Security Policy Analysis Using Deductive Spreadsheets
As security policies get larger and more complex, analysis tools that help users understand and validate security policies are becoming more important. This paper explores the use of deductive spreadsheets for security policy analysis. Deductive spreadsheets combine the power of deductive rules (for specifying policies and analyses) with the usability of spreadsheets. This approach is introduced with a simple example of analyzing information flow allowed by RBAC policies and then applied in two case studies: analysis of computer system configurations and analysis of Security-Enhanced Linux access control policies.