{"id":"https://openalex.org/W2117217919","doi":"https://doi.org/10.1145/2420950.2420991","title":"Transforming commodity security policies to enforce Clark-Wilson integrity","display_name":"Transforming commodity security policies to enforce Clark-Wilson integrity","publication_year":2012,"publication_date":"2012-12-03","ids":{"openalex":"https://openalex.org/W2117217919","doi":"https://doi.org/10.1145/2420950.2420991","mag":"2117217919"},"language":"en","primary_location":{"id":"doi:10.1145/2420950.2420991","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2420950.2420991","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5104084056","display_name":"Divya Muthukumaran","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Divya Muthukumaran","raw_affiliation_strings":["Pennsylvania State University"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087279722","display_name":"Sandra Rueda","orcid":"https://orcid.org/0000-0002-2111-9348"},"institutions":[{"id":"https://openalex.org/I4210143738","display_name":"Universidad de Los Andes","ror":"https://ror.org/04pqpvr75","country_code":"BO","type":"education","lineage":["https://openalex.org/I4210143738"]}],"countries":["BO"],"is_corresponding":false,"raw_author_name":"Sandra Rueda","raw_affiliation_strings":["Universidad de los Andes","Universidad de los Andes;"],"affiliations":[{"raw_affiliation_string":"Universidad de los Andes","institution_ids":["https://openalex.org/I4210143738"]},{"raw_affiliation_string":"Universidad de los Andes;","institution_ids":["https://openalex.org/I4210143738"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017981091","display_name":"Nirupama Talele","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nirupama Talele","raw_affiliation_strings":["Pennsylvania State University"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043723043","display_name":"Hayawardh Vijayakumar","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hayawardh Vijayakumar","raw_affiliation_strings":["Pennsylvania State University"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017252483","display_name":"Jason Teutsch","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jason Teutsch","raw_affiliation_strings":["Pennsylvania State University"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055045569","display_name":"Trent Jaeger","orcid":"https://orcid.org/0000-0002-4964-1170"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Trent Jaeger","raw_affiliation_strings":["Pennsylvania State University"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5104084056"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":1.768,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.87140673,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"269","last_page":"278"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7872346639633179},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7334586977958679},{"id":"https://openalex.org/keywords/mandatory-access-control","display_name":"Mandatory access control","score":0.5991995334625244},{"id":"https://openalex.org/keywords/data-integrity","display_name":"Data integrity","score":0.5606365203857422},{"id":"https://openalex.org/keywords/commodity","display_name":"Commodity","score":0.4916561245918274},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.47875872254371643},{"id":"https://openalex.org/keywords/mediation","display_name":"Mediation","score":0.442573219537735},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.4174899458885193},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.14514195919036865},{"id":"https://openalex.org/keywords/role-based-access-control","display_name":"Role-based access control","score":0.12564373016357422}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7872346639633179},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7334586977958679},{"id":"https://openalex.org/C2777407602","wikidata":"https://www.wikidata.org/wiki/Q1888932","display_name":"Mandatory access control","level":4,"score":0.5991995334625244},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.5606365203857422},{"id":"https://openalex.org/C2779439359","wikidata":"https://www.wikidata.org/wiki/Q317088","display_name":"Commodity","level":2,"score":0.4916561245918274},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.47875872254371643},{"id":"https://openalex.org/C179420905","wikidata":"https://www.wikidata.org/wiki/Q223871","display_name":"Mediation","level":2,"score":0.442573219537735},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.4174899458885193},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.14514195919036865},{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.12564373016357422},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/2420950.2420991","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2420950.2420991","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.421.9250","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.421.9250","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cse.psu.edu/~tjaeger/papers/acsac12-divya.