Abstract:
Margrave is a policy-analysis tool providing query-based verification and query-based views of policies. It supports reasoning about the combined effects of policies written in different configuration languages, such as a firewall filter and a static router, or multiple cooperating access-control policies in an enterprise. It supports "change-impact analysis", allowing a user to compare the effects of policy updates.
