{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T14:23:06Z","timestamp":1774966986690,"version":"3.50.1"},"reference-count":232,"publisher":"Association for Computing Machinery (ACM)","issue":"6","license":[{"start":{"date-parts":[[2019,2,4]],"date-time":"2019-02-04T00:00:00Z","timestamp":1549238400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"U.S. Army Research Laboratory and the U.K. Ministry of Defence","award":["W911NF-16-3-0001"],"award-info":[{"award-number":["W911NF-16-3-0001"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2019,11,30]]},"abstract":"Policy-based management of computer systems, computer networks and devices is a critical technology especially for present and future systems characterized by large-scale systems with autonomous devices, such as robots and drones. Maintaining reliable policy systems requires efficient and effective analysis approaches to ensure that the policies verify critical properties, such as correctness and consistency. In this paper, we present an extensive overview of methods for policy analysis. Then, we survey policy analysis systems and frameworks that have been proposed and compare them under various dimensions. We conclude the paper by outlining novel research directions in the area of policy analysis.<\/jats:p>","DOI":"10.1145\/3295749","type":"journal-article","created":{"date-parts":[[2019,2,5]],"date-time":"2019-02-05T20:40:21Z","timestamp":1549399221000},"page":"1-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":42,"title":["Methods and Tools for Policy Analysis"],"prefix":"10.1145","volume":"51","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2247-8860","authenticated-orcid":false,"given":"Amani Abu","family":"Jabal","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Maryam","family":"Davari","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Christian","family":"Makaya","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, NY, USA"}]},{"given":"Seraphin","family":"Calo","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, NY, USA"}]},{"given":"Dinesh","family":"Verma","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, NY, USA"}]},{"given":"Alessandra","family":"Russo","sequence":"additional","affiliation":[{"name":"Imperial College, London, UK"}]},{"given":"Christopher","family":"Williams","sequence":"additional","affiliation":[{"name":"The Defence Science and Technology Laboratory, Porton Down, UK"}]}],"member":"320","published-online":{"date-parts":[[2019,2,4]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Retrieved","year":"2018","unstructured":"{n.d.}. Alloy : A Language 8 Tool for Relational Models . Retrieved January 27, 2018 from http:\/\/alloy.mit.edu\/alloy\/index.html. {n.d.}. Alloy: A Language 8 Tool for Relational Models. Retrieved January 27, 2018 from http:\/\/alloy.mit.edu\/alloy\/index.html."},{"key":"e_1_2_1_2_1","volume-title":"Retrieved","year":"2018","unstructured":"{n.d.}. Cbench : An OpenFlow Controller Benchmark . Retrieved July 20, 2018 from https:\/\/github.com\/trema\/cbench. {n.d.}. Cbench: An OpenFlow Controller Benchmark. Retrieved July 20, 2018 from https:\/\/github.com\/trema\/cbench."},{"key":"e_1_2_1_3_1","volume-title":"Retrieved","year":"2018","unstructured":"{n.d.}. Extensible Access Control Markup Language (XACML) Version 3.0 . Retrieved January 27, 2018 from http:\/\/docs.oasis-open.org\/xacml\/3.0\/xacml-3.0-core-spec-os-en.html. {n.d.}. Extensible Access Control Markup Language (XACML) Version 3.0. Retrieved January 27, 2018 from http:\/\/docs.oasis-open.org\/xacml\/3.0\/xacml-3.0-core-spec-os-en.html."},{"key":"e_1_2_1_4_1","unstructured":"{n.d.}. Gorgias-B. Retrieved January 27 2018 from http:\/\/gorgiasb.tuc.gr\/index.html. {n.d.}. Gorgias-B. Retrieved January 27 2018 from http:\/\/gorgiasb.tuc.gr\/index.html."},{"key":"e_1_2_1_5_1","volume-title":"Retrieved","year":"2018","unstructured":"{n.d.}. List of SDN Activities . Retrieved January 27, 2018 from https:\/\/github.com\/sdnds-tw\/awesome-sdn. {n.d.}. List of SDN Activities. Retrieved January 27, 2018 from https:\/\/github.com\/sdnds-tw\/awesome-sdn."},{"key":"e_1_2_1_6_1","unstructured":"{n.d.}. NuSMV. Retrieved January 27 2018 from http:\/\/nusmv.fbk.eu\/. {n.d.}. NuSMV. Retrieved January 27 2018 from http:\/\/nusmv.fbk.eu\/."},{"key":"e_1_2_1_7_1","unstructured":"{n.d.}. OpenSMT. Retrieved January 27 2018 from http:\/\/verify.inf.usi.ch\/opensmt. {n.d.