Access Control Policy Tool (ACPT)Ensure the safety and flexibility in composing access control policies

Current features:

• Allows policy authors to conveniently specify mandatory access control models (such as RBAC and Multi-Level models) and rules as well as properties. (include combination of policies) through model templates.

• From the specified models and rules, the tool tests and verifies the policies against the specified properties, and reports to the policy authors on the detected problems in the policies to prevent leaving security holes in the policies before deployment. (by black-box model checking method)

• Generate efficient test suite (by applying NIST’s combinatorial testing technology) for testing of access control implementation.

Access Control Policy Tool (ACPT)

Property verification

GUI

Test suite generation Combinatorial array generator

Model checker

AC model templates:

RBAC,

Multi-Level,

RuBAC,

ABAC

XACML policy

.xsd schema

Test suite

Policy Decision Point (PDP)

Access Control Policy Tool (ACPT)Future developments:

• Policy (or rule) priority configuration for combining different models or rules (e.g. combinations of global and local policies).

• White-box model/properties verification to verify the coverage and confinement of access control rules.

• Generate XACML policies derived from the verified access control model or rules.

• More access control policy templates including dynamic and historical access control models.

Tool for Information Sharing

• Access control policy Independent.

• Not tied to access control management architecture. (work for local and central access control management

• Access Control model generation, and optional XACML policy generation.

• No communication and authentication frameworks.

• Test suite can be applied to any access control implementation.