Sciweavers

ICSE
2005
IEEE-ACM

Verification and change-impact analysis of access-control policies

14 years 11 months ago
Verification and change-impact analysis of access-control policies
Sensitive data are increasingly available on-line through the Web and other distributed protocols. This heightens the need to carefully control access to data. Control means not only preventing the leakage of data but also permitting access to necessary information. Indeed, the same datum is often treated differently depending on context. System designers create policies to express conditions on the access to data. To reduce source clutter and improve maintenance, developers increasingly use domain-specific, declarative languages to express these policies. In turn, administrators need to analyze policies relative to properties, and to understand the effect of policy changes even in the absence of properties. This paper presents Margrave, a software suite for analyzing role-based access-control policies. Margrave includes a verifier that analyzes policies written in the xacml language, translating them into a form of decision-diagram to answer queries. It also provides semantic differe...
Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyero
Added 09 Dec 2009
Updated 09 Dec 2009
Type Conference
Year 2005
Where ICSE
Authors Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, Michael Carl Tschantz
Comments (0)