}. OpenSMT. Retrieved January 27 2018 from http:\/\/verify.inf.usi.ch\/opensmt."},{"key":"e_1_2_1_8_1","unstructured":"{n.d.}. XSB. Retrieved January 27 2018 from http:\/\/xsb.sourceforge.net. {n.d.}. XSB. Retrieved January 27 2018 from http:\/\/xsb.sourceforge.net."},{"key":"e_1_2_1_9_1","volume-title":"Retrieved","year":"2018","unstructured":"2017. Authorization and Permissions in SQL Server . Retrieved January 27, 2018 from https:\/\/msdn.microsoft.com\/en-us\/library\/bb669084(v=vs.110).aspx. 2017. Authorization and Permissions in SQL Server. Retrieved January 27, 2018 from https:\/\/msdn.microsoft.com\/en-us\/library\/bb669084(v=vs.110).aspx."},{"key":"e_1_2_1_10_1","volume-title":"Veryx Technologies. Retrieved","year":"2018","unstructured":"2018. Veryx Technologies. Retrieved June 23, 2018 from http:\/\/www.veryxtech.com\/products\/pktblaster-sdn-software-defined-network-test\/. 2018. Veryx Technologies. Retrieved June 23, 2018 from http:\/\/www.veryxtech.com\/products\/pktblaster-sdn-software-defined-network-test\/."},{"key":"e_1_2_1_11_1","doi-asserted-by":"crossref","unstructured":"A . Abu Jabal and E. Bertino. 2016. QL-SimP: Query language for secure interoperable multi-granular provenance framework. In CIC. IEEE 131--138. A . Abu Jabal and E. Bertino. 2016. QL-SimP: Query language for secure interoperable multi-granular provenance framework. In CIC. IEEE 131--138.","DOI":"10.1109\/CIC.2016.029"},{"key":"e_1_2_1_12_1","doi-asserted-by":"crossref","unstructured":"A. Abu Jabal and E. Bertino. 2016. SimP: Secure interoperable multi-granular provenance framework. In e-Science. IEEE 270--275. A. Abu Jabal and E. Bertino. 2016. SimP: Secure interoperable multi-granular provenance framework. In e-Science. IEEE 270--275.","DOI":"10.1109\/eScience.2016.7870908"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0218843018500077"},{"key":"e_1_2_1_14_1","unstructured":"A. Abu Jabal M. Davari E. Bertino C. Makaya S. Calo D. Verma and C. Williams. 2018. ProFact: A Provenance-based Analytics Framework for Access Control Policies. (2018). Manuscript submitted for publication. A. Abu Jabal M. Davari E. Bertino C. Makaya S. Calo D. Verma and C. Williams. 2018. ProFact: A Provenance-based Analytics Framework for Access Control Policies. (2018). Manuscript submitted for publication."},{"key":"e_1_2_1_15_1","unstructured":"A. T. Acree Jr. 1980. On Mutation. Ph.D. Dissertation. Georgia Institute of Technology School of Information and Computer Science. A. T. Acree Jr. 1980. On Mutation. Ph.D. Dissertation. Georgia Institute of Technology School of Information and Computer Science."},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the 4th International Conference on E-Technologies. Springer, 212--226","author":"Adi K.","unstructured":"K. Adi , Y. Bouzida , I. Hattak , L. Logrippo , and S. Mankovskii . 2009. Typing for conflict detection in access control policies . In Proceedings of the 4th International Conference on E-Technologies. Springer, 212--226 . K. Adi, Y. Bouzida, I. Hattak, L. Logrippo, and S. Mankovskii. 2009. Typing for conflict detection in access control policies. In Proceedings of the 4th International Conference on E-Technologies. Springer, 212--226."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/170036.170072"},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of the 20th International Conference on Very Large Data Bases (VLDB'94)","volume":"1215","author":"Agrawal R.","unstructured":"R. Agrawal and R. Srikant . 1994. Fast algorithms for mining association rules . In Proceedings of the 20th International Conference on Very Large Data Bases (VLDB'94) , Vol. 1215 . Morgan Kaufmann Publishers Inc., 487--499. R. Agrawal and R. Srikant. 1994. Fast algorithms for mining association rules. In Proceedings of the 20th International Conference on Very Large Data Bases (VLDB'94), Vol. 1215. Morgan Kaufmann Publishers Inc., 487--499."},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE'17)","author":"Ait El Hadj M.","unstructured":"M. Ait El Hadj , M. Ayache , Y. Benkaouz , A. Khoumsi , and M. Erradi . 2017. Clustering-based approach for anomaly detection in XACML policies . In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE'17) . SciTePress, 548--553. M. Ait El Hadj, M. Ayache, Y. Benkaouz, A. Khoumsi, and M. Erradi. 2017. Clustering-based approach for anomaly detection in XACML policies. In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE'17). SciTePress, 548--553."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.1978.1675141"},{"key":"e_1_2_1_21_1","doi-asserted-by":"crossref","unstructured":"E. Al-Shaer and H. Hamed. 2003. Firewall policy advisor for anomaly discovery and rule editing. In IM. IEEE 17--30. E. Al-Shaer and H. Hamed. 2003. Firewall policy advisor for anomaly discovery and rule editing. In IM. IEEE 17--30.","DOI":"10.1007\/978-0-387-35674-7_2"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2005.854119"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2004.4623689"},{"key":"e_1_2_1_24_1","volume-title":"INFOCOMM","volume":"4","author":"Al-Shaer E. S.","unstructured":"E. S. Al-Shaer and H. H. Hamed . 2004. Discovery of policy anomalies in distributed firewalls . In INFOCOMM , Vol. 4 . IEEE, 2605--2616. E. S. Al-Shaer and H. H. Hamed. 2004. Discovery of policy anomalies in distributed firewalls. In INFOCOMM, Vol. 4. IEEE, 2605--2616."},{"key":"e_1_2_1_25_1","volume-title":"ASASP: Automated symbolic analysis of security policies","author":"Alberti F.","year":"2011","unstructured":"F. Alberti , A. Armando , and S. Ranise . 2011 . ASASP: Automated symbolic analysis of security policies . In CADE. Springer , 26--33. F. Alberti, A. Armando, and S. Ranise. 2011. ASASP: Automated symbolic analysis of security policies. In CADE. Springer, 26--33."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966935"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2015.04.006"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2016.10.018"},{"key":"e_1_2_1_29_1","first-page":"91","article-title":"Arguing about firewall policy","volume":"245","author":"Applebaum A.","year":"2012","unstructured":"A. Applebaum , K. N. Levitt , J. Rowe , and S. Parsons . 2012 . Arguing about firewall policy . In COMMA , Vol. 245. 91 -- 102 . A. Applebaum, K. N. Levitt, J. Rowe, and S. Parsons. 2012. Arguing about firewall policy. In COMMA, Vol. 245. 91--102.","journal-title":"COMMA"},{"key":"e_1_2_1_30_1","volume-title":"Proceedings of the Intl. Conf. on Advances in Computing, Communication and Information Technology (CCIT'14)","author":"Aqib M.","unstructured":"M. Aqib and R. A. Shaikh . 2014. An algorithm to detect inconsistencies in access control policies . In Proceedings of the Intl. Conf. on Advances in Computing, Communication and Information Technology (CCIT'14) . 171--175. M. Aqib and R. A. Shaikh. 2014. An algorithm to detect inconsistencies in access control policies. In Proceedings of the Intl. Conf. on Advances in Computing, Communication and Information Technology (CCIT'14). 171--175."},{"key":"e_1_2_1_31_1","first-page":"157","article-title":"A tool for access control policy validation","volume":"19","author":"Aqib M.","year":"2018","unstructured":"M. Aqib and R. A. Shaikh . 2018 . A tool for access control policy validation . Journal of Internet Technology (JIT) 19 , 1 (2018), 157 -- 166 . M. Aqib and R. A. Shaikh. 2018. A tool for access control policy validation. Journal of Internet Technology (JIT) 19, 1 (2018), 157--166.","journal-title":"Journal of Internet Technology (JIT)"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1008699807402"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594317"},{"key":"e_1_2_1_34_1","volume-title":"Electronic Proceedings of the Annual Fall Meeting (AFM) of the International Technology Alliance (ICT).","author":"Bandara A.","unstructured":"A. Bandara , S. Calo , J. Lobo , E. Lupu , A. Russo , and M. Sloman . 2007. Toward a formal characterization of policy specification 8 analysis . In Electronic Proceedings of the Annual Fall Meeting (AFM) of the International Technology Alliance (ICT). A. Bandara, S. Calo, J. Lobo, E. Lupu, A. Russo, and M. Sloman. 2007. Toward a formal characterization of policy specification 8 analysis. In Electronic Proceedings of the Annual Fall Meeting (AFM) of the International Technology Alliance (ICT)."},{"key":"e_1_2_1_35_1","unstructured":"A. Bandara E. Lupu A. Russo N. Dulay M. Sloman P. Flegkas M. Charalambides and G. Pavlou. 2005. Policy refinement for DiffServ quality of service management. In IM. IEEE 469--482. A. Bandara E. Lupu A. Russo N. Dulay M. Sloman P. Flegkas M. Charalambides and G. Pavlou. 2005. Policy refinement for DiffServ quality of service management. In IM. IEEE 469--482."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/11907466_16"},{"key":"e_1_2_1_37_1","doi-asserted-by":"crossref","unstructured":"A. K. Bandara A. C. Kakas E. C. Lupu and A. Russo. 