{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T03:27:30Z","timestamp":1769743650622,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":64,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,5,21]],"date-time":"2022-05-21T00:00:00Z","timestamp":1653091200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CCF-2008660, CCF-1901098, CCF-1817242"],"award-info":[{"award-number":["CCF-2008660, CCF-1901098, CCF-1817242"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,21]]},"DOI":"10.1145\/3510003.3510233","type":"proceedings-article","created":{"date-parts":[[2022,7,5]],"date-time":"2022-07-05T22:42:59Z","timestamp":1657060979000},"page":"1805-1817","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Quantifying permissiveness of access control policies"],"prefix":"10.1145","author":[{"given":"William","family":"Eiers","sequence":"first","affiliation":[{"name":"University of California"}]},{"given":"Ganesh","family":"Sankaran","sequence":"additional","affiliation":[{"name":"University of California"}]},{"given":"Albert","family":"Li","sequence":"additional","affiliation":[{"name":"University of California"}]},{"given":"Emily","family":"O'Mahony","sequence":"additional","affiliation":[{"name":"University of California"}]},{"given":"Benjamin","family":"Prince","sequence":"additional","affiliation":[{"name":"University of California"}]},{"given":"Tevfik","family":"Bultan","sequence":"additional","affiliation":[{"name":"University of California"}]}],"member":"320","published-online":{"date-parts":[[2022,7,5]]},"reference":[{"key":"e_1_3_2_1_2_1","unstructured":"aleak [n.d.]. Another misconfigured Amazon S3 server leaks data of 50 000 Australians. https:\/\/www.scmagazineuk.com\/another-misconfigured-amazon\\-s3-server-leaks-data-of-50000-australians\/article\/705125\/."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610401"},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the 34th International Conference on Software Engineering (ICSE). 947--957","author":"Alkhalaf Muath","unstructured":"Muath Alkhalaf, Tevfik Bultan, and Jose L. Gallegos. 2012. Verifying Clientside Input Validation Functions Using String Analysis. In Proceedings of the 34th International Conference on Software Engineering (ICSE). 947--957."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336760"},{"key":"e_1_3_2_1_6_1","unstructured":"awssupportleak [n.d.]. AWSSupportServiceRolePolicy Informational Update. https:\/\/aws.amazon.com\/security\/security-bulletins\/AWS-2021-007\/."},{"key":"e_1_3_2_1_7_1","unstructured":"awssupportleakgh [n.d.]. Update detected. https:\/\/github.com\/z0ph\/MAMIP\/commit\/9d72709."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-21690-4_15"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236064"},{"key":"e_1_3_2_1_10_1","unstructured":"azureflaw [n.d.]. Microsoft Azure cloud vulnerability is the 'worst you can imagine'. https:\/\/www.theverge.com\/2021\/8\/27\/22644161\/microsoft-azure-database-vulnerabilty-chaosdb?fbclid=IwAR2nKV8uslH4EGDslnogYT4ulQRGz7NsD0xuIb3lgK2sP1-WG_O1tJbR-eE."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.23919\/FMCAD.2018.8602994"},{"key":"e_1_3_2_1_12_1","volume-title":"Automatic Discovery and Quantification of Information Leaks. In 30th IEEE Symposium on Security and Privacy (S&P 2009","author":"Backes Michael","year":"2009","unstructured":"Michael Backes, Boris K\u00f6pf, and Andrey Rybalchenko. 2009. Automatic Discovery and Quantification of Information Leaks. In 30th IEEE Symposium on Security and Privacy (S&P 2009), 17--20 May 2009, Oakland, California, USA. 141--153."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950362"},{"key":"e_1_3_2_1_14_1","volume-title":"Online Synthesis of Adaptive Side-Channel Attacks Based On Noisy Observations. In 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018","author":"Bang Lucas","year":"2018","unstructured":"Lucas Bang, Nicol\u00e1s Rosner, and Tevfik Bultan. 2018. Online Synthesis of Adaptive Side-Channel Attacks Based On Noisy Observations. In 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018, London, United Kingdom, April 24--26, 2018. 307--322."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866375"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046774"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970350"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786832"},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 9th International NASA Formal Methods Symposium. 