Access policy analysis

US 8,839,344 B2
Filed: 01/28/2008
Issued: 09/16/2014
Est. Priority Date: 01/28/2008
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable storage memories comprising executable instructions to perform a method of analyzing an access policy, the method comprising:

abducing a set that comprises an assumption from information that comprises;

(a) an access query that evaluates to true or false depending on whether access to a resource is granted, and (b) one or more rules that govern access to said resource;

comparing said set with a plurality of tokens stored in a token store;

identifying a first one of said plurality of tokens based on a first finding that said first one of said plurality of tokens does not satisfy said set but has a similarity to said set;

comparing said set with a meta-policy, said meta-policy being separate from said access policy, said meta-policy specifying that said access policy is not allowed to permit access to any principal who is not a member of a first group, said meta-policy also specifying a set of proofs that are sought to meet a goal, said meta-policy also specifying a set of unwanted proofs that are not allowed under said access policy, said meta-policy further specifying a set of conditions that are to be un-satisfiable under said access policy;

determining whether said set contains any assumptions that correspond to tokens that, when presented to a guard of said resource, would allow a principal who is not a member of said first group to access said resource; and

providing, to a person, a result that is based on said first one of said plurality of tokens.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Software tools assist an access-policy analyst or creator to debug and/or author access policies. An access request contains a query that evaluates to either true or false depending on whether access is to be allowed. Abduction may be used to generate assumptions that, if true, would cause the access request to be true. The tool may perform analysis on the generated assumptions, such as: comparing the assumptions with tokens to detect errors in the tokens or to suggest changes to the tokens that would cause the query to be satisfied, or comparing the assumptions to a meta-policy. The tool may allow an analysis, policy author, or other person to interactively walk through assumptions in order to see the implications of the access policy.

40 Citations

View as Search Results

20 Claims

1. One or more computer-readable storage memories comprising executable instructions to perform a method of analyzing an access policy, the method comprising:
- abducing a set that comprises an assumption from information that comprises;
  
  (a) an access query that evaluates to true or false depending on whether access to a resource is granted, and (b) one or more rules that govern access to said resource;
  
  comparing said set with a plurality of tokens stored in a token store;
  
  identifying a first one of said plurality of tokens based on a first finding that said first one of said plurality of tokens does not satisfy said set but has a similarity to said set;
  
  comparing said set with a meta-policy, said meta-policy being separate from said access policy, said meta-policy specifying that said access policy is not allowed to permit access to any principal who is not a member of a first group, said meta-policy also specifying a set of proofs that are sought to meet a goal, said meta-policy also specifying a set of unwanted proofs that are not allowed under said access policy, said meta-policy further specifying a set of conditions that are to be un-satisfiable under said access policy;
  
  determining whether said set contains any assumptions that correspond to tokens that, when presented to a guard of said resource, would allow a principal who is not a member of said first group to access said resource; and
  
  providing, to a person, a result that is based on said first one of said plurality of tokens.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The one or more computer-readable storage memories of claim 1, wherein said providing further comprises:
    - communicating, to said person, a second finding that said first one of said plurality of tokens contains an error.
  - 3. The one or more computer-readable storage memories of claim 1, wherein said providing further comprises:
    - communicating, to said person, a suggested change to said first one of said plurality of tokens that would cause said token to satisfy said set.
  - 4. The one or more computer-readable storage memories of claim 1, wherein said identifying finds said similarity by determining that said token and said set have a verb in common, or that constants appearing in said token and said set differ from each other by less than a specified amount.
  - 5. The one or more computer-readable storage memories of claim 1, wherein said set further comprises a variable that appears in said assumption and a constraint on said variable, and wherein the method further comprises:
    - generating a value for said variable that satisfies said constraint.
  - 6. The one or more computer-readable storage memories of claim 1, wherein the method further comprises:
    - receiving an assertion from said person;
      
      providing said assertion, said access query, and said one or more rules to an abduction component that performs said abducing,wherein the assumption in said set, in combination with said assertion, would cause said access query to evaluate to true.
  - 7. The one or more computer-readable storage memories of claim 1, wherein said access query has failed, and wherein the method further comprises:
    - receiving, from said person, a request to debug said access query.