2009. Using argumentation logic for firewall configuration management. In IM. IEEE 180--187. A. K. Bandara A. C. Kakas E. C. Lupu and A. Russo. 2009. Using argumentation logic for firewall configuration management. In IM. IEEE 180--187.","DOI":"10.1109\/INM.2009.5188808"},{"key":"e_1_2_1_38_1","unstructured":"A. K Bandara E. C. Lupu and A. Russo. 2003. Using event calculus to formalise policy specification and analysis. In POLICY. IEEE 26--39. A. K Bandara E. C. Lupu and A. Russo. 2003. Using event calculus to formalise policy specification and analysis. In POLICY. IEEE 26--39."},{"key":"e_1_2_1_39_1","first-page":"825","article-title":"Satisfiability modulo theories","volume":"185","author":"Barrett C. W.","year":"2009","unstructured":"C. W. Barrett , R. Sebastiani , S. A. Seshia , and C. Tinelli . 2009 . Satisfiability modulo theories . Handbook of Satisfiability 185 (2009), 825 -- 885 . C. W. Barrett, R. Sebastiani, S. A. Seshia, and C. Tinelli. 2009. Satisfiability modulo theories. Handbook of Satisfiability 185 (2009), 825--885.","journal-title":"Handbook of Satisfiability"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2011.2178431"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1952982.1952984"},{"key":"e_1_2_1_42_1","volume-title":"Value based argumentation frameworks. arXiv preprint cs\/0207059","author":"Bench-Capon T.","year":"2002","unstructured":"T. Bench-Capon . 2002. Value based argumentation frameworks. arXiv preprint cs\/0207059 ( 2002 ). T. Bench-Capon. 2002. Value based argumentation frameworks. arXiv preprint cs\/0207059 (2002)."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/775412.775437"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2875491.2875497"},{"key":"e_1_2_1_45_1","doi-asserted-by":"crossref","unstructured":"E. Bertino A. Abu Jabal S. Calo C. Makaya M. Touma D. Verma and C. Williams. 2017. Provenance-based analytics services for access control policies. In SERVICES. IEEE 94--101. E. Bertino A. Abu Jabal S. Calo C. Makaya M. Touma D. Verma and C. Williams. 2017. Provenance-based analytics services for access control policies. In SERVICES. IEEE 94--101.","DOI":"10.1109\/SERVICES.2017.24"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3209668"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501979"},{"key":"e_1_2_1_48_1","doi-asserted-by":"crossref","unstructured":"E. Bertino S. Calo M. Touma D. Verma C. Williams and B. Rivera. 2017. A cognitive policy framework for next-generation distributed federated systems: Concepts and research directions. In ICDCS. IEEE 1876--1886. E. Bertino S. Calo M. Touma D. Verma C. Williams and B. Rivera. 2017. A cognitive policy framework for next-generation distributed federated systems: Concepts and research directions. In ICDCS. IEEE 1876--1886.","DOI":"10.1109\/ICDCS.2017.78"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1561\/1900000014"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0004-3702(01)00071-6"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/WI.2005.35"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/11558590_10"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1353343.1353433"},{"key":"e_1_2_1_54_1","volume-title":"Mutation Analysis of Program Test Data","author":"Budd T. A.","unstructured":"T. A. Budd . 1980. Mutation Analysis of Program Test Data . Yale University . T. A. Budd. 1980. Mutation Analysis of Program Test Data. Yale University."},{"key":"e_1_2_1_55_1","volume-title":"Machine Learning","author":"Catlett J.","unstructured":"J. Catlett . 1991. Mega induction: A test flight . In Machine Learning . Elsevier , 596--599. J. Catlett. 1991. Mega induction: A test flight. In Machine Learning. Elsevier, 596--599."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10703-013-0187-3"},{"key":"e_1_2_1_57_1","first-page":"31","article-title":"Assistant 86: A knowledge-elicitation tool for sophisticated users","volume":"62","author":"Cestnik B.","year":"1987","unstructured":"B. Cestnik . 1987 . Assistant 86: A knowledge-elicitation tool for sophisticated users . Progress in Machine Learning 62 (1987), 31 -- 45 . B. Cestnik. 1987. Assistant 86: A knowledge-elicitation tool for sophisticated users. Progress in Machine Learning 62 (1987), 31--45.","journal-title":"Progress in Machine Learning"},{"key":"e_1_2_1_58_1","unstructured":"D. B. Chapman E. D. Zwicky and D. Russell. 