{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T08:43:07Z","timestamp":1774946587615,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,6,11]],"date-time":"2021-06-11T00:00:00Z","timestamp":1623369600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Air Force Research Laboratory","award":["FA8750-19-C-0082"],"award-info":[{"award-number":["FA8750-19-C-0082"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,6,11]]},"DOI":"10.1145\/3450569.3463558","type":"proceedings-article","created":{"date-parts":[[2021,6,12]],"date-time":"2021-06-12T04:06:33Z","timestamp":1623470793000},"page":"165-174","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Can I Reach You? Do I Need To? New Semantics in Security Policy Specification and Testing"],"prefix":"10.1145","author":[{"given":"Charalampos","family":"Katsis","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Fabrizio","family":"Cicala","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Dan","family":"Thomsen","sequence":"additional","affiliation":[{"name":"SIFT, LLC, Minneapolis, MN, USA"}]},{"given":"Nathan","family":"Ringo","sequence":"additional","affiliation":[{"name":"SIFT, LLC, Minneapolis, MN, USA"}]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,6,11]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/IAS.2008.52"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-007-0045-7"},{"key":"e_1_3_2_1_3_1","volume-title":"3rd Conference on Security in Network Architectures and Information Systems (SAR-SSI","author":"Autrel Fabien","year":"2008","unstructured":"Fabien Autrel, Fr\u00e9d\u00e9ric Cuppens, N Cuppens-Boulahia, and Celine Coma. 2008. MotOrBAC 2: a security policy tool. In 3rd Conference on Security in Network Architectures and Information Systems (SAR-SSI 2008), Loctudy, France. 273--288."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1155\/2015\/872326"},{"key":"e_1_3_2_1_5_1","volume-title":"Abdeslam El Fergougui, and Abdelbaki Elbelrhiti Elalaoui","author":"Benzekki Kamal","year":"2016","unstructured":"Kamal Benzekki, Abdeslam El Fergougui, and Abdelbaki Elbelrhiti Elalaoui. 2016. Software-defined networking (SDN): a survey. Security and communication networks, Vol. 9, 18 (2016), 5803--5833."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2015.05.002"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00015"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2598336"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3409796"},{"key":"e_1_3_2_1_10_1","volume-title":"Ethane: Taking control of the enterprise. ACM SIGCOMM computer communication review","author":"Casado Martin","year":"2007","unstructured":"Martin Casado, Michael J Freedman, Justin Pettit, Jianying Luo, Nick McKeown, and Scott Shenker. 2007. Ethane: Taking control of the enterprise. ACM SIGCOMM computer communication review, Vol. 37, 4 (2007), 1--12."},{"key":"e_1_3_2_1_11_1","volume-title":"Misconfiguration management of network security components. arXiv preprint arXiv:1912.07283","author":"Cuppens Fr\u00e9d\u00e9ric","year":"2019","unstructured":"Fr\u00e9d\u00e9ric Cuppens, Nora Cuppens-Boulahia, and Joaquin Garcia-Alfaro. 2019. Misconfiguration management of network security components. arXiv preprint arXiv:1912.07283 (2019)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE48307.2020.00030"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062502"},{"key":"e_1_3_2_1_15_1","volume-title":"Data Privacy Management and Autonomous Spontaneous Security","author":"Garcia-Alfaro Joaquin","unstructured":"Joaquin Garcia-Alfaro, Fr\u00e9d\u00e9ric Cuppens, Nora Cuppens-Boulahia, and Stere Preda. 2010. MIRAGE: a management tool for the analysis and deployment of network security policies. In Data Privacy Management and Autonomous Spontaneous Security. Springer, 203--215."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1128817.1128867"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2006.1607877"},{"key":"e_1_3_2_1_18_1","first-page":"192","article-title":"Verification and test methods for access control policies\/models","volume":"800","author":"Hu Vincent C","year":"2017","unstructured":"Vincent C Hu, Rick Kuhn, and Dylan Yaga. 2017. Verification and test methods for access control policies\/models. NIST Special Publication, Vol. 800 (2017), 192.","journal-title":"NIST Special Publication"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1613\/jair.301"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Brian Krisler Partha Pal Zech Bertilson and Dan Thomsen. 2019. Secure Desktop Computing in the Cloud. In 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)\/2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). IEEE 107--112.","DOI":"10.1109\/CSCloud\/EdgeCom.2019.00-10"},{"key":"e_1_3_2_1_21_1","volume-title":"USENIX winter","author":"McCanne Steven","unstructured":"Steven McCanne and Van Jacobson. 1993. The BSD Packet Filter: A New Architecture for User-level Packet Capture.. In USENIX winter, Vol. 46."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1355734.1355746"},{"key":"e_1_3_2_1_23_1","unstructured":"Ralph Merkle. 1979. Merkle tree patent."},{"key":"e_1_3_2_1_24_1","volume-title":"Conference on the theory and application of cryptographic techniques. Springer, 369--378","author":"Merkle Ralph C","year":"1987","unstructured":"Ralph C Merkle. 1987. A digital signature based on a conventional encryption function. In Conference on the theory and application of cryptographic techniques. Springer, 369--378."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"John Moy et al. 1998. OSPF version 2. (1998).","DOI":"10.17487\/rfc2328"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1592681.1592684"},{"key":"e_1_3_2_1_27_1","unstructured":"Timothy Nelson Christopher Barratt Daniel J Dougherty Kathi Fisler and Shriram Krishnamurthi. 2010. The Margrave Tool for Firewall Analysis.. In LISA. 1--18."},{"key":"e_1_3_2_1_28_1","unstructured":"Palo Alto Networks. [n.d.]. What is a Zero Trust Architecture. https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-a-zero-trust-architecture"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3139293"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Donnie Savage James Ng Steven Moore Donald Slice Peter Paluch and Russ White. 2016. Cisco's enhanced interior gateway routing protocol (eigrp). In RFC Editor.","DOI":"10.17487\/RFC7868"},{"key":"e_1_3_2_1_32_1","volume-title":"Patterns in Security Enforcement Policy Development. In 18th International Workshop on Database and Expert Systems Applications (DEXA","author":"Thomsen Dan","year":"2007","unstructured":"Dan Thomsen. 2007. Patterns in Security Enforcement Policy Development. In 18th International Workshop on Database and Expert Systems Applications (DEXA 2007). IEEE, 744--748."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1943513.1943543"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3205977.3206000"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/TWC.2003.821207"}],"event":{"name":"SACMAT '21: The 26th ACM Symposium on Access Control Models and Technologies","location":"Virtual Event Spain","acronym":"SACMAT '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 26th ACM Symposium on Access Control Models and Technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3450569.3463558","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3450569.3463558","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3450569.3463558","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:47:50Z","timestamp":1750193270000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3450569.3463558"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,11]]},"references-count":34,"alternative-id":["10.1145\/3450569.3463558","10.1145\/3450569"],"URL":"https:\/\/doi.org\/10.1145\/3450569.3463558","relation":{},"subject":[],"published":{"date-parts":[[2021,6,11]]},"assertion":[{"value":"2021-06-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}