{"id":"https://openalex.org/W4384154579","doi":"https://doi.org/10.1145/3597926.3598078","title":"Quantitative Policy Repair for Access Control on the Cloud","display_name":"Quantitative Policy Repair for Access Control on the Cloud","publication_year":2023,"publication_date":"2023-07-12","ids":{"openalex":"https://openalex.org/W4384154579","doi":"https://doi.org/10.1145/3597926.3598078"},"language":"en","primary_location":{"id":"doi:10.1145/3597926.3598078","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3597926.3598078","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3597926.3598078","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3597926.3598078","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5088950037","display_name":"William Eiers","orcid":"https://orcid.org/0009-0007-0235-2332"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"William Eiers","raw_affiliation_strings":["University of California at Santa Barbara, USA"],"affiliations":[{"raw_affiliation_string":"University of California at Santa Barbara, USA","institution_ids":["https://openalex.org/I154570441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027254929","display_name":"Ganesh Sankaran","orcid":"https://orcid.org/0009-0002-4777-5615"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ganesh Sankaran","raw_affiliation_strings":["University of California at Santa Barbara, USA"],"affiliations":[{"raw_affiliation_string":"University of California at Santa Barbara, USA","institution_ids":["https://openalex.org/I154570441"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5039991493","display_name":"Tevfik Bultan","orcid":"https://orcid.org/0000-0003-2993-1215"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tevfik Bultan","raw_affiliation_strings":["University of California at Santa Barbara, USA"],"affiliations":[{"raw_affiliation_string":"University of California at Santa Barbara, USA","institution_ids":["https://openalex.org/I154570441"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5088950037"],"corresponding_institution_ids":["https://openalex.org/I154570441"],"apc_list":null,"apc_paid":null,"fwci":3.5263,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.92975121,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"564","last_page":"575"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.7080063819885254},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6895726919174194},{"id":"https://openalex.org/keywords/permissiveness","display_name":"Permissiveness","score":0.6544820666313171},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.6269426941871643},{"id":"https://openalex.org/keywords/outsourcing","display_name":"Outsourcing","score":0.6228258609771729},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5270628929138184},{"id":"https://openalex.org/keywords/private-information-retrieval","display_name":"Private information retrieval","score":0.5206612348556519},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.49270036816596985},{"id":"https://openalex.org/keywords/privacy-policy","display_name":"Privacy policy","score":0.4685222804546356},{"id":"https://openalex.org/keywords/policy-analysis","display_name":"Policy analysis","score":0.4168427884578705},{"id":"https://openalex.org/keywords/information-privacy","display_name":"Information privacy","score":0.39808374643325806},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.35445883870124817},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.13950574398040771},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.0938292145729065}],"concepts":[{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.7080063819885254},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6895726919174194},{"id":"https://openalex.org/C2777890099","wikidata":"https://www.wikidata.org/wiki/Q7169345","display_name":"Permissiveness","level":4,"score":0.6544820666313171},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.6269426941871643},{"id":"https://openalex.org/C46934059","wikidata":"https://www.wikidata.org/wiki/Q61515","display_name":"Outsourcing","level":2,"score":0.6228258609771729},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5270628929138184},{"id":"https://openalex.org/C99221444","wikidata":"https://www.wikidata.org/wiki/Q1532069","display_name":"Private information retrieval","level":2,"score":0.5206612348556519},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.49270036816596985},{"id":"https://openalex.org/C102938260","wikidata":"https://www.wikidata.org/wiki/Q1999831","display_name":"Privacy policy","level":3,"score":0.4685222804546356},{"id":"https://openalex.org/C123587114","wikidata":"https://www.wikidata.org/wiki/Q2101508","display_name":"Policy analysis","level":2,"score":0.4168427884578705},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.39808374643325806},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.35445883870124817},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.13950574398040771},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0938292145729065},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C81885089","wikidata":"https://www.wikidata.org/wiki/Q189082","display_name":"Cell