ACPEG is a tool for evaluating and model-checking access control policies. It can read policy scripts written in a language called RW and can also translate RW to XACML, so that a real access control policy can be built.
The RW language is based on first-order logic, and is described in the following paper:
- Synthesising Verified Access Control Systems through Model Checking. Journal of Computer Security 16(1):1-61. 2007
ACPEG's model-checker can be used to find potential security breaches caused by interactions of rules, co-operations between agents and multi-step actions, which are difficult to identify using other approaches.
A "goal" is an objective that a user or group of users ("party") may want to achieve, such as reading from or overwriting some information. A "strategy" is a way of achieving a goal. If a strategy for a goal is available to a party, then they are able to achieve the goal.
The achievability of a goal reflects certain facts about the policy. The existence of a strategy for a malicious goal means the policy contains security holes that can be exploited, while if a strategy for a legitimate goal cannot be found, this suggests the policy has not granted the users adequate permissions.