ASE 2022 (series) / Tool Demonstrations /
Quacky: Quantitative Access Control Permissiveness Analyzer
Tue 11 Oct 2022 10:00 - 10:30 at Ballroom A - Tool Poster Session 1
Thu 13 Oct 2022 10:40 - 10:50 at Ballroom C East - Technical Session 23 - Security Chair(s): John-Paul Ore
Thu 13 Oct 2022 10:40 - 10:50 at Ballroom C East - Technical Session 23 - Security Chair(s): John-Paul Ore
This paper presents Quacky, a tool for quantifying permissiveness of access control policies in the cloud. Given a policy, Quacky translates it into a SMT formula and uses a model counting constraint solver to quantify permissiveness. When given multiple policies, Quacky not only determines which policy is more permissive, but also quantifies the relative permissiveness between the policies. With Quacky, users can automatically analyze complex policies, helping them ensure that there is no unintended access to their data. Quacky supports access control policies written in Amazon’s AWS Identity and Access Management (IAM), Microsoft’s Azure, and Google Cloud Platform (GCP) policy languages. Quacky is open-source and has both a command-line and a web interface. Video URL: \url{https://youtu.be/YsiGOI_SCtg}. The Quacky tool and benchmarks are available at \url{https://github.com/vlab-cs-ucsb/quacky}
Tue 11 OctDisplayed time zone: Eastern Time (US & Canada)
Tue 11 Oct
Displayed time zone: Eastern Time (US & Canada)
10:00 - 10:30 | |||
10:00 30mDemonstration | WebMonitor: https://youtu.be/hqVw0JU3k9c Tool Demonstrations Ennio Visconti TU Wien, Christos Tsigkanos University of Bern, Switzerland, Laura Nenzi University of Trieste | ||
10:00 30mDemonstration | Quacky: Quantitative Access Control Permissiveness Analyzer Tool Demonstrations William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara | ||
10:00 30mDemonstration | Snapshot Metrics Are Not Enough: Analyzing Software Repositories with Longitudinal Metrics Tool Demonstrations Nicholas Synovic Loyola University Chicago, Matt Hyatt Loyola University Chicago, Rohan Sethi Loyola University Chicago, Sohini Thota Loyola University Chicago, Shilpika University of California at Davis, Allan J. Miller Loyola University Chicago, Wenxin Jiang Purdue University, Emmanuel S. Amobi Loyola University Chicago, Austin Pinderski Duke University, Loyola University Chicago, Konstantin Läufer Loyola University Chicago, Nicholas J. Hayward Loyola University Chicago, Neil Klingensmith Loyola University Chicago, James C. Davis Purdue University, USA, George K. Thiruvathukal Loyola University Chicago and Argonne National Laboratory | ||
10:00 30mDemonstration | AUSERA: Automated Security Vulnerability Detection for Android AppsVirtual Tool Demonstrations Sen Chen Tianjin University, Yuxin Zhang Tianjin University, Lingling Fan Nankai University, Jiaming Li Tianjin University, Yang Liu Nanyang Technological University | ||
10:00 30mDemonstration | Trimmer: Context-Specific Code ReductionVirtual Tool Demonstrations Aatira Anum Ahmad Lahore University of Management Sciences, Mubashir Anwar University of Illinois Urbana-Champaign, Hashim Sharif University of Illinois at Urbana-Champaign, Ashish Gehani SRI, Fareed Zaffar Lahore University of Management Sciences | ||
10:00 30mDemonstration | Maktub: Lightweight Robot System Test Creation and Automation Tool Demonstrations | ||
10:00 30mDemonstration | V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities Tool Demonstrations Vipawan Jarukitpipat Mahidol University, Xiao Peng China EverBright Bank, Xiao Peng China EverBright Bank, Chaiyong Ragkhitwetsagul Mahidol University, Thailand, Morakot Choetkiertikul Mahidol University, Thailand, Thanwadee Sunetnanta Mahidol University, Raula Gaikovina Kula Nara Institute of Science and Technology, Bodin Chinthanet Nara Institute of Science and Technology, Takashi Ishio Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology | ||
