Etd

Margrave: An Improved Analyzer for Access-Control and Configuration Policies

Public

Downloadable Content

open in viewer

As our society grows more dependent on digital systems, policies that regulate access to electronic resources are becoming more common. However, such policies are notoriously difficult to configure properly, even for trained professionals. An incorrectly written access-control policy can result in inconvenience, financial damage, or even physical danger. The difficulty is more pronounced when multiple types of policy interact with each other, such as in routers on a network. This thesis presents a policy-analysis tool called Margrave. Given a query about a set of policies, Margrave returns a complete collection of scenarios that satisfy the query. Since the query language allows multiple policies to be compared, Margrave can be used to obtain an exhaustive list of the consequences of a seemingly innocent policy change. This feature gives policy authors the benefits of formal analysis without requiring that they state any formal properties about their policies. Our query language is equivalent to order-sorted first-order logic (OSL). Therefore our scenario-finding approach is, in general, only complete up to a user-provided bound on scenario size. To mitigate this limitation, we identify a class of OSL that we call Order-Sorted Effectively Propositional Logic (OS-EPL). We give a linear-time algorithm for testing membership in OS-EPL. Sentences in this class have the Finite Model Property, and thus Margrave's results on such queries are complete without user intervention.

Creator
Contributors
Degree
Unit
Publisher
Language
  • English
Identifier
  • etd-041310-122145
Keyword
Advisor
Defense date
Year
  • 2010
Date created
  • 2010-04-13
Resource type
Rights statement
Last modified
  • 2020-11-23

Relations

In Collection:

Items

Items

Permanent link to this page: https://digital.wpi.edu/show/c247ds17w