SAM

From Erights

The SERSCIS Access Modeller (SAM) takes a model of a system (e.g. a set of objects within a computer program or a set of machines on a network) and attempts to verify certain security properties about the system, by exploring all the ways access can propagate through the system. For example, it could prove that a web-server's logs can never be deleted except by the logging system or the administrator.

It is designed to handle dynamic systems (e.g. systems containing factories which may create new objects at runtime) and systems where behaviour of some of the objects is unknown or not trusted.

It is greatly inspired by Scollar, but extends it by:

• Using a Java-like syntax for expressing behaviour, which is hopefully more natural for programmers.
• Considering multiple contexts (e.g. so that objects created by a factory for client A can be kept separate from objects created by the same factory for client B).

SAM is Open Source.