Access policy analysis
First Claim
1. One or more computer-readable storage memories comprising executable instructions to perform a method of analyzing an access policy, the method comprising:
- abducing a set that comprises an assumption from information that comprises;
(a) an access query that evaluates to true or false depending on whether access to a resource is granted, and (b) one or more rules that govern access to said resource;
comparing said set with a plurality of tokens stored in a token store;
identifying a first one of said plurality of tokens based on a first finding that said first one of said plurality of tokens does not satisfy said set but has a similarity to said set;
comparing said set with a meta-policy, said meta-policy being separate from said access policy, said meta-policy specifying that said access policy is not allowed to permit access to any principal who is not a member of a first group, said meta-policy also specifying a set of proofs that are sought to meet a goal, said meta-policy also specifying a set of unwanted proofs that are not allowed under said access policy, said meta-policy further specifying a set of conditions that are to be un-satisfiable under said access policy;
determining whether said set contains any assumptions that correspond to tokens that, when presented to a guard of said resource, would allow a principal who is not a member of said first group to access said resource; and
providing, to a person, a result that is based on said first one of said plurality of tokens.
2 Assignments
0 Petitions
Accused Products
Abstract
Software tools assist an access-policy analyst or creator to debug and/or author access policies. An access request contains a query that evaluates to either true or false depending on whether access is to be allowed. Abduction may be used to generate assumptions that, if true, would cause the access request to be true. The tool may perform analysis on the generated assumptions, such as: comparing the assumptions with tokens to detect errors in the tokens or to suggest changes to the tokens that would cause the query to be satisfied, or comparing the assumptions to a meta-policy. The tool may allow an analysis, policy author, or other person to interactively walk through assumptions in order to see the implications of the access policy.
40 Citations
20 Claims
-
1. One or more computer-readable storage memories comprising executable instructions to perform a method of analyzing an access policy, the method comprising:
-
abducing a set that comprises an assumption from information that comprises;
(a) an access query that evaluates to true or false depending on whether access to a resource is granted, and (b) one or more rules that govern access to said resource;comparing said set with a plurality of tokens stored in a token store; identifying a first one of said plurality of tokens based on a first finding that said first one of said plurality of tokens does not satisfy said set but has a similarity to said set; comparing said set with a meta-policy, said meta-policy being separate from said access policy, said meta-policy specifying that said access policy is not allowed to permit access to any principal who is not a member of a first group, said meta-policy also specifying a set of proofs that are sought to meet a goal, said meta-policy also specifying a set of unwanted proofs that are not allowed under said access policy, said meta-policy further specifying a set of conditions that are to be un-satisfiable under said access policy; determining whether said set contains any assumptions that correspond to tokens that, when presented to a guard of said resource, would allow a principal who is not a member of said first group to access said resource; and providing, to a person, a result that is based on said first one of said plurality of tokens. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of facilitating analysis of an access policy, the method comprising:
using a processor to perform acts comprising; receiving a meta-policy that describes a first condition that is to be satisfied by the access policy that governs access to a resource, said meta-policy being separate from said access policy, said meta-policy specifying that said access policy is not allowed to permit access to any principal who is not a member of a first group, said meta-policy also specifying a set of proofs that are sought to meet a goal, said meta-policy also specifying a set of unwanted proofs that are not allowed under said access policy, said meta-policy further specifying a set of conditions that are to be un-satisfiable under said access policy; abducing one or more proofs of a query that evaluates to true or false depending on whether access to said resource is to be granted or denied, said abducing being based on information comprising;
(a) said query, (b) the access policy;comparing said one or more proofs to said meta-policy to determine whether any of said one or more proofs allow a principal who is not a member of said first group to access said resource; and providing a result indicating whether said access policy satisfies said meta-policy. - View Dependent Claims (9, 10, 11, 12, 13)
-
14. A system comprising:
-
one or more data remembrance components; one or more processors; and one or more executable components that are stored in at least one of said one or more data remembrance components and that execute on at least one of said one or more processors, wherein the executable components receive a query and a policy, either abduce one or more proofs of said query under which said query is true under said policy or that obtain said one or more proofs from an abduction engine, perform a comparison of said one or more proofs with a meta-policy and with one or more tokens in a token store, and provide a result based on said comparison, said meta-policy being separate from said policy, said meta-policy specifying that said policy is not allowed to permit access to any principal who is not a member of a first group, said meta-policy also specifying a set of proofs that are sought to meet a goal, said meta-policy also specifying a set of unwanted proofs that are not allowed under said policy, said meta-policy further specifying a set of conditions that are to be un-satisfiable under said access policy, the comparison between said one or more proofs and said meta-policy determining whether any of said one or more proofs allow any principal who is not a member of said first group to access said resource. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification