{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T07:17:29Z","timestamp":1743146249168,"version":"3.40.3"},"publisher-location":"Cham","reference-count":61,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031368394"},{"type":"electronic","value":"9783031368400"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-36840-0_16","type":"book-chapter","created":{"date-parts":[[2023,7,21]],"date-time":"2023-07-21T07:06:27Z","timestamp":1689923187000},"page":"362-388","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Trusted Implementation and\u00a0Enforcement of\u00a0Application Security Policies"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6596-2823","authenticated-orcid":false,"given":"Marius","family":"Schlegel","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,7,22]]},"reference":[{"key":"16_CR1","doi-asserted-by":"crossref","unstructured":"Alam, M., Zhang, X., Khan, K., Ali, G.: xDAuth: a scalable and lightweight framework for cross domain access control and delegation. In: SACMAT \u201911, pp. 31\u201340. ACM (2011)","DOI":"10.1145\/1998441.1998447"},{"key":"16_CR2","doi-asserted-by":"crossref","unstructured":"Amthor, P., Schlegel, M.: Towards language support for model-based security policy engineering. In: SECRYPT \u201920, pp. 513\u2013521. SCITEPRESS (2020)","DOI":"10.5220\/0009893205130521"},{"key":"16_CR3","doi-asserted-by":"crossref","unstructured":"Anderson, J.P.: Computer security technology planning study. Technical report ESD-TR-73-51, Vol. II, U.S. Air Force Electronic Systems Division (1972)","DOI":"10.21236\/AD0772806"},{"key":"16_CR4","doi-asserted-by":"crossref","unstructured":"Basin, D., Clavel, M., Egea, M.: A decade of model-driven security. In: SACMAT \u201911, pp. 1\u201310. ACM (2011)","DOI":"10.1145\/1998441.1998443"},{"key":"16_CR5","doi-asserted-by":"crossref","unstructured":"Bezawada, B., Haefner, K., Ray, I.: Securing home IoT environments with attribute-based access control. In: ABAC \u201918, pp. 43\u201353. ACM (2018)","DOI":"10.1145\/3180457.3180464"},{"issue":"2","key":"16_CR6","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1145\/1065545.1065547","volume":"8","author":"R Bhatti","year":"2005","unstructured":"Bhatti, R., Ghafoor, A., Bertino, E., Joshi, J.B.D.: X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control. ACM TISSEC 8(2), 187\u2013227 (2005)","journal-title":"ACM TISSEC"},{"key":"16_CR7","doi-asserted-by":"crossref","unstructured":"Bonatti, P.A., De Capitani di Vimercati, S., Pierangela, S.: An algebra for composing access control policies. ACM TISSEC 5(1), 1\u201335 (2002)","DOI":"10.1145\/504909.504910"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Canella, C., et al.: Fallout: leaking data on meltdown-resistant CPUs. In: CCS \u201919, pp. 769\u2013784. ACM (2019)","DOI":"10.1145\/3319535.3363219"},{"key":"16_CR9","unstructured":"Carter, J.: Using GConf as an example of how to create an userspace object manager. In: SEinux Symposium \u201907 (2007)"},{"key":"16_CR10","unstructured":"Casbin Organization: Casbin (2022). https:\/\/casbin.org"},{"key":"16_CR11","doi-asserted-by":"crossref","unstructured":"Chen, J., Shang, W., Hassan, A.E., Wang, Y., Lin, J.: An experience report of generating load tests using log-recovered workloads at varying granularities of user behaviour. In: ASE \u201919, pp. 669\u2013681. IEEE (2019)","DOI":"10.1109\/ASE.2019.00068"},{"key":"16_CR12","unstructured":"Connolly, D.: Rust-SQLite3: rustic bindings for SQLite3 (2022). https:\/\/crates.io\/crates\/rust-sqlite"},{"key":"16_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"390","DOI":"10.1007\/978-3-642-28641-4_21","volume-title":"Principles of Security and Trust","author":"J Crampton","year":"2012","unstructured":"Crampton, J., Morisset, C.: PTaCL: a language for attribute-based access control in open systems. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 390\u2013409. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-28641-4_21"},{"key":"16_CR14","doi-asserted-by":"crossref","unstructured":"Ding, Y., et al.: POSTER: Rust SGX SDK: towards memory safety in Intel SGX enclave. In: CCS\u2019 17, pp. 2491\u20132493. ACM (2017)","DOI":"10.1145\/3133956.3138824"},{"key":"16_CR15","unstructured":"Ding, Y., et\u00a0al.: apache\/incubator-teaclave-sgx-sdk: Apache Teaclave (incubating) SGX SDK helps developers to write Intel SGX applications in the Rust programming language, and also known as Rust SGX SDK (2022). https:\/\/github.com\/apache\/incubator-teaclave-sgx-sdk"},{"key":"16_CR16","doi-asserted-by":"crossref","unstructured":"Fadhel, A.B., Bianculli, D., Briand, L.C.: GemRBAC-DSL: a high-level specification language for role-based access control policies. In: SACMAT \u201916, pp. 179\u2013190. ACM (2016)","DOI":"10.1145\/2914642.2914656"},{"key":"16_CR17","unstructured":"Ferraiolo, D., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House (2007)"},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"Fong, P.W.L.: Relationship-based access control: protection model and policy language. In: CODASPY \u201911, pp. 191\u2013202. ACM (2011)","DOI":"10.1145\/1943513.1943539"},{"key":"16_CR19","doi-asserted-by":"crossref","unstructured":"Gupta, M., Patwa, F., Sandhu, R.: An attribute-based access control model for secure big data processing in hadoop ecosystem. In: ABAC \u201918, pp. 13\u201324. ACM (2018)","DOI":"10.1145\/3180457.3180463"},{"issue":"8","key":"16_CR20","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1145\/360303.360333","volume":"19","author":"MA Harrison","year":"1976","unstructured":"Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461\u2013471 (1976)","journal-title":"Commun. ACM"},{"key":"16_CR21","unstructured":"Hipp, D.R., Kennedy, D., Mistachkin, J.: SQLite Version 3.32.3 (2020). https:\/\/www.sqlite.org\/src\/info\/7ebdfa80be8e8e73"},{"key":"16_CR22","unstructured":"IBM: Db2 11.1 \u2013 Label-based Access Control Overview (2016). https:\/\/www.ibm.com\/support\/knowledgecenter\/en\/SSEPGG_11.1.0\/com.ibm.db2.luw.admin.sec.doc\/doc\/c0021114.html"},{"key":"16_CR23","unstructured":"Intel Corporation: Intel\u00aeSGX SDK for Linux* OS\u00a0\u2013 Developer Reference (2020). https:\/\/download.01.org\/intel-sgx\/sgx-linux\/2.9.1\/docs\/Intel_SGX_Developer_Reference_Linux_2.9.1_Open_Source.pdf"},{"key":"16_CR24","unstructured":"Intel Corporation: Intel\u00ae Software Guard Extensions (Intel\u00aeSGX) Debug and Build Configurations(2020). https:\/\/www.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/intel-sgx-build-configuration-737361.pdf"},{"key":"16_CR25","unstructured":"Intel Corporation: Intel\u00aeSoftware Guard Extensions (2022). https:\/\/www.intel.com\/content\/www\/us\/en\/architecture-and-technology\/software-guard-extensions.html"},{"key":"16_CR26","unstructured":"Klabnik, S., Nichols, C.: The Rust Programming Language. No Starch Press (2018)"},{"key":"16_CR27","doi-asserted-by":"crossref","unstructured":"Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: S &P \u201919, pp. 1\u201319. IEEE (2019)","DOI":"10.1109\/SP.2019.00002"},{"key":"16_CR28","unstructured":"Lipp, M., et al.: Meltdown: reading kernel memory from user space. In: Secur. \u201918, pp. 973\u2013990. USENIX (2018)"},{"key":"16_CR29","unstructured":"Loscocco, P.A., Smalley, S.D.: Integrating flexible support for security policies into the Linux operating system. In: ATC \u201901, pp. 29\u201342. USENIX (2001)"},{"key":"16_CR30","unstructured":"MacMillan, K., Brindle, J., Mayer, F., Caplan, D., Tang, J.: Design and implementation of the SELinux policy management server. In: SELinux Symposium \u201906 (2006)"},{"key":"16_CR31","doi-asserted-by":"crossref","unstructured":"Matsakis, N.D., Klock, F.S.: The Rust language. In: HILT \u201914, pp. 103\u2013104. ACM (2014)","DOI":"10.1145\/2692956.2663188"},{"key":"16_CR32","unstructured":"OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS Standard 499\u20132013, Organization for the Advancement of Structured Information Standards (2013)"},{"key":"16_CR33","unstructured":"OpenMRS Inc.: OpenMRS Demo Data (2021). https:\/\/wiki.openmrs.org\/display\/RES\/Demo+Data"},{"key":"16_CR34","unstructured":"OpenMRS Inc.: OpenMRS (2022). https:\/\/openmrs.org"},{"key":"16_CR35","unstructured":"Oracle: Oracle Label Security Administrator\u2019s Guide, 18c (2018). https:\/\/docs.oracle.com\/en\/database\/oracle\/oracle-database\/18\/olsag\/index.html"},{"key":"16_CR36","unstructured":"Oso Security, Inc.: Oso (2022). https:\/\/www.osohq.com"},{"key":"16_CR37","doi-asserted-by":"crossref","unstructured":"Rizvi, S.Z.R., Fong, P.W., Crampton, J., Sellwood, J.: Relationship-based access control for an open-source medical records system. In: SACMAT \u201915, pp. 113\u2013124. ACM (2015)","DOI":"10.1145\/2752952.2752962"},{"key":"16_CR38","doi-asserted-by":"crossref","unstructured":"van Schaik, S., et al.: RIDL: rogue in-flight data load. In: S &P \u201919, pp. 88\u2013105. IEEE (2019)","DOI":"10.1109\/SP.2019.00087"},{"key":"16_CR39","doi-asserted-by":"crossref","unstructured":"Schlegel, M.: Poster: Shielding AppSPEAR - enhancing memory safety for trusted application-level security policy enforcement. In: SACMAT \u201921, pp. 99\u2013101. ACM (2021)","DOI":"10.1145\/3450569.3464396"},{"key":"16_CR40","doi-asserted-by":"crossref","unstructured":"Schlegel, M.: Trusted enforcement of application-specific security policies. In: SECRYPT \u201921, pp. 343\u2013355. SCITEPRESS (2021)","DOI":"10.5220\/0010579703430355"},{"key":"16_CR41","doi-asserted-by":"crossref","unstructured":"Schlegel, M., Amthor, P.: Beyond administration: a modeling scheme supporting the dynamic analysis of role-based access control policies. In: SECRYPT \u201920, pp. 431\u2013442. SCITEPRESS (2020)","DOI":"10.5220\/0009834304310442"},{"key":"16_CR42","doi-asserted-by":"crossref","unstructured":"Schlegel, M., Amthor, P.: The missing piece of the ABAC puzzle: a modeling scheme for dynamic analysis. In: SECRYPT \u201921, pp. 234\u2013246. SCITEPRESS (2021)","DOI":"10.5220\/0010556200002998"},{"key":"16_CR43","doi-asserted-by":"crossref","unstructured":"Schlegel, M., Amthor, P.: Putting the pieces together: model-based engineering workflows for attribute-based access control policies. In: SECRYPT 2021 Revised Selected Papers. CCIS. Springer, Cham (2022, submitted)","DOI":"10.1007\/978-3-031-36840-0_12"},{"key":"16_CR44","doi-asserted-by":"crossref","unstructured":"Schlegel, M., K\u00fchnhauser, W.E.: Exploiting hot spots in heuristic safety analysis of dynamic access control models. In: SECRYPT \u201920, pp. 522\u2013532. SCITEPRESS (2020)","DOI":"10.5220\/0009907705220532"},{"key":"16_CR45","doi-asserted-by":"crossref","unstructured":"Schwarz, M., et al.: ZombieLoad: cross-privilege-boundary data sampling. In: CCS \u201919, pp. 753\u2013768. ACM (2019)","DOI":"10.1145\/3319535.3354252"},{"key":"16_CR46","doi-asserted-by":"crossref","unstructured":"Shu, R., et al.: A study of security isolation techniques. ACM Comput. Surv. 49(3), 50:1\u201350:37 (2016)","DOI":"10.1145\/2988545"},{"key":"16_CR47","unstructured":"Smalley, S.D., Vance, C., Salamon, W.: Implementing SELinux as a Linux security module. NAI Labs Rep. 01-043, NAI Labs (2001)"},{"key":"16_CR48","doi-asserted-by":"crossref","unstructured":"Stoller, S.D., Yang, P., Gofman, M.I., Ramakrishnan, C.R.: Symbolic reachability analysis for parameterized role-based access control. Elsevier Comput. Secur. 