{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T10:43:07Z","timestamp":1770288187699,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":20,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,11,8]],"date-time":"2020-11-08T00:00:00Z","timestamp":1604793600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,11,8]]},"DOI":"10.1145\/3368089.3409728","type":"proceedings-article","created":{"date-parts":[[2020,12,11]],"date-time":"2020-12-11T00:37:56Z","timestamp":1607647076000},"page":"281-291","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":22,"title":["Block public access: trust safety verification of access control policies"],"prefix":"10.1145","author":[{"given":"Malik","family":"Bouchet","sequence":"first","affiliation":[{"name":"Amazon, USA"}]},{"given":"Byron","family":"Cook","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Bryant","family":"Cutler","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Anna","family":"Druzkina","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Andrew","family":"Gacek","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Liana","family":"Hadarean","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Ranjit","family":"Jhala","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Brad","family":"Marshall","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Dan","family":"Peebles","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Neha","family":"Rungta","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Cole","family":"Schlesinger","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Chriss","family":"Stephens","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Carsten","family":"Varming","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]},{"given":"Andy","family":"Warfield","sequence":"additional","affiliation":[{"name":"Amazon, USA"}]}],"member":"320","published-online":{"date-parts":[[2020,11,8]]},"reference":[{"key":"e_1_3_2_2_1_1","first-page":"1","article-title":"Semantic-based Automated Reasoning for AWS Access Policies using SMT. In 2018 Formal Methods in Computer Aided Design (FMCAD)","author":"Backes John","year":"2018","unstructured":"John Backes , Pauline Bolignano , Byron Cook , Catherine Dodge , Andrew Gacek , Kasper Luckow , Neha Rungta , Oksana Tkachuk , and Carsten Varming . 2018 . Semantic-based Automated Reasoning for AWS Access Policies using SMT. In 2018 Formal Methods in Computer Aided Design (FMCAD) . IEEE , 1 - 9 . John Backes, Pauline Bolignano, Byron Cook, Catherine Dodge, Andrew Gacek, Kasper Luckow, Neha Rungta, Oksana Tkachuk, and Carsten Varming. 2018. Semantic-based Automated Reasoning for AWS Access Policies using SMT. In 2018 Formal Methods in Computer Aided Design (FMCAD). IEEE, 1-9.","journal-title":"IEEE"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/2032305.2032319"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2004.1310738"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501979"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.23919\/FMCAD.2017.8102241"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"crossref","unstructured":"Leonardo de Moura and Nikolaj Bj\u00f8rner. 2008. Z3: An eficient SMT solver. Tools and Algorithms for the Construction and Analysis of Systems ( 2008 ) 337-340.  Leonardo de Moura and Nikolaj Bj\u00f8rner. 2008. Z3: An eficient SMT solver. Tools and Algorithms for the Construction and Analysis of Systems ( 2008 ) 337-340.","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004365"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/11814771_51"},{"key":"e_1_3_2_2_9_1","volume-title":"Software Engineering, 2005. ICSE 2005. Proceedings. 27th International Conference on. IEEE, 196-205","author":"Fisler Kathi","year":"2005","unstructured":"Kathi Fisler , Shriram Krishnamurthi , Leo A Meyerovich , and Michael Carl Tschantz . 2005 . Verification and change-impact analysis of access-control policies . In Software Engineering, 2005. ICSE 2005. Proceedings. 27th International Conference on. IEEE, 196-205 . Kathi Fisler, Shriram Krishnamurthi, Leo A Meyerovich, and Michael Carl Tschantz. 2005. Verification and change-impact analysis of access-control policies. In Software Engineering, 2005. ICSE 2005. Proceedings. 27th International Conference on. IEEE, 196-205."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30144-8_19"},{"key":"e_1_3_2_2_11_1","article-title":"Automated verification of access control policies using a SAT solver","volume":"10","author":"Hughes Graham","year":"2008","unstructured":"Graham Hughes and Tevfik Bultan . 2008 . Automated verification of access control policies using a SAT solver . International Journal on Software Tools for Technology Transfer (STTT) 10 , 6 ( 2008 ), 503-520. Graham Hughes and Tevfik Bultan. 2008. Automated verification of access control policies using a SAT solver. International Journal on Software Tools for Technology Transfer (STTT) 10, 6 ( 2008 ), 503-520.","journal-title":"International Journal on Software Tools for Technology Transfer (STTT)"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924291"},{"key":"e_1_3_2_2_14_1","volume-title":"Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003x2. WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on. IEEE, 190-195","author":"Kolaczek Grzegorz","year":"2003","unstructured":"Grzegorz Kolaczek . 2003 . Specification and verification of constraints in role based access control . In Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003x2. WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on. IEEE, 190-195 . Grzegorz Kolaczek. 2003. Specification and verification of constraints in role based access control. In Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003x2. WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on. IEEE, 190-195."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/605434.605438"},{"key":"e_1_3_2_2_16_1","volume-title":"Padl","author":"Li Ninghui","unstructured":"Ninghui Li and John C Mitchell . 2003. Datalog with constraints: A foundation for trust management languages . In Padl , Vol. 3 . Springer , 58-73. Ninghui Li and John C Mitchell. 2003. Datalog with constraints: A foundation for trust management languages. In Padl, Vol. 3. Springer, 58-73."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2837614.2837641"},{"key":"e_1_3_2_2_18_1","first-page":"1","volume-title":"Proceedings of the 24th International Conference on Large Installation System Administration (LISA'10)","author":"Nelson Timothy","year":"2010","unstructured":"Timothy Nelson , Christopher Barratt , Daniel J. Dougherty , Kathi Fisler , and Shriram Krishnamurthi . 2010 . The Margrave Tool for Firewall Analysis . In Proceedings of the 24th International Conference on Large Installation System Administration (LISA'10) . USENIX Association, USA , 1 - 8 . Timothy Nelson, Christopher Barratt, Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi. 2010. The Margrave Tool for Firewall Analysis. In Proceedings of the 24th International Conference on Large Installation System Administration (LISA'10). USENIX Association, USA, 1-8."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63390-9_24"},{"key":"e_1_3_2_2_20_1","unstructured":"u\/DoersOf TheWord. 2016. https:\/\/www.reddit.com\/r\/aws\/comments\/3recc9\/ this_iam_policy_did_not_do_what_i_thought\/  u\/DoersOf TheWord. 2016. https:\/\/www.reddit.com\/r\/aws\/comments\/3recc9\/ this_iam_policy_did_not_do_what_i_thought\/"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.16"}],"event":{"name":"ESEC\/FSE '20: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","location":"Virtual Event USA","acronym":"ESEC\/FSE '20","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3368089.3409728","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3368089.3409728","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:44:40Z","timestamp":1750203880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3368089.3409728"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,8]]},"references-count":20,"alternative-id":["10.1145\/3368089.3409728","10.1145\/3368089"],"URL":"https:\/\/doi.org\/10.1145\/3368089.3409728","relation":{},"subject":[],"published":{"date-parts":[[2020,11,8]]},"assertion":[{"value":"2020-11-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}