{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,5]],"date-time":"2025-10-05T16:59:09Z","timestamp":1759683549632,"version":"3.41.0"},"reference-count":31,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2008,7,1]],"date-time":"2008-07-01T00:00:00Z","timestamp":1214870400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["J. ACM"],"published-print":{"date-parts":[[2008,7]]},"abstract":"<jats:p>\n            The process of introducing security controls into a sensitive task, which we call\n            <jats:italic>secure task design<\/jats:italic>\n            in this article, consists of two steps: high-level security policy design and low-level enforcement scheme design. A high-level security policy states an overall requirement for a sensitive task. One example of a high-level security policy is a separation of duty policy, which requires a task to be performed by a team of at least\n            <jats:italic>k<\/jats:italic>\n            users. Unlike low-level enforcement schemes such as security constraints in workflows, a separation of duty policy states a high-level requirement about the task without referring to individual steps in the task. While extremely important and widely used, separation of duty policies state only requirements on the number of users involved in the task and do not capture the requirements on these users' attributes. In this article, we introduce a novel algebra that enables the formal specification of high-level policies that combine requirements on users' attributes with requirements on the number of users motivated by separation of duty considerations. We give the syntax and semantics of the algebra and study algebraic properties of its operators. After that, we study potential mechanisms to enforce high-level policies specified in the algebra and a number of computational problems related to policy analysis and enforcement.\n          <\/jats:p>","DOI":"10.1145\/1379759.1379760","type":"journal-article","created":{"date-parts":[[2008,8,5]],"date-time":"2008-08-05T13:35:10Z","timestamp":1217943310000},"page":"1-46","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":28,"title":["Beyond separation of duty"],"prefix":"10.1145","volume":"55","author":[{"given":"Ninghui","family":"Li","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, Indiana"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qihua","family":"Wang","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, Indiana"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2008,8,6]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/155183.155225"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/319171.319176"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382913"},{"volume-title":"Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS). 44--64","author":"Atluri V.","key":"e_1_2_1_4_1"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1063979.1063990"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/300830.300837"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/LICS.2006.32"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352623"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/504909.504910"},{"volume-title":"Proceedings of the 1987 IEEE Symposium on Security and Privacy. IEEE Computer Society Press","author":"Clark D. D.","key":"e_1_2_1_10_1"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/775412.775419"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1063979.1063986"},{"key":"e_1_2_1_13_1","unstructured":"Garey M. R. and Johnson D. S. 1979. Computers And Intractability. W. H. Freeman.  Garey M. R. and Johnson D. S. 1979. Computers And Intractability. W. H. Freeman."},{"volume-title":"Proceedings of IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press","author":"Gligor V. D.","key":"e_1_2_1_14_1"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/319171.319175"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/501963.501966"},{"volume-title":"Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society Press","author":"Li N.","key":"e_1_2_1_17_1"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1237500.1237501"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1988.8092"},{"volume-title":"Proceedings of IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press","author":"Nash M. J.","key":"e_1_2_1_20_1"},{"key":"e_1_2_1_21_1","unstructured":"Papadimittiou C. H. and Steiglitz K. 1982. Combinatorial Optimization. Prentice-Hall Englewood Cliffs NJ.   Papadimittiou C. H. and Steiglitz K. 1982. Combinatorial Optimization. Prentice-Hall Englewood Cliffs NJ."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/11494744_3"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"volume-title":"Proceedings of the IFIP WG11","year":"1990","author":"Sandhu R.","key":"e_1_2_1_24_1"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.1988.113349"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"volume-title":"Proceedings of The 10th Computer Security Foundations Workshop. IEEE Computer Society Press","author":"Simon T. T.","key":"e_1_2_1_27_1"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/1009380.1009674"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352622"},{"volume-title":"Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS). 90--105","author":"Wang Q.","key":"e_1_2_1_30_1"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/762476.762481"}],"container-title":["Journal of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1379759.1379760","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1379759.1379760","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:57:45Z","timestamp":1750255065000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1379759.1379760"}},"subtitle":["An algebra for specifying high-level security policies"],"short-title":[],"issued":{"date-parts":[[2008,7]]},"references-count":31,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2008,7]]}},"alternative-id":["10.1145\/1379759.1379760"],"URL":"https:\/\/doi.org\/10.1145\/1379759.1379760","relation":{},"ISSN":["0004-5411","1557-735X"],"issn-type":[{"type":"print","value":"0004-5411"},{"type":"electronic","value":"1557-735X"}],"subject":[],"published":{"date-parts":[[2008,7]]},"assertion":[{"value":"2007-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-05-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-08-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}