You are here


SecurePG is a Java-based tool to assist policy administrators in generating, verifying and enforceing abstract Access Control (AC) policies. The framework enables Policy Generation, Policy Verification and Policy Enforcement.

Application cases: 

Policy Generation. Permissions specification through a high-level language that allows cloud developers to express access control requirements as a provider-independent, semi-column separated list of sentences (parsed with an ANTLR grammar). Policy authoring through hints and interactive advices.

Policy Verification. Use of the SMT-based tool (ref. here - paper available in FBK/ST), that implements the Content-based Protection and Release (CPR) AC model, to analyse the authorizations before the enforcement in the cloud.

Policy Enforcement. Push button technology to enforce the entities and their permissions in pre-existing AWS environments.


In version 1.0, support is currently limited to the AWS IAM and S3 services and the corresponding services of OpenStack: Keystone and Swift. [UPD] Version 2.0 extends the support to AWS IoT and edge-oriented applications.



The tool is available on request. Please, send an email to Umberto Morelli or Silvio Ranise.


Relevant papers

  1. T. Ahmad, U. Morelli, S. Ranise, N. Zannone, “A Lazy Approach to Access Control as a Service (ACaaS) for IoT”, to appear in SACMAT 2018: 23rd ACM Symposium on Access Control Models and Technologies

  2. U. Morelli, S. Ranise, “Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud”,
    In IFIPSEC ‘17: Proceedings of the 32nd IFIP TC 11 International Conference, SEC 2017, Rome, Italy, May 29-31, 2017.