Policy Specification Language Design

Abstract

The purpose of this investigation was to aid developers of groupware applications, such as applications using Lotus Notes, in choosing appropriate security controls. Products such as Lotus Notes have security controls (e.g., access control lists, encrypted sections, and digital signatures) for building applications that meet complex security policies. It may be difficult for the application developer to select the right combination of controls to meet the desired security policy. This report describes a security policy language that can express general policy constraints on users and data, as well as constraints that directly map to Lotus Notes security controls. It can capture both the type of protection desired as well as some aspects of the assurance level.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 1999
Accession Number
ADA360505

Entities

People

  • David M. Rosenthal
  • Matt Stillerman
  • Roshan Thomas

Tags

Communities of Interest

  • C4I
  • Human Systems
  • Space

DTIC Thesaurus Topics

  • Air Force
  • Air Force Research Laboratories
  • Classification
  • Commerce
  • Computer Access Control
  • Computer Programming
  • Electronic Mail
  • Formal Languages
  • Grammars
  • Information Warfare
  • Language
  • Military Research
  • Patent Applications
  • Programming Languages
  • Specifications
  • Standards
  • User Interface

Fields of Study

  • Computer science

Readers

  • Library and Information Science
  • Strategic Security Studies
  • Systems Analysis and Design

Technology Areas

  • Cyber