1995. Building Internet Firewalls. O\u2019Reilly 8 Associates Inc. D. B. Chapman E. D. Zwicky and D. Russell. 1995. Building Internet Firewalls. O\u2019Reilly 8 Associates Inc."},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/POLICY.2005.23"},{"key":"e_1_2_1_60_1","doi-asserted-by":"crossref","unstructured":"M. Charalambides P. Flegkas G. Pavlou J. Rubio-Loyola A. K. Bandara E. C. Lupu A. Russo M. Sloman and N. Dulay. 2006. Dynamic policy analysis and conflict resolution for DiffServ quality of service management. In NOMS. IEEE 294--304. M. Charalambides P. Flegkas G. Pavlou J. Rubio-Loyola A. K. Bandara E. C. Lupu A. Russo M. Sloman and N. Dulay. 2006. Dynamic policy analysis and conflict resolution for DiffServ quality of service management. In NOMS. IEEE 294--304.","DOI":"10.1109\/NOMS.2006.1687560"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2011.6089047"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2012.2217985"},{"key":"e_1_2_1_63_1","volume-title":"Proceedings of the 24th Large Installation System Administration Conference (LISA'10)","author":"Chen F.","unstructured":"F. Chen , A. X. Liu , J. Hwang , and T. Xie . 2010. First step towards automatic correction of firewall policy faults . In Proceedings of the 24th Large Installation System Administration Conference (LISA'10) . USENIX Association, 75--90. F. Chen, A. X. Liu, J. Hwang, and T. Xie. 2010. First step towards automatic correction of firewall policy faults. In Proceedings of the 24th Large Installation System Administration Conference (LISA'10). USENIX Association, 75--90."},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/2240166.2240177"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-69850-0_1"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/34.1000236"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/800157.805047"},{"key":"e_1_2_1_68_1","volume-title":"Introduction to Algorithms","author":"Cormen T. H.","unstructured":"T. H. Cormen . 2009. Introduction to Algorithms . MIT Press . T. H. Cormen. 2009. Introduction to Algorithms. MIT Press."},{"key":"e_1_2_1_69_1","unstructured":"R. Craven J. Lobo E. Lupu J. Ma A. Russo M. Sloman and A. Bandara. 2008. A formal framework for policy analysis. Imperial College London Technical Report (2008). R. Craven J. Lobo E. Lupu J. Ma A. Russo M. Sloman and A. Bandara. 2008. A formal framework for policy analysis. Imperial College London Technical Report (2008)."},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533091"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2007.01.064"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/1210263.1210265"},{"key":"e_1_2_1_73_1","volume-title":"Ponder: A language for specifying security and management policies for distributed systems. Technical Report, Department of Computing","author":"Damianou N.","year":"2000","unstructured":"N. Damianou , N. Dulay , E. C. Lupu , and MS Sloman . 2000 . Ponder: A language for specifying security and management policies for distributed systems. Technical Report, Department of Computing , Imperial College , London . N. Damianou, N. Dulay, E. C. Lupu, and MS Sloman. 2000. Ponder: A language for specifying security and management policies for distributed systems. Technical Report, Department of Computing, Imperial College, London."},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/368273.368557"},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/321033.321034"},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/EASe.2008.8"},{"key":"e_1_2_1_77_1","volume-title":"Proceedings of the International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'08)","author":"De Moura L.","unstructured":"L. De Moura and N. Bj\u00f8rner . 2008. Z3: An efficient SMT solver . In Proceedings of the International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'08) . Springer, 337--340. L. De Moura and N. Bj\u00f8rner. 2008. Z3: An efficient SMT solver. In Proceedings of the International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'08). Springer, 337--340."},{"key":"e_1_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1109\/C-M.1978.218136"},{"key":"e_1_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1016\/0004-3702(94)00041-X"},{"key":"e_1_2_1_80_1","unstructured":"N. Dunlop J. Indulska and K. Raymond. 2002. Dynamic conflict detection in policy-based management systems. In EDOC. IEEE 15--26. N. Dunlop J. Indulska and K. Raymond. 