8. A method of facilitating analysis of an access policy, the method comprising:
- using a processor to perform acts comprising;
  
  receiving a meta-policy that describes a first condition that is to be satisfied by the access policy that governs access to a resource, said meta-policy being separate from said access policy, said meta-policy specifying that said access policy is not allowed to permit access to any principal who is not a member of a first group, said meta-policy also specifying a set of proofs that are sought to meet a goal, said meta-policy also specifying a set of unwanted proofs that are not allowed under said access policy, said meta-policy further specifying a set of conditions that are to be un-satisfiable under said access policy;
  
  abducing one or more proofs of a query that evaluates to true or false depending on whether access to said resource is to be granted or denied, said abducing being based on information comprising;
  
  (a) said query, (b) the access policy;
  
  comparing said one or more proofs to said meta-policy to determine whether any of said one or more proofs allow a principal who is not a member of said first group to access said resource; and
  
  providing a result indicating whether said access policy satisfies said meta-policy.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the meta-policy defines a second condition that is not to exist in any proof that satisfies said query, said acts further comprising:
    - determining, based on said comparing, whether any of said one or more proofs meets said condition.
  - 10. The method of claim 8, wherein the meta-policy defines an aspect of a proof that causes said query to evaluate to true, said acts further comprising:
    - determining, based on said comparing, whether a proof that meets said aspect is among said one or more proofs.
  - 11. The method of claim 8, wherein the meta-policy defines a condition that is to exist in a proof that satisfies said query, said acts further comprising:
    - determining, based on said comparing, whether any of said one or more proofs meets said condition.
  - 12. The method of claim 8, said acts further comprising:
    - determining that said query has been presented to a guard of said resource and has failed to produce access; and
      
      after said query has failed to produce access, receiving, from a person, a request to debug said query.
  - 13. The method of claim 8, said acts further comprising:
    - displaying, to a person, proofs to said query in response to requests from said person.

14. A system comprising:
- one or more data remembrance components;
  
  one or more processors; and
  
  one or more executable components that are stored in at least one of said one or more data remembrance components and that execute on at least one of said one or more processors, wherein the executable components receive a query and a policy, either abduce one or more proofs of said query under which said query is true under said policy or that obtain said one or more proofs from an abduction engine, perform a comparison of said one or more proofs with a meta-policy and with one or more tokens in a token store, and provide a result based on said comparison, said meta-policy being separate from said policy, said meta-policy specifying that said policy is not allowed to permit access to any principal who is not a member of a first group, said meta-policy also specifying a set of proofs that are sought to meet a goal, said meta-policy also specifying a set of unwanted proofs that are not allowed under said policy, said meta-policy further specifying a set of conditions that are to be un-satisfiable under said access policy, the comparison between said one or more proofs and said meta-policy determining whether any of said one or more proofs allow any principal who is not a member of said first group to access said resource.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein said executable components compare said one or more proofs with said one or more tokens, determine based on said comparison, that at least one of said one or more tokens contains an error, and wherein said result comprises an indication of said error.
  - 16. The system of claim 14, wherein said executable components identify a change that, if made to said one or more tokens, would cause said token to satisfy at least a part of one of said one or more proofs, and wherein said result comprises and indication of said token and said change.
  - 17. The system of claim 14, wherein a first one of said one or more proofs comprises (a) an assumption involving a variable, and (b) a constraint on said variable, and wherein said one or more components further comprise:
    - a constraint solver that generates a value for said variable that satisfies said constraint.
  - 18. The system of claim 14, further comprising:
    - said abduction engine, which derives an assumption from said query and said policy, wherein said assumption, if asserted, would cause said query to evaluate to true under said policy.
  - 19. The system of claim 14, wherein said meta-policy defines a condition that is to apply to each proof of said query, wherein said executable components determine, based on said comparison, whether each of said one or more proofs complies with said condition, and wherein said result comprises an indication of whether there is a proof that does not comply with said condition.
  - 20. The system of claim 14, wherein said meta-policy defines a condition that is not to exist in any proof of said query, wherein said executable components determine, based on said comparison, whether any of said one or more proofs has said condition, and wherein said result comprises an indication of whether there is a proof that meets said condition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Becker, Moritz Y., Dillaway, Blair B., Fee, Gregory D., Mackay, Jason F., Hogg, Jason, Leen, John M.
Primary Examiner(s)
KIM, TAE K

Application Number

US12/021,299
Publication Number

US 20090193493A1
Time in Patent Office

2,423 Days
Field of Search

713/151, 713/201, 726 1- 7, 707/9, 707/781, 707783-785
US Class Current

726/1
CPC Class Codes

G06F 21/552 involving long-term monitor...

Access policy analysis

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Access policy analysis

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others