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.487.9164","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.487.9164","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://people.cs.uchicago.edu/~teutsch/papers/acsac12.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.5899999737739563}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":46,"referenced_works":["https://openalex.org/W6385438","https://openalex.org/W109911468","https://openalex.org/W112576630","https://openalex.org/W154231405","https://openalex.org/W191839766","https://openalex.org/W299675352","https://openalex.org/W1481758559","https://openalex.org/W1495495588","https://openalex.org/W1512923091","https://openalex.org/W1516211918","https://openalex.org/W1516432943","https://openalex.org/W1523006294","https://openalex.org/W1576477450","https://openalex.org/W1587970460","https://openalex.org/W1618548847","https://openalex.org/W1682131187","https://openalex.org/W1965457815","https://openalex.org/W1975197166","https://openalex.org/W2002644257","https://openalex.org/W2013773577","https://openalex.org/W2053343487","https://openalex.org/W2065076704","https://openalex.org/W2069242349","https://openalex.org/W2075663494","https://openalex.org/W2086234010","https://openalex.org/W2095881341","https://openalex.org/W2101438812","https://openalex.org/W2110908300","https://openalex.org/W2121805588","https://openalex.org/W2129592257","https://openalex.org/W2134296086","https://openalex.org/W2149684006","https://openalex.org/W2152050029","https://openalex.org/W2152172333","https://openalex.org/W2152505375","https://openalex.org/W2158126684","https://openalex.org/W2159079348","https://openalex.org/W2162283517","https://openalex.org/W2167873465","https://openalex.org/W2168084064","https://openalex.org/W2395232863","https://openalex.org/W2912606234","https://openalex.org/W4240171122","https://openalex.org/W4285719527","https://openalex.org/W6600256889","https://openalex.org/W6601277159"],"related_works":["https://openalex.org/W2158881272","https://openalex.org/W2350594541","https://openalex.org/W2295582286","https://openalex.org/W2539425047","https://openalex.org/W2148952798","https://openalex.org/W2770657926","https://openalex.org/W1543439672","https://openalex.org/W2388818311","https://openalex.org/W2244657583","https://openalex.org/W2984218511"],"abstract_inverted_index":{"Modern":[0],"distributed":[1,61,168,203],"systems":[2,32,62,169],"are":[3,191],"composed":[4],"from":[5,129,236],"several":[6,30],"off-the-shelf":[7],"components,":[8,44],"including":[9],"operating":[10],"systems,":[11],"virtualization":[12],"infrastructure,":[13],"and":[14,51,140,205,207,239],"application":[15,21,173],"packages,":[16],"upon":[17],"which":[18,133],"some":[19],"custom":[20],"software":[22],"(e.g.,":[23],"web":[24,172],"application)":[25],"is":[26],"often":[27],"deployed.":[28],"While":[29],"commodity":[31,107],"now":[33],"include":[34],"mandatory":[35],"access":[36],"control":[37],"(MAC)":[38],"enforcement":[39],"to":[40,66,72,80,102,145,155,193,215],"protect":[41,156],"the":[42,45,52,68,90,120,127,130,151,161,195,201],"individual":[43,58],"complexity":[46],"of":[47,54,106,137,163,197],"such":[48],"MAC":[49,108,148],"policies":[50,109,149,166,225],"myriad":[53],"possible":[55],"interactions":[56],"among":[57],"hosts":[59],"in":[60],"makes":[63],"it":[64],"difficult":[65],"identify":[67],"attack":[69],"paths":[70],"available":[71,223],"adversaries.":[73],"As":[74,220],"a":[75,99,104,111,171,221,230],"result,":[76,222],"security":[77,224],"practitioners":[78],"react":[79],"vulnerabilities":[81],"as":[82,229],"adversaries":[83,199],"uncover":[84],"them,":[85],"rather":[86],"than":[87],"proactively":[88,115],"protecting":[89],"system's":[91],"data":[92,139],"integrity.":[93,158],"In":[94],"this":[95],"paper,":[96],"we":[97],"develop":[98],"mostly-automated":[100],"method":[101,125,182],"transform":[103],"set":[105],"into":[110],"system-wide":[112],"policy":[113],"that":[114,185],"protects":[116],"system":[117,157,204],"integrity,":[118],"approximating":[119],"Clark-Wilson":[121,131,165,217],"integrity":[122,135,218,234],"model.":[123],"The":[124],"uses":[126],"insights":[128],"model,":[132],"requires":[134],"verification":[136],"security-critical":[138],"mediation":[141,153,214],"at":[142],"program":[143],"entrypoints,":[144],"extend":[146],"existing":[147],"with":[150],"proactive":[152,233],"necessary":[154],"We":[159],"demonstrate":[160],"practicality":[162],"producing":[164],"for":[167,232],"on":[170,175],"running":[174],"virtualized":[176],"Ubuntu":[177],"SELinux":[178],"hosts,":[179],"where":[180],"our":[181],"finds:":[183],"(1)":[184],"only":[186,208],"27":[187],"additional":[188,210],"entrypoint":[189],"mediators":[190],"sufficient":[192],"mediate":[194],"threats":[196,212],"remote":[198,240],"over":[200],"entire":[202],"(2)":[206],"20":[209],"local":[211,238],"require":[213],"approximate":[216],"comprehensively.":[219],"can":[226],"be":[227],"used":[228],"foundation":[231],"protection":[235],"both":[237],"threats.":[241]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":2},{"year":2013,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}