Conferences

• IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2021); papers due April 26, 2021
• New Security Paradigms Workshop (NSPW 2021); papers due May 21, 2021

---

My Links

• My Home Page
• Books
• Classes
• Papers
• Reports and Notes
• Research
• Security in Programming
• Service
• Students
• Talks
• Miscellaneous
• My Family
• About Me (CV and such)

---

Other Links

• Cybersecurity Club
• Computer Security Lab
• Dept. of Computer Science
• College of Engineering
• University of California, Davis
• City of Davis
• County of Yolo
• State of California
• United States of America

---

Me

• This Quarter’s Classes
• Office Hours for This Quarter
• Contacting Me
• My Personal Blog
  (Last Entry September 4, 2020; “Don’t Vote Twice”)

---

Current Time in Davis, CA, USA

Your Security Policy is What??

Citation

• M. Bishop and S. Peisert, “Your Security Policy is What??”, Technical Report CSE-2006-20, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Mar. 2006).

Paper

• PDF
• PS
• Official copy (UC eScholarship)

Abstract

Systems and infrastructure rarely enforce a site’s security policy precisely. Conversely, determining the policy (or policy components) that the systems and infrastructure do enforce is difficult because of the plethora of configuration files and systems at the site. We propose a way to unify these problems by applying a bi-directional method of enforcing and reverse-engineering system and infrastructure policy. The process uses a platform-independent intermediate policy representation (IPR) to bridge the gap between a high-level expression of policy and a machinedependent, system configuration. The result of these methods, shown along with a detailed example, is that both policy discovery and enforcement can be made into a much more rigorous process.

---

Last updated on Thursday, April 15, 2021 11:21:00 PM PDT