{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:21:20Z","timestamp":1750306880525,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,12,3]],"date-time":"2012-12-03T00:00:00Z","timestamp":1354492800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,12,3]]},"DOI":"10.1145\/2420950.2420991","type":"proceedings-article","created":{"date-parts":[[2012,12,19]],"date-time":"2012-12-19T14:12:22Z","timestamp":1355926342000},"page":"269-278","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Transforming commodity security policies to enforce Clark-Wilson integrity"],"prefix":"10.1145","author":[{"given":"Divya","family":"Muthukumaran","sequence":"first","affiliation":[{"name":"Pennsylvania State University"}]},{"given":"Sandra","family":"Rueda","sequence":"additional","affiliation":[{"name":"Universidad de los Andes"}]},{"given":"Nirupama","family":"Talele","sequence":"additional","affiliation":[{"name":"Pennsylvania State University"}]},{"given":"Hayawardh","family":"Vijayakumar","sequence":"additional","affiliation":[{"name":"Pennsylvania State University"}]},{"given":"Jason","family":"Teutsch","sequence":"additional","affiliation":[{"name":"Pennsylvania State University"}]},{"given":"Trent","family":"Jaeger","sequence":"additional","affiliation":[{"name":"Pennsylvania State University"}]}],"member":"320","published-online":{"date-parts":[[2012,12,3]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/503502.503503"},{"key":"e_1_3_2_1_3_1","unstructured":"http:\/\/fedoraproject.org\/wiki\/SELinux\/audit2allow 1996.  http:\/\/fedoraproject.org\/wiki\/SELinux\/audit2allow 1996."},{"key":"e_1_3_2_1_4_1","first-page":"12","volume-title":"Proceedings of the 5th conference on USENIX UNIX Security Symposium -","volume":"5","author":"Badger L.","year":"1995","unstructured":"Badger , L. , Sterne , D. F. , Sherman , D. L. , Walker , K. M. , and Haghighat , S. A . A domain and type enforcement unix prototype . In Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5 ( 1995 ), SSYM'95, pp. 12 -- 12 . Badger, L., Sterne, D. F., Sherman, D. L., Walker, K. M., and Haghighat, S. A. A domain and type enforcement unix prototype. In Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5 (1995), SSYM'95, pp. 12--12."},{"key":"e_1_3_2_1_6_1","volume-title":"NDSS '10","author":"Chari","year":"2010","unstructured":"Chari et al., S. Where do you want to go today? escalating privileges by pathname manipulation . In NDSS '10 ( 2010 ). Chari et al., S. Where do you want to go today? escalating privileges by pathname manipulation. In NDSS '10 (2010)."},{"key":"e_1_3_2_1_7_1","volume-title":"NDSS","author":"Chen H.","year":"2009","unstructured":"Chen , H. , Li , N. , and Mao , Z . Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems . In NDSS ( 2009 ). Chen, H., Li, N., and Mao, Z. Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems. In NDSS (2009)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.1987.10001"},{"key":"e_1_3_2_1_9_1","unstructured":"Coker G. Xen Security Modules (XSM). http:\/\/www.xen.org\/files\/xensummit_4\/xsm-summit-041707_Coker.pdf.  Coker G. Xen Security Modules (XSM). http:\/\/www.xen.org\/files\/xensummit_4\/xsm-summit-041707_Coker.pdf."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.4"},{"key":"e_1_3_2_1_11_1","volume-title":"EuroPKI","author":"Dragoni N.","year":"2007","unstructured":"Dragoni , N. , Massacci , F. , Naliuka , K. , and Siahaan , I . Security-by-contract: Towards a semantics for digital signatures on mobile code . In EuroPKI ( 2007 ). Dragoni, N., Massacci, F., Naliuka, K., and Siahaan, I. Security-by-contract: Towards a semantics for digital signatures on mobile code. In EuroPKI (2007)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/646248.758821"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.19"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1809842.1809870"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1805874.1805982"},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of Workshop on Advanced Developments in Software and Systems Security","author":"Howard M.","year":"2003","unstructured":"Howard , M. , Pincus , J. , and Wing , J . Measuring Relative Attack Surfaces . In Proceedings of Workshop on Advanced Developments in Software and Systems Security ( 2003 ). Howard, M., Pincus, J., and Wing, J. Measuring Relative Attack Surfaces. In Proceedings of Workshop on Advanced Developments in Software and Systems Security (2003)."},{"key":"e_1_3_2_1_17_1","volume-title":"Proc. 2nd Intl. Conf. on Security and Privacy in Communication Networks (Aug.","author":"Jaeger T.","year":"2006","unstructured":"Jaeger , T. , Butler , K. , King , D. H. , Hallyn , S. , Latten , J. , and Zhang , X . Leveraging IPsec for Mandatory Access Control Across Systems . In Proc. 2nd Intl. Conf. on Security and Privacy in Communication Networks (Aug. 2006 ). Jaeger, T., Butler, K., King, D. H., Hallyn, S., Latten, J., and Zhang, X. Leveraging IPsec for Mandatory Access Control Across Systems. In Proc. 2nd Intl. Conf. on Security and Privacy in Communication Networks (Aug. 2006)."},{"key":"e_1_3_2_1_18_1","volume-title":"USENIX Security Symposium (Aug.","author":"Jaeger T.","year":"2003","unstructured":"Jaeger , T. , Sailer , R. , and Zhang , X . Analyzing integrity protection in the SELinux example policy . In USENIX Security Symposium (Aug. 2003 ). Jaeger, T., Sailer, R., and Zhang, X. Analyzing integrity protection in the SELinux example policy. In USENIX Security Symposium (Aug. 2003)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-11957-6_18"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294293"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.37"},{"key":"e_1_3_2_1_22_1","unstructured":"Linux KVM. Kernel based virtual machine. http:\/\/www.linux-kvm.org.  Linux KVM. Kernel based virtual machine. http:\/\/www.linux-kvm.org."},{"key":"e_1_3_2_1_24_1","volume-title":"In proceedings of NordSec","author":"Massacci F.","year":"2007","unstructured":"Massacci , F. , and Siahaan , I . Matching Midlet's security claims with a platform security policy using automata modulo theory . In In proceedings of NordSec ( 2007 ). Massacci, F., and Siahaan, I. Matching Midlet's security claims with a platform security policy using automata modulo theory. In In proceedings of NordSec (2007)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1178618.1178620"},{"key":"e_1_3_2_1_26_1","unstructured":"Morris J. New secmark-based network controls for selinux. http:\/\/james-morris.livejournal.com\/11010.html.  Morris J. New secmark-based network controls for selinux. http:\/\/james-morris.livejournal.com\/11010.html."},{"key":"e_1_3_2_1_27_1","unstructured":"MSDN. Mandatory Integrity Control (Windows). http:\/\/msdn.microsoft.com\/en-us\/library\/bb648648%28VS.85%29.aspx.  MSDN. Mandatory Integrity Control (Windows). http:\/\/msdn.microsoft.com\/en-us\/library\/bb648648%28VS.85%29.aspx."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292561"},{"key":"e_1_3_2_1_29_1","unstructured":"Myers A. C. Zheng L. Zdancewic S. Chong S. and Nystrom N. Jif: Java information flow. http:\/\/www.cs.cornell.edu\/jif July 2001-2003.  Myers A. C. Zheng L. Zdancewic S. Chong S. and Nystrom N. Jif: Java information flow. http:\/\/www.cs.cornell.edu\/jif July 2001-2003."},{"key":"e_1_3_2_1_30_1","volume-title":"ACSAC","author":"Noel S.","year":"2003","unstructured":"Noel , S. , Jajodia , S. , O'Berry , B. , and Jacobs , M . Efficient minimum-cost network hardening via exploit dependency graphs . In ACSAC ( 2003 ). Noel, S., Jajodia, S., O'Berry, B., and Jacobs, M. Efficient minimum-cost network hardening via exploit dependency graphs. In ACSAC (2003)."},{"key":"e_1_3_2_1_31_1","unstructured":"Novell. AppArmor Linux Application Security. http:\/\/www.novell.com\/linux\/security\/apparmor\/.  Novell. AppArmor Linux Application Security. http:\/\/www.novell.com\/linux\/security\/apparmor\/."},{"key":"e_1_3_2_1_32_1","unstructured":"NetLabel - Explicit labeled networking for Linux. http:\/\/www.nsa.gov\/selinux.  NetLabel - Explicit labeled networking for Linux. http:\/\/www.nsa.gov\/selinux."},{"key":"e_1_3_2_1_33_1","unstructured":"Security-enhanced linux. http:\/\/www.nsa.gov\/selinux.  Security-enhanced linux. http:\/\/www.nsa.gov\/selinux."},{"key":"e_1_3_2_1_34_1","unstructured":"on Combinatorial Optimization E. R. G. Lemon Graph Library. http:\/\/lemon.cs.elte.hu\/trac\/lemon.  on Combinatorial Optimization E. R. G. Lemon Graph Library. http:\/\/lemon.cs.elte.hu\/trac\/lemon."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180446"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1278901.1278905"},{"key":"e_1_3_2_1_37_1","volume-title":"Workshop on Foundations of Computer Security (FCS'09)","author":"Pike L.","year":"2009","unstructured":"Pike , L. Post-hoc separation policy analysis with graph algorithms . In Workshop on Foundations of Computer Security (FCS'09) . Affiliated with Logic in Computer Science (LICS ) ( August 2009 ). Pike, L. Post-hoc separation policy analysis with graph algorithms. In Workshop on Foundations of Computer Security (FCS'09). Affiliated with Logic in Computer Science (LICS) (August 2009)."},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the 2003 USENIX Security Symposium (August","author":"Provos N.","year":"2003","unstructured":"Provos , N. Improving host security with system call policies . In Proceedings of the 2003 USENIX Security Symposium (August 2003 ). Provos, N. Improving host security with system call policies. In Proceedings of the 2003 USENIX Security Symposium (August 2003)."},{"key":"e_1_3_2_1_39_1","first-page":"16","volume-title":"Proceedings of the 12th conference on USENIX Security Symposium -","volume":"12","author":"Provos N.","year":"2003","unstructured":"Provos , N. , Friedl , M. , and Honeyman , P . Preventing privilege escalation . In Proceedings of the 12th conference on USENIX Security Symposium - Volume 12 (Berkeley, CA, USA, 2003 ), USENIX Association , pp. 16 -- 16 . Provos, N., Friedl, M., and Honeyman, P. Preventing privilege escalation. In Proceedings of the 12th conference on USENIX Security Symposium - Volume 12 (Berkeley, CA, USA, 2003), USENIX Association, pp. 16--16."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1543135.1542484"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.13"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of the 21st USENIX Security Symposium","author":"Santos N.","year":"2012","unstructured":"Santos , N. , Rodrigues , R. , Gummadi , K. P. , and Saroiu , S . Policy-sealed data: a new abstraction for building trusted cloud services . In Proceedings of the 21st USENIX Security Symposium ( 2012 ), USENIX Association. Santos, N., Rodrigues, R., Gummadi, K. P., and Saroiu, S. Policy-sealed data: a new abstraction for building trusted cloud services. In Proceedings of the 21st USENIX Security Symposium (2012), USENIX Association."},{"key":"e_1_3_2_1_45_1","volume-title":"WITS (April","author":"Sarna-Starosta B.","year":"2004","unstructured":"Sarna-Starosta , B. , and Stoller , S. D . Policy analysis for security-enhanced linux . In WITS (April 2004 ). Sarna-Starosta, B., and Stoller, S. D. Policy analysis for security-enhanced linux. In WITS (April 2004)."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.15"},{"key":"e_1_3_2_1_47_1","volume-title":"Proceedings of the 2006 ISOC Networked and Distributed Systems Security Symposium (February","author":"Shankar U.","year":"2006","unstructured":"Shankar , U. , Jaeger , T. , and Sailer , R . Toward Automated Information-Flow Integrity Verification for Security-Critical Applications . In Proceedings of the 2006 ISOC Networked and Distributed Systems Security Symposium (February 2006 ). Shankar, U., Jaeger, T., and Sailer, R. Toward Automated Information-Flow Integrity Verification for Security-Critical Applications. In Proceedings of the 2006 ISOC Networked and Distributed Systems Security Symposium (February 2006)."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.5555\/829514.830526"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.35"},{"key":"e_1_3_2_1_51_1","unstructured":"Sun Microsystems. Trusted solaris operating environment - a technical overview. http:\/\/www.sun.com.  Sun Microsystems. Trusted solaris operating environment - a technical overview. http:\/\/www.sun.com."},{"key":"e_1_3_2_1_52_1","unstructured":"Tresys. SETools - Policy Analysis Tools for SELinux. Available at http:\/\/oss.tresys.com\/projects\/setools.  Tresys. SETools - Policy Analysis Tools for SELinux. Available at http:\/\/oss.tresys.com\/projects\/setools."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2414456.2414500"},{"key":"e_1_3_2_1_54_1","first-page":"15","volume-title":"Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference","author":"Watson R. N. M.","year":"2001","unstructured":"Watson , R. N. M. Trusted BSD : Adding trusted operating system features to FreeBSD . In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference ( 2001 ), pp. 15 -- 28 . Watson, R. N. M. TrustedBSD: Adding trusted operating system features to FreeBSD. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (2001), pp. 15--28."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/990036.990059"},{"key":"e_1_3_2_1_56_1","volume-title":"OSDI","author":"Zeldovich N.","year":"2006","unstructured":"Zeldovich , N. , Boyd-Wickizer , S. , Kohler , E. , and Mazi\u00e8res , D . Making information flow explicit in HiStar . In OSDI ( 2006 ). Zeldovich, N., Boyd-Wickizer, S., Kohler, E., and Mazi\u00e8res, D. Making information flow explicit in HiStar. In OSDI (2006)."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.5555\/1387589.1387610"}],"event":{"name":"ACSAC '12: Annual Computer Security Applications Conference","sponsor":["ACSA Applied Computing Security Assoc"],"location":"Orlando Florida USA","acronym":"ACSAC '12"},"container-title":["Proceedings of the 28th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2420950.2420991","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2420950.2420991","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T08:18:33Z","timestamp":1750234713000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2420950.2420991"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,12,3]]},"references-count":52,"alternative-id":["10.1145\/2420950.2420991","10.1145\/2420950"],"URL":"https:\/\/doi.org\/10.1145\/2420950.2420991","relation":{},"subject":[],"published":{"date-parts":[[2012,12,3]]},"assertion":[{"value":"2012-12-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}