2002. Dynamic conflict detection in policy-based management systems. In EDOC. IEEE 15--26."},{"key":"e_1_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2012.157"},{"key":"e_1_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-69850-0_2"},{"key":"e_1_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/2342441.2342450"},{"key":"e_1_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062502"},{"key":"e_1_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/2034773.2034812"},{"key":"e_1_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1008647823331"},{"key":"e_1_2_1_88_1","volume-title":"MIRAGE: A management tool for the analysis and deployment of network security policies","author":"Garcia-Alfaro J.","year":"2011","unstructured":"J. Garcia-Alfaro , F. Cuppens , N. Cuppens-Boulahia , and S. Preda . 2011 . MIRAGE: A management tool for the analysis and deployment of network security policies . In DPM. Springer , 203--215. J. Garcia-Alfaro, F. Cuppens, N. Cuppens-Boulahia, and S. Preda. 2011. MIRAGE: A management tool for the analysis and deployment of network security policies. In DPM. Springer, 203--215."},{"key":"e_1_2_1_89_1","doi-asserted-by":"crossref","unstructured":"K. Golnabi R. K. Min L. Khan and E. Al-Shaer. 2006. Analysis of firewall policy rules using data mining techniques. In NOMS. IEEE 305--315. K. Golnabi R. K. Min L. Khan and E. Al-Shaer. 2006. Analysis of firewall policy rules using data mining techniques. In NOMS. IEEE 305--315.","DOI":"10.1109\/NOMS.2006.1687561"},{"key":"e_1_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2006.06.015"},{"key":"e_1_2_1_91_1","doi-asserted-by":"crossref","unstructured":"M. G. Gouda and X. Liu. 2004. Firewall design: Consistency completeness and compactness. In ICDCS. IEEE 320--327. M. G. Gouda and X. Liu. 2004. Firewall design: Consistency completeness and compactness. In ICDCS. IEEE 320--327.","DOI":"10.1109\/ICDCS.2004.1281597"},{"key":"e_1_2_1_92_1","volume-title":"ISC","volume":"3225","author":"Guelev D. P.","unstructured":"D. P. Guelev , M. Ryan , and P. Schobbens . 2004. Model-checking access control policies . In ISC , Vol. 3225 . Springer, 219--230. D. P. Guelev, M. Ryan, and P. Schobbens. 2004. Model-checking access control policies. In ISC, Vol. 3225. Springer, 219--230."},{"key":"e_1_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.42"},{"key":"e_1_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.5555\/1066473.1066478"},{"key":"e_1_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1145\/1656274.1656278"},{"key":"e_1_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1145\/1380564.1380569"},{"key":"e_1_2_1_97_1","doi-asserted-by":"publisher","DOI":"10.1145\/335191.335372"},{"key":"e_1_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF01211866"},{"key":"e_1_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37899-7_1"},{"key":"e_1_2_1_100_1","first-page":"19","article-title":"Criteria specifications for the comparison and evaluation of access control models","volume":"5","author":"Hasani S. M.","year":"2013","unstructured":"S. M. Hasani and N. Modiri . 2013 . Criteria specifications for the comparison and evaluation of access control models . IJICS 5 , 5 (2013), 19 . S. M. Hasani and N. Modiri. 2013. Criteria specifications for the comparison and evaluation of access control models. IJICS 5, 5 (2013), 19.","journal-title":"IJICS"},{"key":"e_1_2_1_101_1","volume-title":"Proceedings of the Workshop on Practice and Theory of Access Control Technologies. 17--22","author":"Hassan W.","unstructured":"W. Hassan , L. Logrippo , and M. Mankai . 2005. Validating access control policies with alloy . In Proceedings of the Workshop on Practice and Theory of Access Control Technologies. 17--22 . W. Hassan, L. Logrippo, and M. Mankai. 2005. Validating access control policies with alloy. In Proceedings of the Workshop on Practice and Theory of Access Control Technologies. 17--22."},{"key":"e_1_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1145\/1592681.1592683"},{"key":"e_1_2_1_103_1","doi-asserted-by":"publisher","DOI":"10.1145\/1377836.1377867"},{"key":"e_1_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.1145\/2620728.2620749"},{"key":"e_1_2_1_105_1","doi-asserted-by":"crossref","unstructured":"C. Huang J. Sun X. Wang and Y. Si. 2009. Inconsistency management of role base access control policy. In EBISS. IEEE 1--5. C. Huang J. Sun X. Wang and Y. Si. 2009. Inconsistency management of role base access control policy. In EBISS. IEEE 1--5.","DOI":"10.1109\/EBISS.2009.5138002"},{"key":"e_1_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10009-008-0087-9"},{"key":"e_1_2_1_107_1","volume-title":"Master\u2019s thesis","author":"Hussain S.","unstructured":"S. Hussain . 