Our paper "Detecting Insufficient Access Control in Web Applications" was accepted for the First SysSec Workshop.
This work is a follow-up research based on the OWASP Access Control Rules Tester project, which was initiated during the OWASP Summer of Code 2008.
If any of you guys happen to attend DIMVA'11 at Amsterdam, I'd be very glad to meet for a beer :)
Acknowledgements. I'd like to thank George Noseevich, who have put so much effort into this project and this paper.