Data Management

SPAN: A Unified Framework and Toolkit for Querying Heterogeneous Access Policies

Free registration required

Executive Summary

Incorrect policy configurations are a major cause of security failures in large-scale systems. Policy analyzers and testing tools can help with this, but often the tools are specific to one type of policy (e.g., firewalls). In contrast, the most insidious security problems often require understanding the interactions of policies across systems (e.g., firewalls, SSH, file systems, etc.). Currently, much of this analysis must be done manually. In this paper, the authors propose a common framework called SPAN (Security Policy ANalyzer) to help analyze policies from heterogeneous systems.

  • Format: PDF
  • Size: 236.6 KB