A White-Box Policy Analysis and its Efficient Implementation

In policy composition frameworks, such as XACML, com-posite policies can be formed by the application of policy composition algorithms (PCAs), which combine authoriza-tion decisions of component policies. Understanding the be-haviour of composite policies is a non-trivial endeavour, but instrumental in the engineering of correct access control poli-cies. Existing policy analyses take a black-box approach, in which the global behaviour of the composite policy is as-sessed. A black-box approach is useful for detecting the presence of erroneous behaviour, but not particularly useful for locating the source of the error. In this work, we propose a white-box policy analysis, known as Decision in Context (DIC), that assesses the behaviour of component policies situated in a composite policy. We show that the DIC query can be applied to facilitate policy change impact analysis, break-glass reduction analysis, dead policy identification, as well as the pruning of redundant subpoli-cies. For generality, the DIC query is defined in an XACML-style policy composition framework that is agnostic of the underlying access control model. The DIC query is imple-mented via a reduction to either propositional satisfiability (SAT) or pseudo boolean satisfiability (PBS) instances, after which standard solvers can be invoked to complete the eval-uation. Empirical analyses have been conducted to compare the relative efficiency of the SAT and PBS encodings. The latter is found to be a more effective encoding, especially for composite policies containing majority-voting PCAs