skip to main content
10.1145/1943513.1943543acmconferencesArticle/Chapter ViewAbstractPublication PagescodaspyConference Proceedingsconference-collections
invited-talk

Practical policy patterns

Published: 21 February 2011 Publication History

Abstract

The paper attempts to encourage deeper thinking about the nature of security enforcement policies with the intent of fostering a practical engineering design approach for building security enforcement policy. The paper suggests several approaches to lower the cost of developing security enforcement policies by developing technology to share enforcement policies like open source software, including patterns, isolation of site specific policy and tools to increase the ability of humans to understand the implemented policy. The paper also suggests research avenues for increasing human understanding of enforcement policy.

References

[1]
Boebert, W.E. and Kain, R.Y. 1985. A practical alternative to hierarchical integrity policies. Proc. 8th National Computer Security Conference (1985).
[2]
Clark, D.D. and Wilson, D.R. 1987. A Comparison of Commercial and Military Computer Security Policies. Proc. of the 1987 IEEE Symposium on Research in Security and Privacy. (Mar. 1987), 184--194.
[3]
Epstein, P. and Sandhu, R.S. 2001. Engineering of role/permission assignments. Proc. 17th Annual Computer Security Applications Conference. (2001), 127--136.
[4]
Fernandez, E. et al. 2008. Patterns and Pattern Diagrams for Access Control. Proc. of the 5th international conference on Trust, Privacy and Security in Digital Business. (2008), 38--47.
[5]
Gamma, E. et al. 1995. Design patterns: elements of reusable object-oriented software. Addison-Wesley Reading, MA.
[6]
Lampson, B.W. 1973. A note on the confinement problem. Commun. ACM. 16, 10 (1973), 613--615.
[7]
Neumann, G. and Strembeck, M. 2002. A scenario-driven role engineering process for functional RBAC roles. Proc. 7th ACM symposium on Access control models and technologies (2002), 33--42.
[8]
Payne, C. et al. 1999. Napoleon: a recipe for workflow. Proc. of the 15th Annual Computer Security Applications Conference (1999), 134--142.
[9]
Sandhu, R.S. et al. 2000. The NIST model for role-based access control: towards a unified standard. Proc. 5th ACM Workshop on Role-based Access Control. (Jan. 2000).
[10]
Schumacher, M. 2006. Security Patterns Integrating Security & Systems Engineering. Wiley-India.
[11]
Thomas, R.K. 1997. Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. Proc. 2nd ACM workshop on Role-based Access Control (1997), 13--19.
[12]
Thomsen, D.J. 2007. Patterns in Security Enforcement Policy Development. International Conference on Database and Expert Systems Applications (DEXA). (2007), 744--748.
[13]
Thomsen, D.J. and Haigh, T. 1990. A comparison of type enforcement and Unix setuid implementation of well-formed transactions. Proc. 6th Annual Computer Security Applications Conference. (Jan. 1990).
[14]
Thomsen, D.J. et al. 1998. Role based access control framework for network enterprises. Proc. 14th Annual Computer Security Applications Conference. (1998), 50--58.
[15]
Thomsen, D.J. et al. 1999. Napoleon: network application policy environment. Proc. 4th ACM workshop on Role-based access control. (1999), 145--152.

Cited By

View all
  • (2022)NEUTRON: A Graph-based Pipeline for Zero-trust Network ArchitecturesProceedings of the Twelfth ACM Conference on Data and Application Security and Privacy10.1145/3508398.3511499(167-178)Online publication date: 14-Apr-2022
  • (2021)Systematic Literature Review of Security Pattern ResearchInformation10.3390/info1201003612:1(36)Online publication date: 16-Jan-2021
  • (2021)Can I Reach You? Do I Need To? New Semantics in Security Policy Specification and TestingProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463558(165-174)Online publication date: 11-Jun-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CODASPY '11: Proceedings of the first ACM conference on Data and application security and privacy
February 2011
294 pages
ISBN:9781450304665
DOI:10.1145/1943513
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 February 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. access control
  2. computer security
  3. security pattern engineering

Qualifiers

  • Invited-talk

Conference

CODASPY '11
Sponsor:

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)1
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2022)NEUTRON: A Graph-based Pipeline for Zero-trust Network ArchitecturesProceedings of the Twelfth ACM Conference on Data and Application Security and Privacy10.1145/3508398.3511499(167-178)Online publication date: 14-Apr-2022
  • (2021)Systematic Literature Review of Security Pattern ResearchInformation10.3390/info1201003612:1(36)Online publication date: 16-Jan-2021
  • (2021)Can I Reach You? Do I Need To? New Semantics in Security Policy Specification and TestingProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463558(165-174)Online publication date: 11-Jun-2021
  • (2018)Network Policy Enforcement Using TransactionsProceedings of the 23nd ACM on Symposium on Access Control Models and Technologies10.1145/3205977.3206000(129-136)Online publication date: 7-Jun-2018

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media