Authoring access control policies is challenging and prone to
misconfigurations. Access control policies must be conflict-free. Hence,
administrators should identify discrepancies between policy specifications and
their intended function to avoid violating security principles. This paper aims
to demonstrate how to formally verify access control policies. Model checking
is used to verify access control properties against policies supported by an
access control model. The authors consider Google's Cloud Identity and Access
Management (IAM) as a case study and follow NIST's guidelines to verify access
control policies automatically. Automated verification using model checking can
serve as a valuable tool and assist administrators in assessing the correctness
of access control policies. This enables checking violations against security
principles and performing security assessments of policies for compliance
purposes. The authors demonstrate how to define Google's IAM underlying
role-based access control (RBAC) model, specify its supported policies, and
formally verify a set of properties through three examples