10:00 30mDemonstration | RobSimVer: A Tool for RoboSim Modeling and AnalysisVirtual Tool Demonstrations Dehui Du East China Normal University, Ana Cavalcanti University of York, JihuiNie East China Normal University | ||
10:00 30mDemonstration | Xscope: Hunting for Cross-Chain Bridge AttacksVirtual Tool Demonstrations Jiashuo Zhang Peking University, China, Jianbo Gao Peking University, Yue Li Peking University, Ziming Chen Peking University, Zhi Guan Peking University, Zhong Chen | ||
10:00 30mDemonstration | SAFA: A Tool for Supporting Safety Analysis in Evolving Software Systems Tool Demonstrations Alberto D. Rodriguez University of Notre Dame, Timothy Newman University of Notre Dame, Katherine R. Dearstyne University of Notre Dame, Jane Cleland-Huang University of Notre Dame | ||
10:00 30mDemonstration | Building recommender systems for modelling languages with DroidVirtual Tool Demonstrations Lissette Almonte Universidad Autónoma de Madrid, Esther Guerra Universidad Autónoma de Madrid, Iván Cantador Universidad Autónoma de Madrid, Juan de Lara Autonomous University of Madrid Pre-print Media Attached | ||
10:00 30mDemonstration | Shibboleth: Hybrid Patch Correctness Assessment in Automated Program Repair Tool Demonstrations | ||
Thu 13 OctDisplayed time zone: Eastern Time (US & Canada)
Thu 13 Oct
Displayed time zone: Eastern Time (US & Canada)
10:00 - 12:00 | Technical Session 23 - SecurityTool Demonstrations / Journal-first Papers / Late Breaking Results / Research Papers at Ballroom C East Chair(s): John-Paul Ore North Carolina State University | ||
10:00 10mDemonstration | V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities Tool Demonstrations Vipawan Jarukitpipat Mahidol University, Xiao Peng China EverBright Bank, Xiao Peng China EverBright Bank, Chaiyong Ragkhitwetsagul Mahidol University, Thailand, Morakot Choetkiertikul Mahidol University, Thailand, Thanwadee Sunetnanta Mahidol University, Raula Gaikovina Kula Nara Institute of Science and Technology, Bodin Chinthanet Nara Institute of Science and Technology, Takashi Ishio Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology | ||
10:10 20mPaper | Automatic Detection of Java Cryptographic API Misuses: Are We There Yet? Journal-first Papers Ying Zhang Virginia Tech, USA, Md Mahir Asef Kabir Virginia Tech, Ya Xiao Virginia Tech, Daphne Yao Virginia Tech, Na Meng Virginia Tech DOI Pre-print | ||
10:30 10mDemonstration | A transformer-based IDE plugin for vulnerability detectionVirtual Tool Demonstrations Cláudia Mamede FEUP, U.Porto, Eduard Pinconschi FEUP, U.Porto, Rui Abreu Faculty of Engineering, University of Porto, Portugal | ||
10:40 10mDemonstration | Quacky: Quantitative Access Control Permissiveness Analyzer Tool Demonstrations William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara | ||
10:50 10mPaper | Towards Robust Models of Code via Energy-Based Learning on Auxiliary DatasetsVirtual Late Breaking Results | ||
11:00 10mDemonstration | Xscope: Hunting for Cross-Chain Bridge AttacksVirtual Tool Demonstrations Jiashuo Zhang Peking University, China, Jianbo Gao Peking University, Yue Li Peking University, Ziming Chen Peking University, Zhi Guan Peking University, Zhong Chen | ||
11:10 20mResearch paper | Reentrancy Vulnerability Detection and Localization: A Deep Learning Based Two-phase ApproachVirtual Research Papers Zhuo Zhang Chongqing University, Yan Lei Chongqing University, Meng Yan Chongqing University, Yue Yu College of Computer, National University of Defense Technology, Changsha 410073, China, Jiachi Chen Sun Yat-Sen University, Shangwen Wang National University of Defense Technology, Xiaoguang Mao National University of Defense Technology | ||