Dartmouth College Computer Science
Technical Report series
TR search TR listserv
|By author:||A B C D E F G H I J K L M N O P Q R S T U V W X Y Z|
|By number:||2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1998, 1997, 1996, 1995, 1994, 1993, 1992, 1991, 1990, 1989, 1988, 1987, 1986|
During our fieldwork with real-world organizations---including those in
Public Key Infrastructure (PKI), network configuration management, and
the electrical power grid---we repeatedly noticed that security
policies and related security artifacts are hard to manage. We
observed three core limitations of security policy analysis that
contribute to this difficulty. First, there is a gap between policy
languages and the tools available to practitioners. Traditional Unix
text-processing tools are useful, but practitioners cannot use these
tools to operate on the high-level languages in which security
policies are expressed and implemented. Second, practitioners cannot
process policy at multiple levels of abstraction but they need this
capability because many high-level languages encode hierarchical
object models. Finally, practitioners need feedback to be able
to measure how security policies and policy artifacts that implement
those policies change over time.
We designed and built our eXtended Unix tools (XUTools) to address these limitations of security policy analysis. First, our XUTools operate upon context-free languages so that they can operate upon the hierarchical object models of high-level policy languages. Second, our XUTools operate on parse trees so that practitioners can process and analyze texts at multiple levels of abstraction. Finally, our XUTools enable new computational experiments on multi-versioned structured texts and our tools allow practitioners to measure security policies and how they change over time. Just as programmers use high-level languages to program more efficiently, so can practitioners use these tools to analyze texts relative to a high-level language.
Throughout the historical transmission of text, people have identified meaningful substrings of text and categorized them into groups such as sentences, pages, lines, function blocks, and books to name a few. Our research interprets these useful structures as different context-free languages by which we can analyze text. XUTools are already in demand by practitioners in a variety of domains and articles on our research have been featured in various news outlets that include ComputerWorld, CIO Magazine, Communications of the ACM, and Slashdot.
Ph.D Dissertation. Advisor: Sean W. Smith.
Bibliographic citation for this report: [plain text] [BIB] [BibTeX] [Refer]
Or copy and paste:
Gabriel A. Weaver, "Security-Policy Analysis with eXtended Unix Tools." Dartmouth Computer Science Technical Report TR2013-728, March 2013.
Notify me about new tech reports.
Search the technical reports.
To receive paper copy of a report, by mail, send your address and the TR number to reports AT cs.dartmouth.edu
Copyright notice: The documents contained in this server are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
Technical reports collection maintained by David Kotz.