| Access Control Policy Composition |
Access Control attribute composition:
- Systematic access control attribute definitions of Resource, Action, Environment, Condition
- Conveniently attribute update, display the summary, search, and rename an attribute
- Automatically update in relevant policies
|
GUI and integration check for any definition and updating:
- Reduce human error
- Speed up the policy development process to meet the security requirements
|
Access Control model and templates for:
- ABAC (Attribute-based Access Control)
- Multilevel Security (MLS) and Workflow
|
Easy to use templates to avoid policy errors and reduce the development cost |
| Subject/Object Inheritance |
User-friendly GUI to:
- Define a subject/resource hierarchical access control structure with automatically exclude inheritance loop
- Graphically display the subject/resource hierarchical structure
- View/add/delete/update the hierarchical subjects and resources
- Automatic policy composition for inherited beneficiaries
|
Policies can be composed for a hierarchical organization with less effort and access control accuracy:
- Easy management of the access control for military, government, and hierarchical enterprise structure
- Easy management of the hierarchical resources
|
| Access Control Policy Tests |
Rich, powerful, thoughtful, and interactive testing functions:
- Compose and edit a set of policies in an intuitive way
- Compose various security requirements to generate test cases
- Merged policy verification
- Combine policy verification
- Combinational policy tests (2-way, 3-way, 4-way, etc.) for a very high access control testing coverage (e.g., >99% access control cases)
- Separation of Duty for merged and combined policy verification
- Rule combination algorithms are integrated on the policy tests
- Policy enforcement algorithms are integrated on the policy tests
|
Robust, unified, and generic policy verification helps:
- Test any (individual or multiple) security requirements enabled in the security access control model
- Check if the access control response is correct as your intentions
- Retest the access control response after the policy is changed Compare the resting results under difference access control scenarios
- Explore the testing results by tables
|
| Access Control Policy Analysis, Error Inspection, and Correction |
Rich, powerful, thoughtful, and interactive policy analyzing functions:
- Manage and analyze many policies easily
- Identify the policy that cause permit/deny/not applicable
- Well-organized the table-based testing results for thoughtful and comprehensive analysis
- Fix/modify/test the policy and reanalyze the results
|
Robust, unified, and generic policy analyzing functions allow you to:
- Explore the policy that causes unsecure access control results of your intention
- Easy to modify the policy with new analysis till meeting the security requirement
|
| XACML Features |
XACML - Compatible Policy functions:
- Automatically convert the composed and tested policies into XACML 3.0 policies
- XACML 3.0 policy editor
- XACML 2.0/3.0 policy & request input to the editor and access control security model
- Automatically convert XACML 2.0 policy to 3.0
- Integrating verification for XACML 3.0 policies
|
Comprehensive XACML functions:
- XACML 3.0 policy compatibility, portability, and operability
- Access control security model is compatible with XACMAL attributes, resources, environments, and conditions
- Includes all XACML rule algorithms
|
