Security policies

Overview

Policies define how a secure system should behave and which service it provides to its users, even if some users misbehave or an adversary attacks the system. Calling a system "secure" is only meaningful together with a corresponding policy that defines the desired notion of security. This project addresses security policies in the following contexts.

  • Separation of duties
    Many enterprises implement the principle of separation of duties for critical actions in order to prevent fraud and errors. This project has developed a system to analyze the separation of duties in role assignments, authorization policies, and log files for enterprises.
  • Managing assurance, security and trust for enterprises (MASTER)
    The MASTER project explores tools, methodologies, and technologies for building highly dynamic, potentially outsourced, regulated, and verifiably compliant IT systems.
  • Privacy policies
    Today, enterprises face the challenge of finding a balance between serving their customers over the Internet and accommodating rising privacy demands by those same customers. To support this goal, this project addresses privacy policies and develops a twofold combined access control and data-handling policy language.