{"id":"https://openalex.org/W1998568597","doi":"https://doi.org/10.1145/2046707.2046727","title":"Automatic error finding in access-control policies","display_name":"Automatic error finding in access-control policies","publication_year":2011,"publication_date":"2011-10-17","ids":{"openalex":"https://openalex.org/W1998568597","doi":"https://doi.org/10.1145/2046707.2046727","mag":"1998568597"},"language":"en","primary_location":{"id":"doi:10.1145/2046707.2046727","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2046707.2046727","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM conference on Computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://hdl.handle.net/1721.1/54730","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016178612","display_name":"Karthick Jayaraman","orcid":"https://orcid.org/0009-0005-9502-9360"},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Karthick Jayaraman","raw_affiliation_strings":["Microsoft, Redmond, WA, USA","Microsoft Redmond, WA, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"Microsoft, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]},{"raw_affiliation_string":"Microsoft Redmond, WA, USA#TAB#","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052292970","display_name":"Vijay Ganesh","orcid":"https://orcid.org/0000-0002-6029-2047"},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]},{"id":"https://openalex.org/I4210110987","display_name":"IIT@MIT","ror":"https://ror.org/01wp8zh54","country_code":"US","type":"facility","lineage":["https://openalex.org/I30771326","https://openalex.org/I4210110987"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Vijay Ganesh","raw_affiliation_strings":["MIT, Boston, MA, USA","MIT, Boston, MA, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"MIT, Boston, MA, USA","institution_ids":["https://openalex.org/I4210110987"]},{"raw_affiliation_string":"MIT, Boston, MA, USA#TAB#","institution_ids":["https://openalex.org/I63966007"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081788400","display_name":"Mahesh Tripunitara","orcid":"https://orcid.org/0000-0002-3615-9393"},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mahesh Tripunitara","raw_affiliation_strings":["University of Waterloo, Waterloo, ON, Canada"],"affiliations":[{"raw_affiliation_string":"University of Waterloo, Waterloo, ON, Canada","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045127387","display_name":"Martin Rinard","orcid":"https://orcid.org/0000-0001-8095-8523"},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]},{"id":"https://openalex.org/I4210110987","display_name":"IIT@MIT","ror":"https://ror.org/01wp8zh54","country_code":"US","type":"facility","lineage":["https://openalex.org/I30771326","https://openalex.org/I4210110987"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Martin Rinard","raw_affiliation_strings":["MIT, Boston, MA, USA","MIT, Boston, MA, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"MIT, Boston, MA, USA","institution_ids":["https://openalex.org/I4210110987"]},{"raw_affiliation_string":"MIT, Boston, MA, USA#TAB#","institution_ids":["https://openalex.org/I63966007"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013358324","display_name":"Steve J. Chapin","orcid":null},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Steve Chapin","raw_affiliation_strings":["Syracuse University, Syracuse, NY, USA"],"affiliations":[{"raw_affiliation_string":"Syracuse University, Syracuse, NY, USA","institution_ids":["https://openalex.org/I70983195"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5016178612"],"corresponding_institution_ids":["https://openalex.org/I1290206253"],"apc_list":null,"apc_paid":null,"fwci":26.0839,"has_fulltext":false,"cited_by_count":68,"citation_normalized_percentile":{"value":0.99409971,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"163","last_page":"174"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9614999890327454,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8611776828765869},{"id":"https://openalex.org/keywords/abstraction","display_name":"Abstraction","score":0.7196018695831299},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.7098178863525391},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.7093015909194946},{"id":"https://openalex.org/keywords/role-based-access-control","display_name":"Role-based access control","score":0.5815091729164124},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.5367143750190735},{"id":"https://openalex.org/keywords/mindset","display_name":"Mindset","score":0.5207967162132263},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.48184430599212646},{"id":"https://openalex.org/keywords/error-detection-and-correction","display_name":"Error detection and correction","score":0.45692041516304016},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4348863959312439},{"id":"https://openalex.org/keywords/variety","display_name":"Variety (cybernetics)","score":0.414591908454895},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.40274396538734436},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.2329006791114807},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2322048544883728},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.1897643804550171},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.11112993955612183}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8611776828765869},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.7196018695831299},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.7098178863525391},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.7093015909194946},{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.5815091729164124},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.5367143750190735},{"id":"https://openalex.org/C2778491294","wikidata":"https://www.wikidata.org/wiki/Q1339824","display_name":"Mindset","level":2,"score":0.5207967162132263},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.48184430599212646},{"id":"https://openalex.org/C103088060","wikidata":"https://www.wikidata.org/wiki/Q1062839","display_name":"Error detection and correction","level":2,"score":0.45692041516304016},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4348863959312439},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.414591908454895},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.40274396538734436},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.2329006791114807},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2322048544883728},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.1897643804550171},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.11112993955612183},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/2046707.2046727","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2046707.2046727","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM conference on Computer and communications security","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.207.9707","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.207.9707","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://people.csail.mit.edu/vganesh/Publications_files/vg2010-MIT-CSAIL-TR-2010-022.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.364.8897","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.364.8897","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://people.csail.mit.edu/vganesh/Publications_files/vg2011-MOHAWK-CCS.pdf","raw_type":"text"},{"id":"pmh:oai:dspace.mit.edu:1721.1/54730","is_oa":true,"landing_page_url":"http://hdl.handle.net/1721.1/54730","pdf_url":null,"source":{"id":"https://openalex.org/S4306400425","display_name":"DSpace@MIT (Massachusetts Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I63966007","host_organization_name":"Massachusetts Institute of Technology","host_organization_lineage":["https://openalex.org/I63966007"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null}],"best_oa_location":{"id":"pmh:oai:dspace.mit.edu:1721.1/54730","is_oa":true,"landing_page_url":"http://hdl.handle.net/1721.1/54730","pdf_url":null,"source":{"id":"https://openalex.org/S4306400425","display_name":"DSpace@MIT (Massachusetts Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I63966007","host_organization_name":"Massachusetts Institute of Technology","host_organization_lineage":["https://openalex.org/I63966007"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.47999998927116394}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":63,"referenced_works":["https://openalex.org/W157156687","https://openalex.org/W236281116","https://openalex.org/W1518747853","https://openalex.org/W1527224316","https://openalex.org/W1534716074","https://openalex.org/W1568804695","https://openalex.org/W1578723138","https://openalex.org/W1580113137","https://openalex.org/W1594783407","https://openalex.org/W1819209966","https://openalex.org/W1831889228","https://openalex.org/W1963754732","https://openalex.org/W1966982815","https://openalex.org/W1979579813","https://openalex.org/W1981111031","https://openalex.org/W1997862012","https://openalex.org/W2006841241","https://openalex.org/W2015653806","https://openalex.org/W2029472400","https://openalex.org/W2038696466","https://openalex.org/W2043144080","https://openalex.org/W2044968788","https://openalex.org/W2064070192","https://openalex.org/W2065076704","https://openalex.org/W2075263851","https://openalex.org/W2080154162","https://openalex.org/W2082000355","https://openalex.org/W2095881341","https://openalex.org/W2099742748","https://openalex.org/W2101191741","https://openalex.org/W2103317919","https://openalex.org/W2110076463","https://openalex.org/W2110640424","https://openalex.org/W2111753337","https://openalex.org/W2127574686","https://openalex.org/W2128361829","https://openalex.org/W2128985333","https://openalex.org/W2129340874","https://openalex.org/W2129487583","https://openalex.org/W2132897303","https://openalex.org/W2135481006","https://openalex.org/W2135584970","https://openalex.org/W2136543655","https://openalex.org/W2140890531","https://openalex.org/W2143492458","https://openalex.org/W2145793726","https://openalex.org/W2146356111","https://openalex.org/W2150060143","https://openalex.org/W2152053098","https://openalex.org/W2155891251","https://openalex.org/W2160795275","https://openalex.org/W2164673530","https://openalex.org/W2166602595","https://openalex.org/W2168496583","https://openalex.org/W2340735175","https://openalex.org/W2620826145","https://openalex.org/W2913459036","https://openalex.org/W3167011080","https://openalex.org/W4248500311","https://openalex.org/W6645545920","https://openalex.org/W6675844770","https://openalex.org/W6681994216","https://openalex.org/W6684644128"],"related_works":["https://openalex.org/W2372156812","https://openalex.org/W2374393728","https://openalex.org/W2386545329","https://openalex.org/W2148952798","https://openalex.org/W2382286253","https://openalex.org/W2356011375","https://openalex.org/W1795360416","https://openalex.org/W2392979115","https://openalex.org/W2105261429","https://openalex.org/W318167434"],"abstract_inverted_index":{"Verifying":[0],"that":[1,81,115,208],"access-control":[2,17,201],"systems":[3,18],"maintain":[4],"desired":[5],"security":[6,54],"properties":[7],"is":[8,30,57,74,143,152,161,171,217],"recognized":[9],"as":[10,191],"an":[11,106,144,153,162,200],"important":[12],"problem":[13],"in":[14,48,77,146,155,164,199],"security.":[15],"Enterprise":[16],"have":[19,195],"grown":[20],"to":[21,35,109,118,121,213],"protect":[22],"tens":[23],"of":[24,26,95,99,219],"thousands":[25],"resources,":[27],"and":[28,60,90,112,128,216],"there":[29,142,151,160],"a":[31,40,75,96,165,174],"need":[32],"for":[33,44,65,92],"verification":[34,123],"scale":[36],"commensurately.":[37],"We":[38,194,205],"present":[39],"new":[41],"abstraction-refinement":[42,107,183],"technique":[43,108,184,198],"automatically":[45],"finding":[46,83],"errors":[47],"Administrative":[49],"Role-Based":[50,66],"Access":[51,67],"Control":[52,68],"(ARBAC)":[53],"policies.":[55],"ARBAC":[56],"the":[58,93,122,147,156,180],"first":[59,110],"most":[61],"comprehensive":[62],"administrative":[63],"scheme":[64],"(RBAC)":[69],"systems.":[70],"Underlying":[71],"our":[72,102,197,209],"approach":[73],"change":[76],"mindset:":[78],"we":[79,104,178],"propose":[80],"error":[82,145,154,163],"complements":[84,185],"verification,":[85],"can":[86],"be":[87,119],"more":[88],"scalable,":[89],"allows":[91],"use":[94,105],"wider":[97],"variety":[98],"techniques.":[100],"In":[101],"approach,":[103],"identify":[111],"discard":[113],"roles":[114,133],"are":[116,139],"unlikely":[117],"relevant":[120],"question":[124],"(the":[125,135],"abstraction":[126],"step),":[127],"then":[129,150,177],"restore":[130],"such":[131,190],"abstracted":[132,148],"incrementally":[134],"refinement":[136],"steps).":[137],"Errors":[138],"one-sided:":[140],"if":[141],"policy,":[149],"original":[157],"policy.":[158],"If":[159],"policy":[166,202],"whose":[167],"role-dependency":[168],"graph":[169],"diameter":[170],"smaller":[172],"than":[173,222],"certain":[175],"bound,":[176],"find":[179],"error.":[181],"Our":[182],"conventional":[186],"state-space":[187],"exploration":[188],"techniques":[189],"model":[192],"checking.":[193],"implemented":[196],"analysis":[203],"tool.":[204],"show":[206],"empirically":[207],"tool":[210],"scales":[211],"well":[212],"realistic":[214],"policies,":[215],"orders":[218],"magnitude":[220],"faster":[221],"prior":[223],"tools.":[224]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":5},{"year":2015,"cited_by_count":9},{"year":2014,"cited_by_count":8},{"year":2013,"cited_by_count":16},{"year":2012,"cited_by_count":3}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}