Published: March 26, 2012
Citation: IT Professional vol. 14, no. 2, (March-April 2012) pp. 4-7
Author(s)
David Ferraiolo, Jeffrey Voas, George Hurlburt
Announcement
To many, system policy is a statement posted on a website indicating intention to protect personal data. In reality, policy is much broader, and its enforcement far more consequential. What if policy-derived rule sets could be rigorously defined and automated for software-intensive systems? Imagine a "policy machine" that allows codification of arbitrary rules stemming from policy to create executable code. Such a tool exists today at the US National Institute of Standards and Technology. The NIST Policy Machine offers a new technology in enforcing the important role of policy in systems design, evolution, management, and policy enforcement.
To many, system policy is a statement posted on a website indicating intention to protect personal data. In reality, policy is much broader, and its enforcement far more consequential. What if policy-derived rule sets could be rigorously defined and automated for software-intensive systems? Imagine...
See full abstract
To many, system policy is a statement posted on a website indicating intention to protect personal data. In reality, policy is much broader, and its enforcement far more consequential. What if policy-derived rule sets could be rigorously defined and automated for software-intensive systems? Imagine a "policy machine" that allows codification of arbitrary rules stemming from policy to create executable code. Such a tool exists today at the US National Institute of Standards and Technology. The NIST Policy Machine offers a new technology in enforcing the important role of policy in systems design, evolution, management, and policy enforcement.
Hide full abstract
Keywords
policy; software security; information security; fraud prevention
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
