{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T07:16:56Z","timestamp":1761808616783,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":29,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,12]],"date-time":"2023-07-12T00:00:00Z","timestamp":1689120000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CCF-2008660,CCF-1901098,CCF-1817242"],"award-info":[{"award-number":["CCF-2008660,CCF-1901098,CCF-1817242"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"DARPA","award":["N66001-22-2-4037"],"award-info":[{"award-number":["N66001-22-2-4037"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,12]]},"DOI":"10.1145\/3597926.3598078","type":"proceedings-article","created":{"date-parts":[[2023,7,13]],"date-time":"2023-07-13T20:12:53Z","timestamp":1689279173000},"page":"564-575","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Quantitative Policy Repair for Access Control on the Cloud"],"prefix":"10.1145","author":[{"given":"William","family":"Eiers","sequence":"first","affiliation":[{"name":"University of California at Santa Barbara, USA"}]},{"given":"Ganesh","family":"Sankaran","sequence":"additional","affiliation":[{"name":"University of California at Santa Barbara, USA"}]},{"given":"Tevfik","family":"Bultan","sequence":"additional","affiliation":[{"name":"University of California at Santa Barbara, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,7,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Jose L. Abad-Peiro Herv\u00e9 Debar Thomas Schweinberger and Peter Trommler. 1999. PLAS \u2014 Policy Language for Authorizations. IBM Research Division. http:\/\/citeseer.nj.nec.com\/abad-peiro99plas.html \t\t\t\t  Jose L. Abad-Peiro Herv\u00e9 Debar Thomas Schweinberger and Peter Trommler. 1999. PLAS \u2014 Policy Language for Authorizations. IBM Research Division. http:\/\/citeseer.nj.nec.com\/abad-peiro99plas.html"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-21690-4_15"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236064"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.23919\/FMCAD.2018.8602994"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409728"},{"key":"e_1_3_2_1_6_1","volume-title":"Qlose: Program Repair with Quantitative Objectives","author":"D\u2019Antoni Loris","year":"2016","unstructured":"Loris D\u2019Antoni , Roopsha Samanta , and Rishabh Singh . 2016 . Qlose: Program Repair with Quantitative Objectives . In Computer Aided Verification, Swarat Chaudhuri and Azadeh Farzan (Eds.). Springer International Publishing , Cham . 383\u2013401. isbn:978-3-319-41540-6 Loris D\u2019Antoni, Roopsha Samanta, and Rishabh Singh. 2016. Qlose: Program Repair with Quantitative Objectives. In Computer Aided Verification, Swarat Chaudhuri and Azadeh Farzan (Eds.). Springer International Publishing, Cham. 383\u2013401. isbn:978-3-319-41540-6"},{"key":"e_1_3_2_1_7_1","unstructured":"[n.d.]. Cloud Leak: WSJ Parent Company Dow Jones Exposed Customer Data. https:\/\/www.upguard.com\/breaches\/cloud-leak-dow-jones \t\t\t\t  [n.d.]. Cloud Leak: WSJ Parent Company Dow Jones Exposed Customer Data. https:\/\/www.upguard.com\/breaches\/cloud-leak-dow-jones"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/11814771_51"},{"key":"e_1_3_2_1_9_1","volume-title":"Quacky: Quantitative Access Control Permissiveness Analyzer. In ASE Tool Paper.","author":"Eiers William","year":"2022","unstructured":"William Eiers , Ganesh Sankaran , Albert Li , Emily O\u2019Mahony , Benjamin Prince , and Tevfik Bultan . 2022 . Quacky: Quantitative Access Control Permissiveness Analyzer. In ASE Tool Paper. William Eiers, Ganesh Sankaran, Albert Li, Emily O\u2019Mahony, Benjamin Prince, and Tevfik Bultan. 2022. Quacky: Quantitative Access Control Permissiveness Analyzer. In ASE Tool Paper."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510233"},{"volume-title":"Proceedings of the 27th International Conference on Software Engineering. St","author":"Fisler K.","key":"e_1_3_2_1_11_1","unstructured":"K. Fisler , S. Krishnamurthi , L. A. Meyerovich , and M. C. Tschantz . 2005. Verification and Change-Impact Analysis of Access-Control Policies . In Proceedings of the 27th International Conference on Software Engineering. St . Louis, Missouri. 196\u2013205. K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz. 2005. Verification and Change-Impact Analysis of Access-Control Policies. In Proceedings of the 27th International Conference on Software Engineering. St. Louis, Missouri. 196\u2013205."},{"key":"e_1_3_2_1_12_1","unstructured":"J.E. Hopcroft and J.D. Ullman. 1979. Introduction to Automata Theory Languages and Computation. Addison Wesley. \t\t\t\t  J.E. Hopcroft and J.D. Ullman. 1979. Introduction to Automata Theory Languages and Computation. Addison Wesley."},{"key":"e_1_3_2_1_13_1","volume-title":"Proc. Workshop on Web Quality, Verification and Validation (WQVV). 378\u2013392","author":"Hughes Graham","year":"2007","unstructured":"Graham Hughes and Tevfik Bultan . 2007 . Automated Verification of XACML Policies Using a SAT Solver . In Proc. Workshop on Web Quality, Verification and Validation (WQVV). 378\u2013392 . Graham Hughes and Tevfik Bultan. 2007. Automated Verification of XACML Policies Using a SAT Solver. In Proc. Workshop on Web Quality, Verification and Validation (WQVV). 378\u2013392."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10009-008-0087-9"},{"key":"e_1_3_2_1_15_1","unstructured":"2022. IAM JSON policy reference.  https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/reference_policies.html \t\t\t\t  2022. IAM JSON policy reference.  https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/reference_policies.html"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/383891.383894"},{"volume-title":"Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE Press","author":"Jajodia S.","key":"e_1_3_2_1_17_1","unstructured":"S. Jajodia , P. Samarati , and V. S. Subrahmanian . 1997. A logical language for expressing authorizations . In Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE Press , Oakland, CA, USA. 31\u201342. http:\/\/citeseer.nj.nec.com\/jajodia97logical.html S. Jajodia, P. Samarati, and V. S. Subrahmanian. 1997. A logical language for expressing authorizations. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE Press, Oakland, CA, USA. 31\u201342. http:\/\/citeseer.nj.nec.com\/jajodia97logical.html"},{"volume-title":"SIGMOD\u201997.","author":"Jajodia Sushil","key":"e_1_3_2_1_18_1","unstructured":"Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , and Eliza Bertino . 1997. A unified framework for enforcing multiple access control policies . In SIGMOD\u201997. Tucson, AZ . 474\u2013485. http:\/\/citeseer.nj.nec.com\/jajodia97unified.html Sushil Jajodia, Pierangela Samarati, V. S. Subrahmanian, and Eliza Bertino. 1997. A unified framework for enforcing multiple access control policies. In SIGMOD\u201997. Tucson, AZ. 474\u2013485. http:\/\/citeseer.nj.nec.com\/jajodia97unified.html"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/WF-IoT.2018.8355139"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.36"},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the 24th International Conference on Large Installation System Administration (LISA\u201910)","author":"Nelson Timothy","year":"2010","unstructured":"Timothy Nelson , Christopher Barratt , Daniel J. Dougherty , Kathi Fisler , and Shriram Krishnamurthi . 2010 . The Margrave Tool for Firewall Analysis . In Proceedings of the 24th International Conference on Large Installation System Administration (LISA\u201910) . USENIX Association, USA. 1\u20138. Timothy Nelson, Christopher Barratt, Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi. 2010. The Margrave Tool for Firewall Analysis. In Proceedings of the 24th International Conference on Large Installation System Administration (LISA\u201910). USENIX Association, USA. 1\u20138."},{"volume-title":"Foundations of Security Analysis and Design","author":"Samarati Pierangela","key":"e_1_3_2_1_22_1","unstructured":"Pierangela Samarati and Sabrina De Capitani di Vimercati . 2001. Foundations of Security Analysis and Design . Springer Verlag , 137\u2013196. Pierangela Samarati and Sabrina De Capitani di Vimercati. 2001. Foundations of Security Analysis and Design. Springer Verlag, 137\u2013196."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/234313.234412"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/35.312842"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/507711.507714"},{"volume-title":"14 MEEELLION Verizon subscribers","year":"2017","key":"e_1_3_2_1_26_1","unstructured":"[n.d.]. 14 MEEELLION Verizon subscribers \u2019 details leak from crappily configured AWS S 3 data store. https:\/\/www.theregister.co.uk\/ 2017 \/07\/12\/14m_verizon_customers_details_out\/ [n.d.]. 14 MEEELLION Verizon subscribers\u2019 details leak from crappily configured AWS S3 data store. https:\/\/www.theregister.co.uk\/2017\/07\/12\/14m_verizon_customers_details_out\/"},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the 14th Annual Conference on Privacy, Security and Trust, PST (PST","author":"Xu Dianxiang","year":"2014","unstructured":"Dianxiang Xu and Shuai Peng . 2014 . Towards automatic repair of access control policies . In Proceedings of the 14th Annual Conference on Privacy, Security and Trust, PST (PST 2014). Dianxiang Xu and Shuai Peng. 2014. Towards automatic repair of access control policies. In Proceedings of the 14th Annual Conference on Privacy, Security and Trust, PST (PST 2014)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.16"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the eighth ACM symposium on Access Control Models and Technologies.","author":"Zao John","year":"2003","unstructured":"John Zao , Hoetech Wee , Jonathan Chu , and Daniel Jackson . 2003 . RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis . In Proceedings of the eighth ACM symposium on Access Control Models and Technologies. John Zao, Hoetech Wee, Jonathan Chu, and Daniel Jackson. 2003. RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis. In Proceedings of the eighth ACM symposium on Access Control Models and Technologies."}],"event":{"name":"ISSTA '23: 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","AITO"],"location":"Seattle WA USA","acronym":"ISSTA '23"},"container-title":["Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3597926.3598078","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3597926.3598078","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:42Z","timestamp":1750182522000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3597926.3598078"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,12]]},"references-count":29,"alternative-id":["10.1145\/3597926.3598078","10.1145\/3597926"],"URL":"https:\/\/doi.org\/10.1145\/3597926.3598078","relation":{},"subject":[],"published":{"date-parts":[[2023,7,12]]},"assertion":[{"value":"2023-07-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}