Multi-Terminal Binary Decision Diagrams: An Efficient DataStructure for Matrix Representation
Formal Methods in System Design
Conflict Resolution Using Logic Programming
IEEE Transactions on Knowledge and Data Engineering
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Using Event Calculus to Formalise Policy Specification and Analysis
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Verifying information flow goals in security-enhanced Linux
Journal of Computer Security - Special issue on WITS'03
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Privacy in information technology: designing to enable privacy policy management in organizations
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Evaluating interfaces for privacy policy rule authoring
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
Beyond separation of duty: an algebra for specifying high-level security policies
Proceedings of the 13th ACM conference on Computer and communications security
Analyzing web access control policies
Proceedings of the 16th international conference on World Wide Web
An approach to evaluate policy similarity
Proceedings of the 12th ACM symposium on Access control models and technologies
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Journal of the ACM (JACM)
Policy decomposition for collaborative access control
Proceedings of the 13th ACM symposium on Access control models and technologies
An obligation model bridging access control policies and privacy policies
Proceedings of the 13th ACM symposium on Access control models and technologies
Usability challenges in security and privacy policy-authoring interfaces
INTERACT'07 Proceedings of the 11th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
Policy framework for security and privacy management
IBM Journal of Research and Development
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Policy-based management of networked computing systems
IEEE Communications Magazine
Conditional privacy-aware role based access control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Satisfiability and resiliency in workflow systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Obligations and their interaction with programs
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
An attribute-based authorization policy framework with dynamic conflict resolution
Proceedings of the 9th Symposium on Identity and Trust on the Internet
Policy framework for security and privacy management
IBM Journal of Research and Development
Negotiating and delegating obligations
Proceedings of the International Conference on Management of Emergent Digital EcoSystems
Hi-index | 0.00 |
The distributed nature of the environment in which privacy and security policies operate requires tools that help enforce consistency of policy rules across different domains. Furthermore, because changes to policy rules are required as policies evolve over time, such tools can be used by policy administrators to ensure the consistency of policy changes. In this paper, we describe a number of different policy analysis tools and techniques that we have developed over the years and present them in a unified framework in which both privacy and security policies are discussed. We cover dominance analyses of general policies, conflicts among authorizations and prohibitions, and other analyses of obligations, as well as policy similarity analysis and policy distribution.