Socio-Technical Systems (STSs) are complex systems composed of both social (i.e., humans and organizations) and technical (i.e., hardware and software) elements. Security requirements for STSs define constraints for the sociotechnical interactions and can be specified as a set of security policies that have to be satisfied by the components of the system during their interactions. In this paper...

Protecting corporate assets, both the physical and the digital is a major concern for managers. Managers seek ways to encourage employees to adhere to and follow organizational security policies to protect not only the organization as a whole but also the employee and the customer as well. Part of the reason existing security measures fail is because employees fail to follow organizational secu...

This presentation will first discuss characteristics of multimedia data and information management systems and discuss research directions for incorporating security into such systems. It will review various security mechanisms and access control policies and discuss the applicability of these mechanisms and policies for multimedia data. It will discuss specific security challenges for text, im...

Bluetooth security has become increasingly important since Bluetooth is going to be used as a standard technology in wireless personal communication. This is especially true for Bluetooth applications that require strong security policies, e.g. mobile commerce applications. In this paper, a Bluetooth service-level security that allows easy implementation of flexible access policies is proposed....

Policy-based management of the security of a military communications network can simplify the configuration process, while increasing security and availability. An effective policy-based approach requires analysis of policies for inconsistencies, and for desired security properties. It also must provide for the refinement of high-level security goals into concrete policies. This paper defines a...

A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the current practice. But, formal policy statements are preferable to support (1) reasoning about policies, e.g., for consistency and completeness, (2) automated enf...

Proving software free of security bugs is hard. Languages that ensure that programs correctly enforce their security policies would help, but, to date, no security-typed language has the ability to verify the enforcement of the kinds of policies used in practice—dynamic, stateful policies which address a range of concerns including forms of access control and information flow tracking. This pap...

Organizations’ authorization policies are usually described by access control rules enforced on each protected object scattered all over the organization. Having a single global security policy specification would promote both security clarity and coherency [4, 9, 18, 31, 37]. Having a single security model for the whole organization, a single point of management and enforcement with a innumero...

All organisations must take active steps to maintain the security and integrity of their information resources, and nowhere is this strategy more critical than in hospitals where issues of information accuracy and patient confidentiality are paramount. Of all the tools at the information security manager’s disposal, none is more widely valued and used than the information security policy. Much ...

Abstract. As security devices and protocols become widely used on the Internet, the task of managing and processing communication security policies grows steeply in its complexity. This paper presents a scaleable, robust, secure distributed system that can manage communication security policies associated with multiple network domains and resolving the policies — esp. those that specify the use...