culture","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C54355233","wikidata":"https://www.wikidata.org/wiki/Q7162","display_name":"Genetics","level":1,"score":0.0},{"id":"https://openalex.org/C140704245","wikidata":"https://www.wikidata.org/wiki/Q3933202","display_name":"Viral replication","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3597926.3598078","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3597926.3598078","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3597926.3598078","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3597926.3598078","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3597926.3598078","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3597926.3598078","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.4300000071525574,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G1541630818","display_name":null,"funder_award_id":"N66001-22-2-4037","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G2014798942","display_name":null,"funder_award_id":"2008660","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3850684886","display_name":null,"funder_award_id":"1901098","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G417020745","display_name":null,"funder_award_id":"CCF-1901098","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4242646364","display_name":"SHF: Small: Differential Policy Verification and Repair for Access Control in the Cloud","funder_award_id":"1817242","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4294274658","display_name":null,"funder_award_id":"CCF-2008660","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5921281487","display_name":null,"funder_award_id":"number","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G644533968","display_name":null,"funder_award_id":"CCF-2008660,CCF-1901098,CCF-1817242","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6900814874","display_name":null,"funder_award_id":"F-1817","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4384154579.pdf","grobid_xml":"https://content.openalex.org/works/W4384154579.grobid-xml"},"referenced_works_count":17,"referenced_works":["https://openalex.org/W1023119160","https://openalex.org/W1599739130","https://openalex.org/W1997199359","https://openalex.org/W2012419258","https://openalex.org/W2037833625","https://openalex.org/W2064070192","https://openalex.org/W2120255160","https://openalex.org/W2123582298","https://openalex.org/W2154061425","https://openalex.org/W2164950969","https://openalex.org/W2486590439","https://openalex.org/W2799728809","https://openalex.org/W2899008271","https://openalex.org/W2908957302","https://openalex.org/W3108419307","https://openalex.org/W4237375826","https://openalex.org/W4284675888"],"related_works":["https://openalex.org/W1772345770","https://openalex.org/W2118604821","https://openalex.org/W2738520458","https://openalex.org/W2064569166","https://openalex.org/W28453658","https://openalex.org/W1996283340","https://openalex.org/W2316216618","https://openalex.org/W2967262925","https://openalex.org/W2091503425","https://openalex.org/W1992089677"],"abstract_inverted_index":{"With":[0],"the":[1,14,23,74,77,109,118,124,134],"growing":[2],"prevalence":[3],"of":[4,25,44,76,100,127,136],"cloud":[5,15,48],"computing,":[6],"providing":[7],"secure":[8],"access":[9,26,34,78],"to":[10,22,35,67,145],"information":[11],"stored":[12],"in":[13,47,65,148],"has":[16],"become":[17],"a":[18,41,56,92,94,98],"critical":[19],"problem.":[20],"Due":[21],"complexity":[24],"control":[27,79],"policies,":[28],"administrators":[29],"may":[30],"inadvertently":[31],"allow":[32],"unintended":[33],"private":[36],"information,":[37],"and":[38,84,97,114,152],"this":[39,52],"is":[40,121],"common":[42],"source":[43],"data":[45],"breaches":[46],"based":[49],"services.":[50],"In":[51],"paper,":[53],"we":[54,106],"present":[55],"quantitative":[57],"symbolic":[58],"analysis":[59],"approach":[60],"for":[61],"automated":[62,138],"policy":[63,110,139,156],"repair":[64,108,140],"order":[66],"fix":[68],"overly":[69],"permissive":[70],"policies.":[71],"We":[72,132],"encode":[73],"semantics":[75],"policies":[80,146],"using":[81,88],"SMT":[82],"formulas":[83],"assess":[85],"their":[86],"permissiveness":[87,95,112,119],"model":[89],"counting.":[90],"Given":[91],"policy,":[93],"bound,":[96],"set":[99,126],"requests":[101,128],"that":[102,117],"should":[103],"be":[104],"allowed,":[105],"iteratively":[107],"through":[111],"reduction":[113],"refinement,":[115],"so":[116],"bound":[120],"reached":[122],"while":[123],"given":[125],"are":[129],"still":[130],"allowed.":[131],"demonstrate":[133],"effectiveness":[135],"our":[137],"technique":[141],"by":[142],"applying":[143],"it":[144],"written":[147],"Amazon's":[149],"AWS":[150],"Identity":[151],"Access":[153],"Management":[154],"(IAM)":[155],"language.":[157]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":2}],"updated_date":"2026-03-18T14:38:29.013473","created_date":"2025-10-10T00:00:00"}