2008. Mutation Clustering. Master\u2019s thesis . King\u2019s College London . S. Hussain. 2008. Mutation Clustering. Master\u2019s thesis. King\u2019s College London."},{"key":"e_1_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2008.34"},{"key":"e_1_2_1_109_1","first-page":"1","article-title":"Systematic structural testing of firewall policies","volume":"9","author":"Hwang J.","year":"2012","unstructured":"J. Hwang , T. Xie , F. Chen , and A. X. Liu . 2012 . Systematic structural testing of firewall policies . TNSM 9 , 1 (2012), 1 -- 11 . J. Hwang, T. Xie, F. Chen, and A. X. Liu. 2012. Systematic structural testing of firewall policies. TNSM 9, 1 (2012), 1--11.","journal-title":"TNSM"},{"key":"e_1_2_1_110_1","doi-asserted-by":"publisher","DOI":"10.1109\/POLICY.2010.22"},{"key":"e_1_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1145\/505145.505149"},{"key":"e_1_2_1_112_1","doi-asserted-by":"publisher","DOI":"10.1145\/337180.337616"},{"key":"e_1_2_1_113_1","doi-asserted-by":"publisher","DOI":"10.1109\/EWSDN.2012.15"},{"key":"e_1_2_1_114_1","unstructured":"K. Jayaraman N. Bj\u00f8rner G. Outhred and C. Kaufman. 2014. Automated analysis and debugging of network connectivity policies. Technical Report Microsoft Research. K. Jayaraman N. Bj\u00f8rner G. Outhred and C. Kaufman. 2014. Automated analysis and debugging of network connectivity policies. Technical Report Microsoft Research."},{"key":"e_1_2_1_115_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046727"},{"key":"e_1_2_1_116_1","doi-asserted-by":"publisher","DOI":"10.1109\/POLICY.2009.32"},{"key":"e_1_2_1_117_1","doi-asserted-by":"crossref","unstructured":"Y. Jia and M. Harman. 2008. Constructing subtle faults using higher order mutation testing. In SCAM. IEEE 249--258. Y. Jia and M. Harman. 2008. Constructing subtle faults using higher order mutation testing. In SCAM. IEEE 249--258.","DOI":"10.1109\/SCAM.2008.36"},{"key":"e_1_2_1_118_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.62"},{"key":"e_1_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-016-0314-4"},{"key":"e_1_2_1_120_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2009.170"},{"key":"e_1_2_1_121_1","volume-title":"Data: An Introduction to Cluster Analysis.","author":"Kaufman L.","year":"2009","unstructured":"L. Kaufman and P. J. Rousseeuw . 2009 . Finding Groups in Data: An Introduction to Cluster Analysis. Vol. 344 . John Wiley 8 Sons. L. Kaufman and P. J. Rousseeuw. 2009. Finding Groups in Data: An Introduction to Cluster Analysis. Vol. 344. John Wiley 8 Sons."},{"key":"e_1_2_1_122_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2010.15"},{"key":"e_1_2_1_123_1","doi-asserted-by":"publisher","DOI":"10.1145\/373256.373280"},{"key":"e_1_2_1_124_1","volume-title":"Specification and verification of constraints in role based access control","author":"Kolaczek G.","unstructured":"G. Kolaczek . 2003. Specification and verification of constraints in role based access control . In WET ICE. IEEE , 190--195. G. Kolaczek. 2003. Specification and verification of constraints in role based access control. In WET ICE. IEEE, 190--195."},{"key":"e_1_2_1_125_1","doi-asserted-by":"crossref","unstructured":"M. Koleini and M. Ryan. 2011. A knowledge-based verification method for dynamic access control policies. In ICFEM. Springer 243--258. M. Koleini and M. Ryan. 2011. A knowledge-based verification method for dynamic access control policies. In ICFEM. Springer 243--258.","DOI":"10.1007\/978-3-642-24559-6_18"},{"key":"e_1_2_1_126_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242664"},{"key":"e_1_2_1_127_1","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2014.2371999"},{"key":"e_1_2_1_128_1","volume-title":"Proceedings of the Third IASTED International Conference on Communication, Network, and Information Security (CNIS). IASTED\/ACTA Press, 150--155","author":"Kumar M.","unstructured":"M. Kumar and R. E. Newman . 2006. STRBAC-An approach towards spatio-temporal role-based access control . In Proceedings of the Third IASTED International Conference on Communication, Network, and Information Security (CNIS). IASTED\/ACTA Press, 150--155 . M. Kumar and R. E. Newman. 