{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T10:46:34Z","timestamp":1776336394837,"version":"3.51.2"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032227515","type":"print"},{"value":"9783032227522","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T00:00:00Z","timestamp":1776297600000},"content-version":"vor","delay-in-days":105,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-22752-2_6","type":"book-chapter","created":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T21:52:14Z","timestamp":1776289934000},"page":"110-129","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Automatically Tightening Access Control Policies with Restricter"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6315-9068","authenticated-orcid":false,"given":"Ka Lok","family":"Wu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5434-5018","authenticated-orcid":false,"given":"Christa","family":"Jenkins","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8824-6835","authenticated-orcid":false,"given":"Scott D.","family":"Stoller","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1356-6279","authenticated-orcid":false,"given":"Omar","family":"Chowdhury","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,4,16]]},"reference":[{"key":"6_CR1","unstructured":"Google Classroom. https:\/\/edu.google.com\/intl\/ALL_us\/workspace-for-education\/products\/classroom\/, accessed: 2025-05-08"},{"key":"6_CR2","unstructured":"HotCRP. https:\/\/hotcrp.com\/, accessed: 2025-05-08"},{"key":"6_CR3","doi-asserted-by":"crossref","unstructured":"Abate, A., Barbosa, H., Barrett, C., David, C., Kesseli, P., Kroening, D., Polgreen, E., Reynolds, A., Tinelli, C.: Synthesising programs with non-trivial constants. Journal of automated reasoning 67(2), 19 (2023)","DOI":"10.1007\/s10817-023-09664-4"},{"key":"6_CR4","doi-asserted-by":"crossref","unstructured":"Abate, A., David, C., Kesseli, P., Kroening, D., Polgreen, E.: Counterexample guided inductive synthesis modulo theories. In: Chockler, H., Weissenbacher, G. (eds.) Computer Aided Verification. pp. 270\u2013288. Springer International Publishing, Cham (2018)","DOI":"10.1007\/978-3-319-96145-3_15"},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Alur, R., Bodik, R., Juniwal, G., Martin, M.M., Raghothaman, M., Seshia, S.A., Singh, R., Solar-Lezama, A., Torlak, E., Udupa, A.: Syntax-guided synthesis. IEEE (2013)","DOI":"10.1109\/FMCAD.2013.6679385"},{"key":"6_CR6","doi-asserted-by":"publisher","unstructured":"Alur, R., Singh, R., Fisman, D., Solar-Lezama, A.: Search-based program synthesis. Communications of the ACM 61(12), 84\u201393 (Nov 2018). https:\/\/doi.org\/10.1145\/3208071, https:\/\/doi.org\/10.1145\/3208071","DOI":"10.1145\/3208071"},{"key":"6_CR7","unstructured":"Amazon Web Services, Inc.: Cedar Language. https:\/\/www.cedarpolicy.com\/en (2025), Accessed: Jan 2025"},{"key":"6_CR8","doi-asserted-by":"publisher","unstructured":"Barbosa, H., Barrett, C.W., Brain, M., Kremer, G., Lachnitt, H., Mann, M., Mohamed, A., Mohamed, M., Niemetz, A., N\u00f6tzli, A., Ozdemir, A., Preiner, M., Reynolds, A., Sheng, Y., Tinelli, C., Zohar, Y.: cvc5: A versatile and industrial-strength SMT solver. In: Fisman, D., Rosu, G. (eds.) Tools and Algorithms for the Construction and Analysis of Systems - 28th International Conference, TACAS 2022, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022, Munich, Germany, April 2-7, 2022, Proceedings, Part I. Lecture Notes in Computer Science, vol. 13243, pp. 415\u2013442. Springer (2022). https:\/\/doi.org\/10.1007\/978-3-030-99524-9_24, https:\/\/doi.org\/10.1007\/978-3-030-99524-9_24","DOI":"10.1007\/978-3-030-99524-9_24"},{"key":"6_CR9","doi-asserted-by":"publisher","unstructured":"Barrett, C.W., de\u00a0Moura, L.M., Ranise, S., Stump, A., Tinelli, C.: The SMT-LIB initiative and the rise of SMT - (HVC 2010 award talk). In: Barner, S., Harris, I.G., Kroening, D., Raz, O. (eds.) Hardware and Software: Verification and Testing - 6th International Haifa Verification Conference, HVC 2010, Haifa, Israel, October 4-7, 2010. Revised Selected Papers. Lecture Notes in Computer Science, vol.\u00a06504, p.