The Margrave Policy Analyzer

Access-control policies, firewall configurations, hypervisor configurations, social-network privacy settings, ...

Modern computing systems are teeming with policies. Errors in policies can be embarassing, costly, and have legal consequences. But making mistakes is easy! Policies may be geographically distributed, encode complex dependencies, and interact with environments that change frequently. Enforcing an organization's security goals may require the cooperation of several policies in different languages and at different levels of abstraction.

How can a policy author gain confidence in their settings?

Margrave is a policy-analysis tool with several powerful capabilities:

Margrave is available for free download. Both the tutorial for our latest version and one of our recent conference talks provide a high-level overview of the tool. Our papers describe the technical underpinnings.

We are grateful for support from the National Science Foundation, Cisco, and Google.