131--138","author":"Borges Mateus","unstructured":"Mateus Borges, Quoc-Sang Phan, Antonio Filieri, and Corina S. Pasareanu. 2017. Model-Counting Approaches for Nonlinear Numerical Constraints. In Proceedings of the 9th International NASA Formal Methods Symposium. 131--138."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409728"},{"key":"e_1_3_2_1_21_1","volume-title":"Block Public Access: Trust Safety Verification of Access Control Policies. In ESEC\/SIGSOFT FSE 2020","author":"Bouchet Malik","year":"2020","unstructured":"Malik Bouchet, Byron Cook, Bryant Cutler, Anna Druzkina, Andrew Gacek, Liana Hadarean, Ranjit Jhala, Brad Marshall, Dan Peebles, Neha Rungta, Cole Schlesinger, Chriss Stephens, Carsten Varming, and Andy Warfield. 2020. Block Public Access: Trust Safety Verification of Access Control Policies. In ESEC\/SIGSOFT FSE 2020, Sacramento, California, United States of America, November 8--13, 2020."},{"key":"e_1_3_2_1_22_1","unstructured":"cancan 2015. ryanb\/cancan \u2022 GitHub. https:\/\/github.com\/ryanb\/cancan."},{"key":"e_1_3_2_1_23_1","unstructured":"Capital One Data Breach Analysis 2019. A Technical Analysis of the Capital One Hack. https:\/\/blog.cloudsploit.com\/a-technical-analysis-of-the-capital-one-hack-a9b43d7c8aea."},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the Twenty-Eighth AAAI Conference on Artificial Intelligence. 1722--1730","author":"Chakraborty Supratik","unstructured":"Supratik Chakraborty, Daniel J. Fremont, Kuldeep S. Meel, Sanjit A. Seshia, and Moshe Y. Vardi. 2014. Distribution-Aware Sampling and Weighted Model Counting for SAT. In Proceedings of the Twenty-Eighth AAAI Conference on Artificial Intelligence. 1722--1730."},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the Thirtieth AAAI Conference on Artificial Intelligence. 3218--3224","author":"Chakraborty Supratik","unstructured":"Supratik Chakraborty, Kuldeep S. Meel, Rakesh Mistry, and Moshe Y. Vardi. 2016. Approximate Probabilistic Inference via Word-Level Counting. In Proceedings of the Thirtieth AAAI Conference on Artificial Intelligence. 3218--3224."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866373"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_3_2_1_28_1","unstructured":"djleak [n.d.]. Cloud Leak: WSJ Parent Company Dow Jones Exposed Customer Data. https:\/\/www.upguard.com\/breaches\/cloud-leak-dow-jones."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/11814771_51"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979280"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486870"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1809842.1809847"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of the 27th International Conference on Software Engineering (ICSE 05)","author":"Fisler K.","unstructured":"K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz. 2005. Verification and Change-Impact Analysis of Access-Control Policies. In Proceedings of the 27th International Conference on Software Engineering (ICSE 05). 196--205."},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 27th International Conference on Software Engineering. St","author":"Fisler K.","unstructured":"K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz. 2005. Verification and Change-Impact Analysis of Access-Control Policies. In Proceedings of the 27th International Conference on Software Engineering. St. Louis, Missouri, 196--205."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336773"},{"key":"e_1_3_2_1_36_1","volume-title":"Levitt","author":"Heckman Mark","year":"1998","unstructured":"Mark Heckman and Karl N. Levitt. 1998. Applying the Composition Principle to Verify a Hierarchy of Security Servers. In HICSS (3). 338--347. http:\/\/citeseer.nj.nec.com\/134822.html"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273463.1273471"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","unstructured":"Graham Hughes and Tevfik Bultan. 2008. Automated Verification of Access Control Policies Using a SAT Solver. 18 pages. 10.1007\/s10009-008-0087-9","DOI":"10.1007\/s10009-008-0087-9"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10009-008-0087-9"},{"key":"e_1_3_2_1_40_1","unstructured":"iam [n.d.]. AWS IAM Policy Language. http:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/access_policies.html."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/383891.383894"},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE Press","author":"Jajodia S.","unstructured":"S. Jajodia, P. Samarati, and V. S. Subrahmanian. 