30(2\u20133), 148\u2013164 (2011)","DOI":"10.1016\/j.cose.2010.08.002"},{"key":"16_CR49","doi-asserted-by":"crossref","unstructured":"Stoller, S.D., Yang, P., Ramakrishnan, C.R., Gofman, M.I.: Efficient policy analysis for administrative role based access control. In: CCS \u201907, pp. 445\u2013455. ACM (2007)","DOI":"10.1145\/1315245.1315300"},{"key":"16_CR50","unstructured":"Thompson, A., Castle, E., Lubeck, P., Makarfi, P.S.: Experience implementing OpenMRS to support maternal and reproductive health in Northern Nigeria. In: MedInfo \u201910, pp. 332\u2013336. IOS Press (2010)"},{"key":"16_CR51","unstructured":"Tierney, W.M., et al.: Experience implementing electronic health records in three East African countries. In: MedInfo \u201910, pp. 371\u2013375. IOS Press (2010)"},{"key":"16_CR52","unstructured":"Tresys Technology: SELinux Policy Server (2014). http:\/\/oss.tresys.com\/archive\/policy-server.php"},{"issue":"1","key":"16_CR53","first-page":"28","volume":"10","author":"MV Tripunitara","year":"2013","unstructured":"Tripunitara, M.V., Li, N.: The foundational work of Harrison-Ruzzo-Ullman revisited. IEEE TDSC 10(1), 28\u201339 (2013)","journal-title":"IEEE TDSC"},{"key":"16_CR54","unstructured":"Van Bulck, J., et al.: Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: Secur. \u201918, pp. 991\u20131008. USENIX (2018)"},{"key":"16_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"225","DOI":"10.1007\/978-3-540-31970-2_18","volume-title":"Databases in Networked Information Systems","author":"S De Capitani di Vimercati","year":"2005","unstructured":"De Capitani di Vimercati, S., Samarati, P., Jajodia, S.: Policies, models, and languages for access control. In: Bhalla, S. (ed.) DNIS 2005. LNCS, vol. 3433, pp. 225\u2013237. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-31970-2_18"},{"key":"16_CR56","unstructured":"Walsh, E.F.: Application of the Flask architecture to the X window system server. In: SELinux Symposium \u201907 (2007)"},{"key":"16_CR57","doi-asserted-by":"crossref","unstructured":"Wang, H., et al.: Towards memory safe enclave programming with Rust-SGX. In: CCS \u201919, pp. 2333\u20132350. ACM (2019)","DOI":"10.1145\/3319535.3354241"},{"key":"16_CR58","doi-asserted-by":"crossref","unstructured":"Watson, R.N.M.: A decade of os access-control extensibility. ACM Queue 11(1), 20:20\u201320:41 (2013)","DOI":"10.1145\/2428616.2430732"},{"key":"16_CR59","doi-asserted-by":"crossref","unstructured":"Weichbrodt, N., Aublin, P.L., Kapitza, R.: SGX-PERF: a performance analysis tool for Intel SGX enclaves. In: Middleware \u201918, pp. 201\u2013213. ACM (2018)","DOI":"10.1145\/3274808.3274824"},{"key":"16_CR60","doi-asserted-by":"crossref","unstructured":"Weisse, O., Bertacco, V., Austin, T.: Regaining lost cycles with HotCalls: a fast interface for SGX secure enclaves. In: ISCA \u201917, pp. 81\u201393. ACM (2017)","DOI":"10.1145\/3140659.3080208"},{"key":"16_CR61","unstructured":"Wolfe, B.A., et al.: The OpenMRS system: collaborating toward an open source EMR for developing countries. In: AMIA Annual Symposium \u201906, p. 1146 (AMIA) (2006)"}],"container-title":["Communications in Computer and Information Science","E-Business and Telecommunications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-36840-0_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,24]],"date-time":"2024-10-24T19:36:17Z","timestamp":1729798577000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-36840-0_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031368394","9783031368400"],"references-count":61,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-36840-0_16","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"22 July 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICETE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on E-Business and Telecommunications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 July 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icete2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ice-business.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"PRIMORIS","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"197","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}