Visible to the public A Framework for Generating User-and Domain-Tailored Security Policy Editors

Submitted by grigby1 on Mon, 11/20/2017 - 11:25am
TitleA Framework for Generating User-and Domain-Tailored Security Policy Editors
Publication TypeConference Paper
Year of Publication2016
AuthorsRudolph, M., Moucha, C., Feth, D.
Conference Name2016 IEEE 24th International Requirements Engineering Conference Workshops (REW)
ISBN Number978-1-5090-3694-3
KeywordsCollaboration, Conferences, customization, domain-tailored security policy editors, error-prone specification, Facebook, formal specification, governance, Government, Natural languages, policy, Policy Administration Point, policy authors, policy languages, Policy specification, policy-based governance, pubcrawl, security, security of data, security policies, specification paradigms, Stakeholders, Terminology, unintended data leakage, usable policy editors, usable security, user-friendly, user-tailored security policy editors, Vocabulary
Abstract

In modern enterprises, incorrect or inconsistent security policies can lead to massive damage, e.g., through unintended data leakage. As policy authors have different skills and background knowledge, usable policy editors have to be tailored to the author's individual needs and to the corresponding application domain. However, the development of individual policy editors and the customization of existing ones is an effort consuming task. In this paper, we present a framework for generating tailored policy editors. In order to empower user-friendly and less error-prone specification of security policies, the framework supports multiple platforms, policy languages, and specification paradigms.
URLhttps://ieeexplore.ieee.org/document/7815607/
DOI10.1109/REW.2016.024
Citation Keyrudolph_framework_2016
Groups: