R&D report: how to test access control before your IT inadvertently breaks

Presented at ToorCon San Diego 18 (2016), Oct. 16, 2016, 3:30 p.m. (20 minutes)

Many organizations opt to not implement tight-enough access control because they fear that they may restrict necessary access and cause harm or create inefficiencies. In this live-demo presentation, you will learn how to test your various access policies to ensure they do what they are supposed to do. Learn – and see in a live demo based on the results of an ongoing NIST SBIR R&D project – how to formally test that your access control policies do not break your IT – for various common access control mechanisms you probably have in your organization.


  • Ulrich Lang
    ObjectSecurity founder & CEO; Ph.D. from University of Cambridge Computer Laboratory (Security Group) on access policies; Master’s Degree (M. Sc.) in Information Security from Royal Holloway College (London) in 1997. Ulrich is a renowned thought leader in access control policy, model-driven security, and Cloud/SOA/middleware security, identity & access management. He is on the Board of Directors of the Cloud Security Alliance (Silicon Valley Chapter). He is co-inventor and co-developer of ObjectSecurity’s OpenPMF product. He delivers some of the professional services Objectsecurity offers He has published over 150 papers/presentations, and has previously worked as a proposal evaluator, project evaluator, conference program committee, panel moderator, consultant, book author.


Similar Presentations: