings of the 8th ACM SIGSOFT international symposium on Foundations of software engineering: twenty-first century applications
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
On the specification and evolution of access control policies
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Static verification of security requirements in role based CSCW systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Role-Based Access Control
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Efficient comparison of enterprise privacy policies
Proceedings of the 2004 ACM symposium on Applied computing
DrScheme: a programming environment for Scheme
Journal of Functional Programming
Synthesising verified access control systems in XACML
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Reasoning about XACML policies using CSP
Proceedings of the 2005 workshop on Secure web services
Towards reasonability properties for access-control policy languages
Proceedings of the eleventh ACM symposium on Access control models and technologies
Automated test generation for access control policies
Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications
A Holistic Approach to Security Policies -- Policy Distribution with XACML over COPS
Electronic Notes in Theoretical Computer Science (ENTCS)
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
Analyzing web access control policies
Proceedings of the 16th international conference on World Wide Web
Research Directions in Requirements Engineering
FOSE '07 2007 Future of Software Engineering
An approach to evaluate policy similarity
Proceedings of the 12th ACM symposium on Access control models and technologies
Proceedings of the 12th ACM symposium on Access control models and technologies
Automated Test Generation for Access Control Policies via Change-Impact Analysis
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Implementation and use of the PLT scheme Web server
Higher-Order and Symbolic Computation
XACML Policy Integration Algorithms
ACM Transactions on Information and System Security (TISSEC)
Synthesising verified access control systems through model checking
Journal of Computer Security
Xengine: a fast and scalable XACML policy evaluation engine
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Enforcing security properties in task-based systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Policy decomposition for collaborative access control
Proceedings of the 13th ACM symposium on Access control models and technologies
Enabling verification and conformance testing for access control model
Proceedings of the 13th ACM symposium on Access control models and technologies
Stale-safe security properties for group-based secure information sharing
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Validating Access Control Configurations in J2EE Applications
CBSE '08 Proceedings of the 11th International Symposium on Component-Based Software Engineering
Expressive policy analysis with enhanced system dynamicity
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
PBES: a policy based encryption system with application to data sharing in the power grid
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Toward practical analysis for trust management policy
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Lightweight query-based analysis of workflow process dependencies
Journal of Systems and Software
An algebra for fine-grained integration of XACML policies
Proceedings of the 14th ACM symposium on Access control models and technologies
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
Web Verification: Perspective and Challenges
Electronic Notes in Theoretical Computer Science (ENTCS)
An attribute-based authorization policy framework with dynamic conflict resolution
Proceedings of the 9th Symposium on Identity and Trust on the Internet
Formal engineering of XACML access control policies in VDM++
ICFEM'07 Proceedings of the formal engineering methods 9th international conference on Formal methods and software engineering
Usability challenges in security and privacy policy-authoring interfaces
INTERACT'07 Proceedings of the 11th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
A model of triangulating environments for policy authoring
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Data protection models for service provisioning in the cloud
Proceedings of the 15th ACM symposium on Access control models and technologies
Visualization for access control policy analysis results using multi-level grids
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Strong and weak policy relations
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Verification of policy-based self-managed cell interactions using alloy
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
An XACML extension for business process-centric access control policies
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Constructing authorization systems using assurance management framework
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Analysis of privacy and security policies
IBM Journal of Research and Development
SPAN: a unified framework and toolkit for querying heterogeneous access policies
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Privacy-preserving similarity measurement for access control policies
Proceedings of the 6th ACM workshop on Digital identity management
Cue: a framework for generating meaningful feedback in XACML
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Mining likely properties of access control policies via association rule mining
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Proceedings of the FSE/SDP workshop on Future of software engineering research
User-role reachability analysis of evolving administrative role based access control
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
The margrave tool for firewall analysis
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
An approach to analyzing the software process change impact using process slicing and simulation
Journal of Systems and Software
Towards accuracy of role-based access control configurations in component-based systems
Journal of Systems Architecture: the EUROMICRO Journal
Oops, I did it again: mitigating repeated access control errors on facebook
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Anomaly discovery and resolution in web access control policies
Proceedings of the 16th ACM symposium on Access control models and technologies
Multiparty authorization framework for data sharing in online social networks
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Towards coequal authorization for dynamic collaboration
AMT'11 Proceedings of the 7th international conference on Active media technology
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Model checking security policy model using both UML static and dynamic diagrams
Proceedings of the 4th international conference on Security of information and networks
Counterfactually reasoning about security
Proceedings of the 4th international conference on Security of information and networks
Conformance checking of dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
A knowledge-based verification method for dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Soutei, a logic-based trust-management system
FLOPS'06 Proceedings of the 8th international conference on Functional and Logic Programming
Firewall policy change-impact analysis
ACM Transactions on Internet Technology (TOIT)
Formalising and validating RBAC-to-XACML translation using lightweight formal methods
ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
Security model oriented attestation on dynamically reconfigurable component-based systems
Journal of Network and Computer Applications
Formalisation and implementation of the XACML access control mechanism
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Refinement checking for privacy policies
Science of Computer Programming
An advanced approach for modeling and detecting software vulnerabilities
Information and Software Technology
Selection of regression system tests for security policy evolution
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Automated and efficient analysis of role-based access control with attributes
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Conditional privacy-aware role based access control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Change-impact analysis of firewall policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Towards model-driven development of access control policies for web applications
Proceedings of the Workshop on Model-Driven Security
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
Aluminum: principled scenario exploration through minimality
Proceedings of the 2013 International Conference on Software Engineering
Model-based, event-driven programming paradigm for interactive web applications
Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software
Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software
Policy analysis for administrative role based access control without separate administration
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
Formal verification of security properties in trust management policy
Journal of Computer Security
| Hi-index | 0.00 |
Sensitive data are increasingly available on-line through the Web and other distributed protocols. This heightens the need to carefully control access to data. Control means not only preventing the leakage of data but also permitting access to necessary information. Indeed, the same datum is often treated differently depending on context.System designers create policies to express conditions on the access to data. To reduce source clutter and improve maintenance, developers increasingly use domain-specific, declarative languages to express these policies. In turn, administrators need to analyze policies relative to properties, and to understand the effect of policy changes even in the absence of properties.This paper presents Margrave, a software suite for analyzing role-based access-control policies. Margrave includes a verifier that analyzes policies written in the XACML language, translating them into a form of decision-diagram to answer queries. It also provides semantic differencing information between versions of policies. We have implemented these techniques and applied them to policies from a working software application.