Security Policy Tool

Security Policy Tool

Home > Products > Security Policy Tool

Security Policy Tool ( gives you the power to test and verify your access control policies.

Access control policies govern the authorization of an attempted request to access online resources in a software system. The resources in a system can vary such as networking devices, infrastructure, data, services, or other security-critical components accessible in a network. Access control has been broadly used for financial, security, privacy, safety, defense, and many other applications to protect the resources from being accessed by unauthorized users.

Security Policy Tool allows your access control policy author to conveniently and thoroughly compose, test, analyze, and verify your organization’s access control policies. Doing so, allows this access control specialist to prevent potential vulnerabilities before your policies are deployed into a system. It delivers a user-friendly and efficient way for access control policy modeling, analyzing, verifying, and testing. It also has advanced functions for policy authors to perform combinatorial tests and automatically generating XACMAL policies for deployment.  These functions allow you to check if any security leakages/vulnerabilities are occurring along with a simple way fix them if they are.  


Table 1. Security Policy Tool Functions 


Access Control Policy Functions


Access Control Policy Development

Access Control attribute composition:

  • Systematic access control attribute definitions of Resource, Action, Environment, Condition,
  • Conveniently attribute update, display the summary, search, and rename an attribute,
  • Automatically update in relevant policies    

GUI and integration check for any definition and updating:

  • Reduce human errors in policies
  • Speed up the policy development process to meet the security requirements
  • Save the efforts to maintain and update the policies

Access Control model and templates for:

  • ABAC (Attribute-based Access Control)
  • Multilevel Security (MLS),
  • Workflow
  • Legacy models (RBAC) are mitigated into an ABAC model

Easy to use templates:

·        Avoid policy errors during rule/policy composition,

·        Reduce the development time and cost,

·        Save the efforts to maintain and update an model  

Subject/Object Inheritance

User-friendly GUI to:

·        Define a subject/resource hierarchical access control structure with automatically exclude inheritance loop,

·        Graphically display the subject/resource hierarchical structure,

·        View/add/delete/update the hierarchical subjects and resources,

·        Automatic policy composition for inherited beneficiaries

Policies can be composed for a hierarchical organization with less effort with automatic synchronization according to the organization structure:

·        Easy management of the access control for military, government, and hierarchical enterprise structure,

·        Easy management of the hierarchical resources

Access Control Policy Tests

Rich, powerful, thoughtful, and interactive testing functions:

·        Compose and edit a set of policies in an intuitive way

·        Compose various security requirements to generate test cases

·        Support various rule/policy enforcement and combination algorithms

·        Merged multiple policies for a test, e.g., policy verification by merging multiple policies as one,

·        Combine multiple policies for a test, e.g., policy verification by combining multiple policies.

·        Combinational policy tests (2-way, 3-way, 4-way, etc.) for a very high access control testing coverage (e.g., >99% access control cases)

·        Separation of Duty for merged and combined policy verification

·        Rule combination algorithms are integrated on the policy tests

·        Policy enforcement algorithms are integrated on the policy tests

Robust, unified, and generic policy testing and verification helps:

·        Compatible testing in according with XACML 3.0 access control framework,

·        Configurable to support the access control models for your security requirements in an access control system,

·        Test any (individual or multiple) security requirements enabled in the security access control model,

·        Check if the access control response is correct as your intentions,

·        Retest the access control response after the policy is changed Compare the resting results under difference access control scenarios,

·        Explore the testing results by tables

Access Control Policy Management Analysis

Rich, powerful, thoughtful, and interactive policy analyzing functions for you to inspect and fix any Access Control errors:

·        Manage and analyze many policies easily

·        Identify the policy that cause permit/deny/not applicable

·        Well-organized the table-based testing results for thoughtful and comprehensive analysis

·        Search the accessibility of a given resource, e.g., who can access?

·        Search the accessibility of a give subject, e.g., know what a person can access?

·        Fix/modify/test the policy and reanalyze the results till all security requirements are satisfied,

·        Output testing results by tables or other formats

Robust, unified, and generic policy analyzing functions allow you to detect and modify the error policies till the security requirements are achieved:

·        Eight types of Access Control flaws, e.g., block a privilege,

·        Explore the policy that causes unsecure access control results of your intention

·        Easy to modify the policy with new analysis till meeting the security requirement

XACML Features

XACML-Compatible Policy functions:

·        Automatically convert the composed and tested policies into XACML 3.0 policies

·        XACML 3.0 policy editor

·        XACML 2.0/3.0 policy & request input to the editor and access control security model

·        Automatically convert XACML 2.0 policy to 3.0

·        Integrating verification for XACML 3.0 policies

Comprehensive XACML functions:

·        XACML 3.0 policy compatibility, portability, and operability,

·        Access control security model is compatible with XACMAL attributes, resources, environments, and conditions

·        Includes all XACML rule combining algorithms, syntax, etc.


Acknowledgement: Our Security Policy Tool is a commercial version of NIST (National Institute of Standards and Technology)’s ACPT (Access Control Policy Tool).  ACPT is developed by NIST for Proof of Concept and unfortunately is not deployable.  With tremendous consultant to NIST experts, Security Policy Tool substantially enhances and expands the NIST’s ACPT design with advanced features for achieving high security confidence access control levels such that it can be commercialized. The development of Security Policy Tool is financially sponsored by NIST via a SBIR (Small Business Innovation Research) Phase I and II program. It specifically improves the NIST’s ACPT design to provide a robust, unified, professional, and functionally powerful access control policy tool.



About Us
Contact Us
Security Policy Tool
Networking and Communications
Cyber Security
Big Data & Storage
Intelligence and Control
Image Processing
Contact Us
(502) 371-0907
Copyright © 2017 InfoBeyond Technology LLC