{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,4]],"date-time":"2025-07-04T04:11:27Z","timestamp":1751602287039,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","funder":[{"name":"US Office of Naval Research","award":["N00014-20-1-2696"],"award-info":[{"award-number":["N00014-20-1-2696"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,7,8]]},"DOI":"10.1145\/3734436.3734446","type":"proceedings-article","created":{"date-parts":[[2025,7,3]],"date-time":"2025-07-03T17:32:44Z","timestamp":1751563964000},"page":"99-110","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["ProfessorX: Detecting Silent Vulnerabilities in Policy Engine Implementations"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9527-5888","authenticated-orcid":false,"given":"Ben","family":"Weintraub","sequence":"first","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-1180-7929","authenticated-orcid":false,"given":"Chanyuan","family":"Liu","sequence":"additional","affiliation":[{"name":"Northeastern University, Vancouver, BC, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3043-8092","authenticated-orcid":false,"given":"William","family":"Enck","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9649-6789","authenticated-orcid":false,"given":"Cristina","family":"Nita-Rotaru","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,7,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2023. https:\/\/github.com\/coq\/coq"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3532105.3535029"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3589608.3593836"},{"key":"e_1_3_2_1_4_1","volume-title":"Camil Demetrescu, and Irene Finocchi.","author":"Baldoni Roberto","year":"2018","unstructured":"Roberto Baldoni, Emilio Coppa, Daniele Cono D'Elia, Camil Demetrescu, and Irene Finocchi. 2018. A Survey of Symbolic Execution Techniques. ACM Comput. Surv. 51, 3, Article 50 (2018)."},{"key":"e_1_3_2_1_5_1","volume-title":"Secure computer system: Unified exposition and multics interpretation. (No Title)","author":"Elliott Bell D","year":"1976","unstructured":"D Elliott Bell and Leonard J La Padula. 1976. Secure computer system: Unified exposition and multics interpretation. (No Title) (1976)."},{"key":"e_1_3_2_1_6_1","volume-title":"Introduction to computer security","author":"Bishop Matt","unstructured":"Matt Bishop. 2004. Introduction to computer security. Addison-Wesley Professional."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Bruno Blanchet et al. 2016. Modeling and verifying security protocols with the applied pi calculus and ProVerif. Foundations and Trends\u00ae in Privacy and Security 1 1-2 (2016) 1--135.","DOI":"10.1561\/3300000004"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"David FC Brewer and Michael J Nash. 1989. The Chinese Wall Security Policy. In S&P. 206--214.","DOI":"10.1109\/SECPRI.1989.36295"},{"key":"e_1_3_2_1_9_1","volume-title":"Mutation analysis of program test data","author":"Budd Timothy Alan","unstructured":"Timothy Alan Budd. 1980. Mutation analysis of program test data. Yale University."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","unstructured":"Ramaswamy Chandramouli and Zack Butcher. 2023. A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments. doi:10.6028\/NIST.SP.800-207A","DOI":"10.6028\/NIST.SP.800-207A"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","unstructured":"Ramaswamy Chandramouli Zack Butcher and Aradhna Chetal. 2021. Attribute-based Access Control for Microservices-based Applications Using a Service Mesh. doi:10.6028\/NIST.SP.800-204B","DOI":"10.6028\/NIST.SP.800-204B"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3450569.3463563"},{"key":"e_1_3_2_1_13_1","unstructured":"Hong Chen Ninghui Li and Ziqing Mao. [n.d.]. Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems. ([n.d.])."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786835"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978336"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2010.04.005"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.7987r1"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"e_1_3_2_1_19_1","unstructured":"InterNational Committee for Information Technology Standards. 2020. INCITS 565-2020: Information technology -- Next Generation Access Control. https:\/\/standards.incits.org\/higherlogic\/ws\/public\/projects\/2328\/details"},{"key":"e_1_3_2_1_20_1","first-page":"12","article-title":"Access control requirements for web 2.0 security and privacy","volume":"2","author":"Gates Carrie","year":"2007","unstructured":"Carrie Gates. 2007. Access control requirements for web 2.0 security and privacy. IEEE Web 2, 0 (2007), 12--15.","journal-title":"IEEE Web"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1465482.1465529"},{"key":"e_1_3_2_1_22_1","unstructured":"Grant Hernandez Swarnim Yadav Byron J Williams and Kevin R B Butler. [n.d.]. BigMAC: Fine-Grained Policy Analysis of Android Firmware. ([n.d.])."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1805974.1805982"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.588521"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Vincent Hu David Ferraiolo Richard Kuhn Adam Schnitzer Kenneth Sandlin Robert Miller and Karen Scarfone. 2019. Guide to attribute based access control (ABAC) definition and considerations. Technical Report NIST Special Publication (SP) 800-162. National Institute of Standards and Technology. doi:10.6028\/NIST.SP.800-162","DOI":"10.6028\/NIST.SP.800-162"},{"key":"e_1_3_2_1_26_1","volume-title":"Software Abstractions: logic, language, and analysis","author":"Jackson Daniel","unstructured":"Daniel Jackson. 2012. Software Abstractions: logic, language, and analysis. MIT press."},{"key":"e_1_3_2_1_27_1","volume-title":"Computer Aided Verification: 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17--23, 2016, Proceedings, Part II 28","author":"Jordan Herbert","year":"2016","unstructured":"Herbert Jordan, Bernhard Scholz, and Pavle Suboti?. 2016. Souffl\u00e9: On synthesis of program analyzers. In Computer Aided Verification: 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17--23, 2016, Proceedings, Part II 28. Springer, 422--430."},{"key":"e_1_3_2_1_28_1","volume-title":"Fork State-Aware Differential Fuzzing for Blockchain Consensus Implementations. In 2025 IEEE\/ACM 47th International Conference on Software Engineering (ICSE). IEEE Computer Society, 622--622","author":"Kim Wonhoi","year":"2025","unstructured":"Wonhoi Kim, Hocheol Nam, Muoi Tran, Amin Jalilov, Zhenkai Liang, Sang Kil Cha, and Min Suk Kang. 2025. Fork State-Aware Differential Fuzzing for Blockchain Consensus Implementations. In 2025 IEEE\/ACM 47th International Conference on Software Engineering (ICSE). IEEE Computer Society, 622--622."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39799-8_48"},{"key":"e_1_3_2_1_31_1","article-title":"JGraphT\u2014A Java Library for Graph Data Structures and Algorithms","volume":"46","author":"Michail Dimitrios","year":"2020","unstructured":"Dimitrios Michail, Joris Kinable, Barak Naveh, and John V. Sichi. 2020. JGraphT\u2014A Java Library for Graph Data Structures and Algorithms. ACM Trans. Math. Softw. 46, 2, Article 16 (May 2020), 29 pages.","journal-title":"ACM Trans. Math. Softw."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.27"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","unstructured":"Scott Rose Oliver Borchert Stuart Mitchell and Sean Connelly. 2020. Zero Trust Architecture. doi:10.6028\/NIST.SP.800-207","DOI":"10.6028\/NIST.SP.800-207"},{"key":"e_1_3_2_1_34_1","unstructured":"Sandra Rueda Dave King and Trent Jaeger. [n.d.]. Verifying Compliance of Trusted Programs. ([n. d.])."},{"key":"e_1_3_2_1_35_1","volume-title":"International Datalog 2.0 Workshop","author":"Smaragdakis Yannis","unstructured":"Yannis Smaragdakis and Martin Bravenboer. 2010. Using Datalog for fast and easy program analysis. In International Datalog 2.0 Workshop. Springer, 245--251."},{"key":"e_1_3_2_1_36_1","volume-title":"NGAC Reference Implementation. Retrieved","author":"Implementation Team NGAC","year":"2024","unstructured":"NGAC Implementation Team. 2025. NGAC Reference Implementation. Retrieved November 2024 from https:\/\/github.com\/usnistgov\/policy-machine-core. https:\/\/github.com\/usnistgov\/policy-machine-core"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1017\/S1471068411000494"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670386"}],"event":{"name":"SACMAT '25:SACMAT '25","location":"Stony Brook NY USA","sponsor":["sigsac ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 30th ACM Symposium on Access Control Models and Technologies"],"original-title":[],"deposited":{"date-parts":[[2025,7,3]],"date-time":"2025-07-03T17:33:47Z","timestamp":1751564027000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3734436.3734446"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,7]]},"references-count":38,"alternative-id":["10.1145\/3734436.3734446","10.1145\/3734436"],"URL":"https:\/\/doi.org\/10.1145\/3734436.3734446","relation":{},"subject":[],"published":{"date-parts":[[2025,7,7]]},"assertion":[{"value":"2025-07-07","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}