Policies define how a secure system should behave and which service it provides to its users, even if some users misbehave or an adversary attacks the system. Calling a system "secure" is only meaningful together with a corresponding policy that defines the desired notion of security. This project addresses security policies in the following contexts.
Separation of duties
Many enterprises implement the principle of separation of duties for critical actions in order to prevent fraud and errors. This project has developed a system to analyze the separation of duties in role assignments, authorization policies, and log files for enterprises.
Managing assurance, security and trust for enterprises (MASTER)
The MASTER project explores tools, methodologies, and technologies for building highly dynamic, potentially outsourced, regulated, and verifiably compliant IT systems.
- Privacy policies
Today, enterprises face the challenge of finding a balance between serving their customers over the Internet and accommodating rising privacy demands by those same customers. To support this goal, this project addresses privacy policies and develops a twofold combined access control and data-handling policy language.