The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March-April (2012 vol.14)
pp: 4-7
David Ferraiolo , US National Institute of Standards and Technology
Jeffrey Voas , US National Institute of Standards and Technology
George F. Hurlburt , Change Index
ABSTRACT
<p>To many, system policy is a statement posted on a website indicating intention to protect personal data. In reality, policy is much broader, and its enforcement far more consequential. What if policy-derived rule sets could be rigorously defined and automated for software-intensive systems? Imagine a "policy machine" that allows codification of arbitrary rules stemming from policy to create executable code. Such a tool exists today at the US National Institute of Standards and Technology. The NIST Policy Machine offers a new technology in enforcing the important role of policy in systems design, evolution, management, and policy enforcement.</p>
INDEX TERMS
System policy, policy enforcement
CITATION
David Ferraiolo, Jeffrey Voas, George F. Hurlburt, "A Matter of Policy", IT Professional, vol.14, no. 2, pp. 4-7, March-April 2012, doi:10.1109/MITP.2012.30
REFERENCES
1. J. Martin et al., "Systems Engineering Guide," Naval Air Systems Command, May 2003.
2. A. Valjarevic and H.S. Venter, "Towards a Digital Forensic Readiness Framework for Public Key Infrastructure Systems," Proc. Information Security South Africa (ISSA 11), IEEE Press, 2011, pp. 1–10.
3. C. Matlack, "Société Générale's Fraud: What Now?" Bloomberg Business Week,24 Jan. 2008; www. businessweek.com/globalbiz/content/ jan2008gb20080124_769729.htm.
4. D. Ferraiolo, V. Atluri, and S. Gavrila, "The Policy Machine: A Novel Architecture and Framework for Access Control Policy Specification and Enforcement," J. Systems Architecture, vol. 57, no. 4, 2011, pp. 412–424.
7 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool