ACCESS POLICY ANALYSIS

US 20090193493A1
Filed: 01/28/2008
Published: 07/30/2009
Est. Priority Date: 01/28/2008
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable storage media comprising executable instructions to perform a method of analyzing an access policy, the method comprising:

abducing a set that comprises an assumption from information that comprises;

(a) an access query that evaluates to true or false depending on whether access to a resource is granted, and (b) one or more rules that govern access to said resource;

comparing said set with a plurality of tokens stored in a token store;

identifying a first one of said plurality of tokens based on a first finding that said first one of said plurality of tokens does not satisfy said set but has a similarity to said set; and

providing, to a person, a result that is based on said first one of said plurality of tokens.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Software tools assist an access-policy analyst or creator to debug and/or author access policies. An access request contains a query that evaluates to either true or false depending on whether access is to be allowed. Abduction may be used to generate assumptions that, if true, would cause the access request to be true. The tool may perform analysis on the generated assumptions, such as: comparing the assumptions with tokens to detect errors in the tokens or to suggest changes to the tokens that would cause the query to be satisfied, or comparing the assumptions to a meta-policy. The tool may allow an analysis, policy author, or other person to interactively walk through assumptions in order to see the implications of the access policy.

75 Citations

View as Search Results

20 Claims

1. One or more computer-readable storage media comprising executable instructions to perform a method of analyzing an access policy, the method comprising:
- abducing a set that comprises an assumption from information that comprises;
  
  (a) an access query that evaluates to true or false depending on whether access to a resource is granted, and (b) one or more rules that govern access to said resource;
  
  comparing said set with a plurality of tokens stored in a token store;
  
  identifying a first one of said plurality of tokens based on a first finding that said first one of said plurality of tokens does not satisfy said set but has a similarity to said set; and
  
  providing, to a person, a result that is based on said first one of said plurality of tokens.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The one or more computer-readable storage media of claim 1, wherein said providing further comprises:
    - communicating, to said person, a second finding that said first one of said plurality of tokens contains an error.
  - 3. The one or more computer-readable storage media of claim 1, wherein said providing further comprises:
    - communicating, to said person, a suggested change to said first one of said plurality of tokens that would cause said token to satisfy said set.
  - 4. The one or more computer-readable storage media of claim 1, wherein said identifying finds said similarity by determining that said token and said set have a verb in common, or that constants appearing in said token and said set differ from each other by less than a specified amount.
  - 5. The one or more computer-readable storage media of claim 1, wherein said set further comprises a variable that appears in said assumption and a constraint on said variable, and wherein the method further comprises:
    - generating a value for said variable that satisfies said constraint.
  - 6. The one or more computer-readable storage media of claim 1, wherein the method further comprises:
    - receiving an assertion from said person;
      
      providing said assertion, said access query, and said one or more rules to an abduction component that performs said abducing,wherein the assumption in said set, in combination with said assertion, would cause said access query to evaluate to true.
  - 7. The one or more computer-readable storage media of claim 1, wherein said access query has failed, and wherein the method further comprises:
    - receiving, from said person, a request to debug said access query.

8. A method of facilitating analysis of an access policy, the method comprising:
- receiving a meta-policy that describes a first condition that is to be satisfied by the access policy that governs access to a resource;
  
  abducing one or more proofs of a query that evaluates to true or false depending on whether access to said resource is to be granted or denied, said abducing being based on information comprising;
  
  (a) said query, (b) the policy;
  
  comparing said one or more proofs to said meta-policy; and
  
  providing a result indicating whether said access policy satisfies said meta-policy.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the meta-policy defines a second condition that is not to exist in any proof that satisfies said query, wherein the method further comprises:
    - determining, based on said comparing, whether any of said one or more proofs meets said condition.
  - 10. The method of claim 8, wherein the meta-policy defines an aspect of a proof that causes said query to evaluate to true, and wherein the method further comprises:
    - determining, based on said comparing, whether a proof that meets said aspect is among said one or more proofs.
  - 11. The method of claim 8, wherein the meta-policy defines a condition that is to exist in a proof that satisfies said query, and wherein the method further comprises:
    - determining, based on said comparing, whether any of said one or more proofs meets said condition.
  - 12. The method of claim 8, wherein the meta-policy specifies that said access policy is not to grant access to said resource to any principal that does not possess a specified attribute, and wherein the method further comprises:
    - determining, based on said comparing, whether any of said one or more proofs permits a principal that does not possess said specified attribute to access said resource.
  - 13. The method of claim 8, further comprising:
    - displaying, to a person, proofs to said query in response to requests from said person.

14. A system comprising:
- one or more data remembrance components;
  
  one or more executable components that are stored in at least one of said one or more data remembrance components and that execute on at least one of one or more processors, wherein the executable components receive a query and a policy, either abduce one or more proofs of said query under which said query is true under said policy or that obtain said one or more proofs from an abduction engine, perform a comparison of said one or more proofs with either a meta-policy or one or more tokens in a token store, and provide a result based on said comparison.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein said executable components compare said one or more proofs with said one or more tokens, determine based on said comparison, that at least one of said one or more tokens contains an error, and wherein said result comprises an indication of said error.
  - 16. The system of claim 14, wherein said executable components compare said one or more proofs with said one or more tokens and identify a change that, if made to said one or more tokens, would cause said token to satisfy at least a part of one of said one or more proofs, and wherein said result comprises and indication of said token and said change.
  - 17. The system of claim 14, wherein a first one of said one or more proofs comprises (a) an assumption involving a variable, and (b) a constraint on said variable, and wherein said one or more components further comprise:
    - a constraint solver that generates a value for said variable that satisfies said constraint.
  - 18. The system of claim 14, further comprising:
    - said abduction engine, which derives an assumption from said query and said policy, wherein said assumption, if asserted, would cause said query to evaluate to true under said policy.
  - 19. The system of claim 14, wherein said executable components compare said one or more proofs with said meta-policy, wherein said meta-policy defines a condition that is to apply to each proof of said query, wherein said executable components determine, based on said comparison, whether each of said one or more proofs complies with said condition, and wherein said result comprises an indication of whether there is a proof that does not comply with said condition.
  - 20. The system of claim 14, wherein said executable components compare said one or more proofs with said meta-policy, wherein said meta-policy defines a condition that is not to exist in any proof of said query, wherein said executable components determine, based on said comparison, whether any of said one or more proofs has said condition, and wherein said result comprises an indication of whether there is a proof that meets said condition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hogg, Jason, Dillaway, Blair B., Becker, Moritz Y., Fee, Gregory D., Mackay, Jason F., Leen, John M.

Granted Patent

US 8,839,344 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/552 involving long-term monitor...

ACCESS POLICY ANALYSIS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS POLICY ANALYSIS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links