To formally and precisely capture the security properties that access control should adhere to, AC models are usually written, bridging the rather wide gap in abstraction between policy and mechanism: users see an access control model as an unambiguous and precise expression of requirements; vendors and system developers see access control models as design and implementation requirements. Thus, techniques are required for verifying whether an AC models are correctly expressed in the AC policies and whether the properties are satisfied in the model. In practice, the same access control policies may express multiple different access control models or express a single model in addition to extra access control constraints outside of the model. Ensuring the conformance of access control models and policies is a non-trivial and critical task. However, the correct specification of access control policies is a very challenging problem. This problem becomes increasingly severe as a system becomes more and more complex, and is deployed to manage a large amount of sensitive or private information and resources.
ACPT allows users to specify access control (AC) models and rules or their combinations, as well as the expected properties through GUI. ACPT then performs logic check to verify if the specified properties conform to the specified models/rules. If not, non-conformance messages are returned to the user, otherwise, ACPT proceeds to generate test cases, which are ready for property verification testing of the AC application implemented according to the models/rules. ACPT is a reference implementation of the NIST's research project: "Verification of Generic Access Control Model" with more extended capabilities. The following figure shows the architect of the ACPT.
ACPT is directly applicable to those types of access control policies whose profiles are already provided, such as (core and hierarchical) Role Based Access Control (RBAC), Chinese Wall, Multi-level, hierarchical-resource-based policies, web service policies, SAML, WS-Security policy, and privacy policies as well as other rule-based access control policies. For example, a firewall policy is a type of rule-based policies, being used to examine every incoming or outgoing packet and decide whether to permit or deny it. The results of the project will not only deeper our understanding of verifying access control policies against models/rules and their properties, but also provide a practical set of techniques and prototypes to support systematic conformance verification of access control policies.
In regard to cyber security, privacy, and information sharing, access control is one of the crucial elements in protecting the nation's critical IT infrastructures for healthcare, transportation, financial, power grids, military, intelligence, and safety systems, etc. It is essential to have measurement technology such as ACPT for access control policy administrators and authors to ensure the safety and flexibility in composing their access control policies. Thus, the developing of ACPT meets the mission of Computer Security Division according to the Federal Information Security Management Act of 2002 (FISMA). NIST should develop this system, because so far, there is no project or research similar to the ACPT. And NIST has significant experience and has great success in developing and transferring access control technologies. This is reflected by performing research and development in this area for over 18 years.