Author :
Ferraiolo, David ; Voas, Jeffrey ; Hurlburt, George F.
Abstract :
To many, system policy is a statement posted on a website indicating intention to protect personal data. In reality, policy is much broader, and its enforcement far more consequential. What if policy-derived rule sets could be rigorously defined and automated for software-intensive systems? Imagine a "policy machine" that allows codification of arbitrary rules stemming from policy to create executable code. Such a tool exists today at the US National Institute of Standards and Technology. The NIST Policy Machine offers a new technology in enforcing the important role of policy in systems design, evolution, management, and policy enforcement.