1997. A logical language for expressing authorizations. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE Press, Oakland, CA, USA, 31--42. http:\/\/citeseer.nj.nec.com\/jajodia97logical.html"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/253260.253364"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31424-7_54"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491452"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1882362.1882405"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jsc.2003.04.003"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594331"},{"key":"e_1_3_2_1_49_1","unstructured":"Microsoft Inc. [n.d.]. Z3 SMT Solver. https:\/\/github.com\/Z3Prover\/z3."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2642937.2643012"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.5555\/1924976.1924980"},{"key":"e_1_3_2_1_52_1","unstructured":"Paige Thompson Indictment 2019. United States of America vs Paige A. Thompson. https:\/\/www.justice.gov\/usao-wdwa\/press-release\/file\/1188626\/download."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1016\/bs.adcom.2018.03.015"},{"key":"e_1_3_2_1_55_1","volume-title":"Synthesis of Adaptive Side-Channel Attacks. In 30th IEEE Computer Security Foundations Symposium, CSF 2017","author":"Phan Quoc-Sang","year":"2017","unstructured":"Quoc-Sang Phan, Lucas Bang, Corina S. Pasareanu, Pasquale Malacaria, and Tevfik Bultan. 2017. Synthesis of Adaptive Side-Channel Attacks. In 30th IEEE Computer Security Foundations Symposium, CSF 2017, Santa Barbara, CA, USA, August 21--25, 2017. 328--342."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2632362.2632367"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382756.2382791"},{"key":"e_1_3_2_1_58_1","unstructured":"pundit 2016. GitHub - elabs\/pundit: Minimal authorization throught OO design and pure Ruby classes. https:\/\/github.com\/elabs\/pundit."},{"key":"e_1_3_2_1_59_1","first-page":"137","article-title":"Foundations of Security Analysis and Design. Springer Verlag","volume":"3","author":"Samarati Pierangela","year":"2001","unstructured":"Pierangela Samarati and Sabrina De Capitani di Vimercati. 2001. Foundations of Security Analysis and Design. Springer Verlag, Chapter 3, 137--196.","journal-title":"Chapter"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/234313.234412"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/35.312842"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/507711.507714"},{"key":"e_1_3_2_1_63_1","unstructured":"verizonleak [n.d.]. 14 MEEELLION Verizon subscribers' details leak from crappily configured AWS S3 data store. https:\/\/www.theregister.co.uk\/2017\/07\/12\/14m_verizon_customers_details_out\/."},{"key":"e_1_3_2_1_64_1","unstructured":"XACML 2003. eXtensible Access Control Markup Language (XACML) Version 1.0. OASIS Standard. http:\/\/www.oasis-open.org\/committees\/tc_home.php?wg_abbrev=xacml http:\/\/www.oasis-open.org\/committees\/tc_home.php?wg_abbrev=xacml."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3381991.3395599"},{"key":"e_1_3_2_1_66_1","volume-title":"Proceedings of the eighth ACM symposium on Access Control Models and Technologies.","author":"Zao John","year":"2003","unstructured":"John Zao, Hoetech Wee, Jonathan Chu, and Daniel Jackson. 2003. RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis. In Proceedings of the eighth ACM symposium on Access Control Models and Technologies."}],"event":{"name":"ICSE '22: 44th International Conference on Software Engineering","location":"Pittsburgh Pennsylvania","acronym":"ICSE '22","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"]},"container-title":["Proceedings of the 44th International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3510233","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3510003.3510233","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3510003.3510233","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:12:24Z","timestamp":1750191144000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3510233"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5,21]]},"references-count":64,"alternative-id":["10.1145\/3510003.3510233","10.1145\/3510003"],"URL":"https:\/\/doi.org\/10.1145\/3510003.3510233","relation":{},"subject":[],"published":{"date-parts":[[2022,5,21]]},"assertion":[{"value":"2022-07-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}