Visible to the public Margrave: Query-Based Policy Analysis


Margrave is a policy-analysis tool providing query-based verification and query-based views of policies. It supports reasoning about the combined effects of policies written in different configuration languages, such as a firewall filter and a static router, or multiple cooperating access-control policies in an enterprise. It supports "change-impact analysis", allowing a user to compare the effects of policy updates.

In this talk we will focus on the role of model-finding in Margrave and the resulting property-free verification paradigm it supports.

This is joint work with Kathi Fisler (WPI), Timothy Nelson (WPI), and Shriram Krishnamurthi (Brown)


Daniel J. Dougherty is Professor of Computer Science at WPI, having held previous faculty positions at Dartmouth College and Wesleyan University.
His current research focus is on formal methods, particularly as applied to security policies and cryptographic protocols. He has also worked in the areas of databases, logic, automated deduction, and the design and implementation of programming languages.
He is involved in policy research with colleagues at WPI, Brown University, INRIA and CNRS and is a member of the Steering Committee for the annual Security and Rewriting Techniques workshop. His work has been supported by the National Science Foundation, the National Security Agency, the Office of Naval Research, and the Department of Education.

Creative Commons 2.5

Other available formats:

Margrave: Query-Based Policy Analysis
Switch to experimental viewer