\u00a03. Springer (2010). https:\/\/doi.org\/10.1007\/978-3-642-19583-9_2, https:\/\/doi.org\/10.1007\/978-3-642-19583-9_2","DOI":"10.1007\/978-3-642-19583-9_2"},{"key":"6_CR10","doi-asserted-by":"publisher","unstructured":"Barrett, C.W., Sebastiani, R., Seshia, S.A., Tinelli, C.: Satisfiability modulo theories. In: Biere, A., Heule, M., van Maaren, H., Walsh, T. (eds.) Handbook of Satisfiability - Second Edition, Frontiers in Artificial Intelligence and Applications, vol.\u00a0336, pp. 1267\u20131329. IOS Press (2021). https:\/\/doi.org\/10.3233\/FAIA201017, https:\/\/doi.org\/10.3233\/FAIA201017","DOI":"10.3233\/FAIA201017"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Bui, T., Stoller, S.D., Li, J.: Mining relationship-based access control policies. In: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies. pp. 239\u2013246 (2017)","DOI":"10.1145\/3078861.3078878"},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"Bui, T., Stoller, S.D., Li, J.: Greedy and evolutionary algorithms for mining relationship-based access control policies. Computers & Security 80, 317\u2013333 (jan 2019)","DOI":"10.1016\/j.cose.2018.09.011"},{"key":"6_CR13","unstructured":"Casbin Organization: Casbin. https:\/\/casbin.org\/ (2025), Accessed: Jul 2025"},{"key":"6_CR14","doi-asserted-by":"crossref","unstructured":"Chen, H., Li, N., Enck, W., Aafer, Y., Zhang, X.: Analysis of SEAndroid Policies: Combining MAC and DAC in Android. In: Proceedings of the 33rd Annual Computer Security Applications Conference. pp. 553\u2013565 (2017)","DOI":"10.1145\/3134600.3134638"},{"key":"6_CR15","unstructured":"Cloud Native Computing Foundation: Open Policy Agent. https:\/\/www.openpolicyagent.org\/ (2025), Accessed: Jul 2025"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Cotrini, C., Corinzia, L., Weghorn, T., Basin, D.: The next 700 policy miners: A universal method for building policy miners. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. pp. 95\u2013112 (2019)","DOI":"10.1145\/3319535.3354196"},{"key":"6_CR17","doi-asserted-by":"crossref","unstructured":"Cotrini, C., Weghorn, T., Basin, D.: Mining ABAC rules from sparse logs. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P). pp. 31\u201346. IEEE (2018)","DOI":"10.1109\/EuroSP.2018.00011"},{"key":"6_CR18","doi-asserted-by":"publisher","unstructured":"Cutler, J.W., Disselkoen, C., Eline, A., He, S., Headley, K., Hicks, M., Hietala, K., Ioannidis, E., Kastner, J., Mamat, A., McAdams, D., McCutchen, M., Rungta, N., Torlak, E., Wells, A.M.: Cedar: A new language for expressive, fast, safe, and analyzable authorization. Proc. ACM Program. Lang. 8(OOPSLA1) (apr 2024). https:\/\/doi.org\/10.1145\/3649835, https:\/\/doi.org\/10.1145\/3649835","DOI":"10.1145\/3649835"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"D\u2019Antoni, L., Ding, S., Goel, A., Ramesh, M., Rungta, N., Sung, C.: Automatically Reducing Privilege for Access Control Policies. Proceedings of the ACM on Programming Languages 8(OOPSLA2), 763\u2013790 (2024)","DOI":"10.1145\/3689738"},{"key":"6_CR20","doi-asserted-by":"crossref","unstructured":"Eiers, W., Sankaran, G., Bultan, T.: Quantitative policy repair for access control on the cloud. In: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. pp. 564\u2013575 (2023)","DOI":"10.1145\/3597926.3598078"},{"key":"6_CR21","doi-asserted-by":"publisher","unstructured":"Gautam, M., Jha, S., Sural, S., Vaidya, J., Atluri, V.: Poster: Constrained policy mining in attribute based access control. In: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies. p. 121\u2013123. SACMAT \u201917 Abstracts, Association for Computing Machinery, New York, NY, USA (2017). https:\/\/doi.org\/10.1145\/3078861.3084163, https:\/\/doi.org\/10.1145\/3078861.3084163","DOI":"10.1145\/3078861.3084163"},{"key":"6_CR22","doi-asserted-by":"publisher","unstructured":"Hu, V.C., Ferraiolo, D., Kuhn, R., Friedman, A.R., Lang, A.J., Cogdell, M.M., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K., et\u00a0al.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations (Aug 2019). https:\/\/doi.org\/10.6028\/NIST.SP.800-162","DOI":"10.6028\/NIST.SP.800-162"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Jha, S., Gulwani, S., Seshia, S.A., Tiwari, A.: Oracle-guided component-based program synthesis. In: Proceedings of the 32nd ACM\/IEEE International Conference on Software Engineering-Volume 1. pp. 215\u2013224 (2010)","DOI":"10.1145\/1806799.1806833"},{"key":"6_CR24","doi-asserted-by":"crossref","unstructured":"Mitani, S., Kwon, J., Ghate, N., Singh, T., Ueda, H., Perrig, A.: Qualitative intention-aware attribute-based access control policy refinement. In: Proceedings of the 28th ACM Symposium on Access Control Models and Technologies. pp. 201\u2013208 (2023)","DOI":"10.1145\/3589608.3593841"},{"key":"6_CR25","unstructured":"MITRE: CWE Top 25 Most Dangerous Software Weaknesses. https:\/\/cwe.mitre.org\/top25\/archive\/2024\/2024_cwe_top25.html (2024)"},{"key":"6_CR26","unstructured":"Mocanu, D., Turkmen, F., Liotta, A.: Towards ABAC policy mining from logs with deep learning. In: The 18th International Multiconference, IS2015, Intelligent Systems, Ljubljana, Slovenia. (2015)"},{"key":"6_CR27","unstructured":"OWASP: Top 10 web application security risks. https:\/\/owasp.org\/Top10\/ (2021)"},{"key":"6_CR28","doi-asserted-by":"publisher","unstructured":"Reynolds, A., Barbosa, H., N\u00f6tzli, A., Barrett, C.W., Tinelli, C.: cvc4sy: Smart and fast term enumeration for syntax-guided synthesis. In: Dillig, I., Tasiran, S. (eds.) Computer Aided Verification - 31st International Conference, CAV 2019, New York City, NY, USA, July 15-18, 2019, Proceedings, Part II. Lecture Notes in Computer Science, vol. 11562, pp. 74\u201383. Springer (2019). https:\/\/doi.org\/10.1007\/978-3-030-25543-5_5, https:\/\/doi.org\/10.1007\/978-3-030-25543-5_5","DOI":"10.1007\/978-3-030-25543-5_5"},{"key":"6_CR29","unstructured":"Standard, O.: eXtensible Access Control Markup Language (XACML) Version 3.0. A:(22 January 2013). URl: http:\/\/docs.oasis-open org\/xacml\/3.0\/xacml-3.0-core-spec-os-en. html (2013)"},{"key":"6_CR30","doi-asserted-by":"crossref","unstructured":"Talukdar, T., Batra, G., Vaidya, J., Atluri, V., Sural, S.: Efficient bottom-up mining of attribute based access control policies. In: 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC). pp. 339\u2013348. IEEE (2017)","DOI":"10.1109\/CIC.2017.00051"},{"key":"6_CR31","unstructured":"The SMT-Lib Initiative: SMT-Lib The Satisfiability Modulo Theories Library. https:\/\/smt-lib.org (2025), Accessed: Jan 2025"},{"key":"6_CR32","doi-asserted-by":"crossref","unstructured":"Wu, K.L., Jenkins, C., Stoller, S.D., Chowdhury, O.: Automatically tightening access control policies with restricter (2026), https:\/\/arxiv.org\/abs\/2601.14582","DOI":"10.1007\/978-3-032-22752-2_6"},{"key":"6_CR33","doi-asserted-by":"publisher","unstructured":"Xu, Z., Stoller, S.D.: Mining attribute-based access control policies. IEEE Transactions on Dependable and Secure Computing (2014). https:\/\/doi.org\/10.1109\/TDSC.2014.2369048, http:\/\/dx.doi.org\/10.1109\/TDSC.2014.2369048","DOI":"10.1109\/TDSC.2014.2369048"},{"key":"6_CR34","doi-asserted-by":"crossref","unstructured":"Xu, Z., Stoller, S.D.: Mining attribute-based access control policies from logs. In: Proceedings of the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2014). Lecture Notes in Computer Science, vol.\u00a08566, pp. 276\u2013291. Springer (2014)","DOI":"10.1007\/978-3-662-43936-4_18"}],"container-title":["Lecture Notes in Computer Science","Tools and Algorithms for the Construction and Analysis of Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-22752-2_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T23:07:32Z","timestamp":1776294452000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-22752-2_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032227515","9783032227522"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-22752-2_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"16 April 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"TACAS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Tools and Algorithms for the Construction and Analysis of Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Turin","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2026","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 April 2026","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 April 2026","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"32","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"tacas2026","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/etaps.org\/about\/tacas\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}