Network, System, IoT, and Cloud data breach often occur due to the presence of unintended access control holes that leave online resources unprotected:
Security Policy Tool is a leading access control solution that equips you to answer “Yes” to all the above capabilities. It allows you to easily develop highly secure access control rules/policies, to extinguish the threat of cyber-attacks and insiders exploiting access control security vulnerabilities.
Security Policy Tool enables powerful, thoughtful, and convenient access control policy editing, testing and analyzing functions such that the policy authors can validate and fix the faulty, unintended, misconfigured policies. This ensures there are no security leaks when the policies are deployed in a system. The access control policies can be effectively analyzed via user-friendly GUI (graph user interface) to find unintended accessibility. With the identification of the faulty and unintended policies, the policy author can revise the rules in policies to exclude the access control vulnerabilities. For such a purpose, Security Policy Tool has many analyzing functions for the policy author to find the correlations among the rules and the access control accessibility. In addition, it offers the functions to conveniently compose access control models with a large number of rules and policies. It also contains an XACML editor for policy editing.
Security Policy Tool saves you valuable time during the policy design phase all while giving you the power to eliminate disastrous access control flaws. Security Policy Tool allows a policy author to conveniently compose a large number of rules and apply them to access control polices and models, such as ABAC (Attribute-based Access Control). Security Policy Tool provides XACML-compatible policy composition and policy development which in turn makes it easier to use the policy editing functions, such as:
Figure 1: GUI to Create an ABAC Policy Rule
Figure 2: GUI to Create a Multilevel Security Policy
Due to the complex nature of designing access control policies, errors commonly come up. Before deploying your access control policy, Security Policy Tool can verify the effectiveness (i.e., Permit or Deny) of your composed policy in comparison to your organization’s security requirements. Using our testing engine, a policy author can analyze the results to verify if the access control decisions from the tests are working as planned. If all the results are matched with the intended results, the policies including the rules and the algorithms in the access control models can be deployed into your access control system. In the circumstance there are access control errors the policy author will need to revise their policies or algorithms and test for new results using Security Policy Tool. Once the expected results are achieved, your organization will have the peace-of-mind knowing that your intended level security is being reached. The policy tests support all XACML 3.0 rule-combining algorithms that include First Applicable, Deny Override, Permit Override, etc. It also supports rule enforcement algorithms that are Deny Based and Permit Based.
Figure 3: Single Policy Verification and Results
Figure 4: Policy Verification Approach 1: Merged Rules
Figure 5: Policy Verification Approach 2: Combined Policies
Security Policy Tool specifically enables the following policy testing and verification functions for policy error detection.
Security Policy Tool allows the policy author to test and verify all security requirements for the policies in an access control model.
Security Policy Tool presents the testing results to the policy author for analysis, inspection, and correction. Our comprehensive results allow the policy author to view:
Security Policy Tool has powerful analyzing functions to help policy authors to inspect and correct the following access control errors:
Security Policy Tool correlates the decision between the security requirement and the rule. This allows the policy author to revise the rules until the intended security requirements are achieved.
Figure 6: XACML GUI-enabled Editing
Security Policy Tool has an XACML 3.0 policy editor with GUIs for policy editing, verification, and inputting/outputting functions. At first, XACML 2.0/3.0 policy can be inputted into Security Policy Tool and then automatically convert XACML 2.0 policy to 3.0. It has policy editing, grammar checking, and verification functions for policy authors to define or modify policies easily. Meanwhile, it can automatically convert the composed and tested policies in the access control models (ABAC, Multilevel Security, and Workflow) into XACML 3.0 policies, which cuts down on labor time, by avoiding manual editing where errors are common.