Quacky: Quantitative Access Control Permissiveness Analyzer

William Eiers; Ganesh Sankaran; Albert Li; Emily O'Mahony; Benjamin Prince; Tevfik Bultan

doi:10.1145/3551349.3559530

Quacky: Quantitative Access Control Permissiveness Analyzer

William Eiers, Ganesh Sankaran, Albert Li, Emily O'Mahony, Benjamin Prince, Tevfik Bultan

Department of Computer Science

University of California at Santa Barbara

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Quacky is a tool for quantifying permissiveness of access control policies in the cloud. Given a policy, Quacky translates it into a SMT formula and uses a model counting constraint solver to quantify permissiveness. When given multiple policies, Quacky not only determines which policy is more permissive, but also quantifies the relative permissiveness between the policies. With Quacky, policy authors can automatically analyze complex policies, helping them ensure that there is no unintended access to private data. Quacky supports access control policies written in the Amazon Web Services (AWS) Identity and Access Management (IAM), Microsoft Azure, and Google Cloud Platform (GCP) policy languages. It has command-line and web interfaces. It is open-source and available at https://github.com/vlab-cs-ucsb/quacky. Video URL: https://youtu.be/YsiGOI-SCtg.

Original language	English
Title of host publication	37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022
Editors	Mario Aehnelt, Thomas Kirste
ISBN (Electronic)	9781450396240
DOIs	https://doi.org/10.1145/3551349.3559530
State	Published - 19 Sep 2022
Event	37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022 - Rochester, United States Duration: 10 Oct 2022 → 14 Oct 2022

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022
Country/Territory	United States
City	Rochester
Period	10/10/22 → 14/10/22

Access to Document

10.1145/3551349.3559530

Cite this

@inproceedings{fa70d5817af64573a93bdebddf8b370e,

title = "Quacky: Quantitative Access Control Permissiveness Analyzer",

abstract = "Quacky is a tool for quantifying permissiveness of access control policies in the cloud. Given a policy, Quacky translates it into a SMT formula and uses a model counting constraint solver to quantify permissiveness. When given multiple policies, Quacky not only determines which policy is more permissive, but also quantifies the relative permissiveness between the policies. With Quacky, policy authors can automatically analyze complex policies, helping them ensure that there is no unintended access to private data. Quacky supports access control policies written in the Amazon Web Services (AWS) Identity and Access Management (IAM), Microsoft Azure, and Google Cloud Platform (GCP) policy languages. It has command-line and web interfaces. It is open-source and available at https://github.com/vlab-cs-ucsb/quacky. Video URL: https://youtu.be/YsiGOI-SCtg.",

author = "William Eiers and Ganesh Sankaran and Albert Li and Emily O'Mahony and Benjamin Prince and Tevfik Bultan",

note = "Publisher Copyright: {\textcopyright} 2022 Owner/Author.; 37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022 ; Conference date: 10-10-2022 Through 14-10-2022",

year = "2022",

month = sep,

day = "19",

doi = "10.1145/3551349.3559530",

language = "English",

series = "ACM International Conference Proceeding Series",

editor = "Mario Aehnelt and Thomas Kirste",

booktitle = "37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022",

}

Eiers, W, Sankaran, G, Li, A, O'Mahony, E, Prince, B & Bultan, T 2022, Quacky: Quantitative Access Control Permissiveness Analyzer. in M Aehnelt & T Kirste (eds), 37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022., 163, ACM International Conference Proceeding Series, 37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022, Rochester, United States, 10/10/22. https://doi.org/10.1145/3551349.3559530

Quacky: Quantitative Access Control Permissiveness Analyzer. / Eiers, William; Sankaran, Ganesh; Li, Albert et al.
37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022. ed. / Mario Aehnelt; Thomas Kirste. 2022. 163 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Quacky

T2 - 37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022

AU - Eiers, William

AU - Sankaran, Ganesh

AU - Li, Albert

AU - O'Mahony, Emily

AU - Prince, Benjamin

AU - Bultan, Tevfik

PY - 2022/9/19

Y1 - 2022/9/19

N2 - Quacky is a tool for quantifying permissiveness of access control policies in the cloud. Given a policy, Quacky translates it into a SMT formula and uses a model counting constraint solver to quantify permissiveness. When given multiple policies, Quacky not only determines which policy is more permissive, but also quantifies the relative permissiveness between the policies. With Quacky, policy authors can automatically analyze complex policies, helping them ensure that there is no unintended access to private data. Quacky supports access control policies written in the Amazon Web Services (AWS) Identity and Access Management (IAM), Microsoft Azure, and Google Cloud Platform (GCP) policy languages. It has command-line and web interfaces. It is open-source and available at https://github.com/vlab-cs-ucsb/quacky. Video URL: https://youtu.be/YsiGOI-SCtg.

AB - Quacky is a tool for quantifying permissiveness of access control policies in the cloud. Given a policy, Quacky translates it into a SMT formula and uses a model counting constraint solver to quantify permissiveness. When given multiple policies, Quacky not only determines which policy is more permissive, but also quantifies the relative permissiveness between the policies. With Quacky, policy authors can automatically analyze complex policies, helping them ensure that there is no unintended access to private data. Quacky supports access control policies written in the Amazon Web Services (AWS) Identity and Access Management (IAM), Microsoft Azure, and Google Cloud Platform (GCP) policy languages. It has command-line and web interfaces. It is open-source and available at https://github.com/vlab-cs-ucsb/quacky. Video URL: https://youtu.be/YsiGOI-SCtg.

UR - http://www.scopus.com/inward/record.url?scp=85146918626&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85146918626&partnerID=8YFLogxK

U2 - 10.1145/3551349.3559530

DO - 10.1145/3551349.3559530

M3 - Conference contribution

AN - SCOPUS:85146918626

T3 - ACM International Conference Proceeding Series

BT - 37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022

A2 - Aehnelt, Mario

A2 - Kirste, Thomas

Y2 - 10 October 2022 through 14 October 2022

ER -

Quacky: Quantitative Access Control Permissiveness Analyzer

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this