A graph-based framework for the analysis of access control policies

We design a graph-based framework for the analysis of access control policies that aims at easing the specification and verification tasks for security administrators. We consider policies in the category-based access control model, which has been shown to subsume many of the most well known access control models (e.g., MAC, DAC, RBAC). Using a graphical representation of category-based policies, we show how answers to usual administrator queries can be automatically computed, and properties of access control policies checked. We show applications in the context of emergency situations, where our framework can be used to analyse the interaction between access control and emergency management.