2006. STRBAC-An approach towards spatio-temporal role-based access control. In Proceedings of the Third IASTED International Conference on Communication, Network, and Information Security (CNIS). IASTED\/ACTA Press, 150--155."},{"key":"e_1_2_1_129_1","doi-asserted-by":"crossref","unstructured":"M. Kwiatkowska G. Norman and D. Parker. 2011. PRISM 4.0: Verification of probabilistic real-time systems. In CAV. Springer 585--591. M. Kwiatkowska G. Norman and D. Parker. 2011. PRISM 4.0: Verification of probabilistic real-time systems. In CAV. Springer 585--591.","DOI":"10.1007\/978-3-642-22110-1_47"},{"key":"e_1_2_1_130_1","doi-asserted-by":"crossref","unstructured":"Y. Le Traon T. Mouelhi and B. Baudry. 2007. Testing security policies: Going beyond functional testing. In ISSRE. IEEE 93--102. Y. Le Traon T. Mouelhi and B. Baudry. 2007. Testing security policies: Going beyond functional testing. In ISSRE. IEEE 93--102.","DOI":"10.1109\/ISSRE.2007.27"},{"key":"e_1_2_1_131_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-010-0106-1"},{"key":"e_1_2_1_132_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266842"},{"key":"e_1_2_1_133_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2009.07.003"},{"key":"e_1_2_1_134_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2008.216"},{"key":"e_1_2_1_135_1","doi-asserted-by":"publisher","DOI":"10.1145\/2109211.2109212"},{"key":"e_1_2_1_136_1","doi-asserted-by":"publisher","DOI":"10.1145\/1400751.1400766"},{"key":"e_1_2_1_137_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2010.155"},{"key":"e_1_2_1_138_1","doi-asserted-by":"publisher","DOI":"10.1145\/1384529.1375488"},{"key":"e_1_2_1_139_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2010.274"},{"key":"e_1_2_1_140_1","doi-asserted-by":"crossref","unstructured":"A. X. Liu and M. G. Gouda. 2004. Diverse firewall design. In DSN. IEEE Computer Society 595. A. X. Liu and M. G. Gouda. 2004. Diverse firewall design. In DSN. IEEE Computer Society 595.","DOI":"10.1109\/DSN.2004.1311930"},{"key":"e_1_2_1_141_1","doi-asserted-by":"publisher","DOI":"10.1007\/11535706_15"},{"key":"e_1_2_1_142_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2007.70802"},{"key":"e_1_2_1_143_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2008.263"},{"key":"e_1_2_1_144_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2008.216"},{"key":"e_1_2_1_145_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2012.2203144"},{"key":"e_1_2_1_146_1","doi-asserted-by":"crossref","unstructured":"A. X. Liu C. R. Meiners and Y. Zhou. 2008. All-match based complete redundancy removal for packet classifiers in TCAMs. In INFOCOM. IEEE 111--115. A. X. Liu C. R. Meiners and Y. Zhou. 2008. All-match based complete redundancy removal for packet classifiers in TCAMs. In INFOCOM. IEEE 111--115.","DOI":"10.1109\/INFOCOM.2008.31"},{"key":"e_1_2_1_147_1","doi-asserted-by":"crossref","unstructured":"A. X. Liu E. Torng and C. R. Meiners. 2008. Firewall compressor: An algorithm for minimizing firewall policies. In INFOCOM. IEEE 176--180. A. X. Liu E. Torng and C. R. Meiners. 2008. Firewall compressor: An algorithm for minimizing firewall policies. In INFOCOM. IEEE 176--180.","DOI":"10.1109\/INFOCOM.2008.44"},{"key":"e_1_2_1_148_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2011.114"},{"key":"e_1_2_1_149_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1982.1056489"},{"key":"e_1_2_1_150_1","volume-title":"FREENIX Track: 2001 USENIX Annual Technical Conference. 29--42","author":"Loscocco P.","unstructured":"P. Loscocco and S. Smalley . 2001. Integrating flexible support for security policies into the Linux operating system . In FREENIX Track: 2001 USENIX Annual Technical Conference. 29--42 . P. Loscocco and S. Smalley. 2001. Integrating flexible support for security policies into the Linux operating system. In FREENIX Track: 2001 USENIX Annual Technical Conference. 29--42."},{"key":"e_1_2_1_151_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.824414"},{"key":"e_1_2_1_152_1","doi-asserted-by":"crossref","unstructured":"J. Ma D. Zhang G. Xu and Y. Yang. 2010. Model checking based security policy verification and validation. In ISA. IEEE 1--4. J. Ma D. Zhang G. Xu and Y. Yang. 2010. Model checking based security policy verification and validation. In ISA. IEEE 1--4.","DOI":"10.1109\/IWISA.2010.5473291"},{"key":"e_1_2_1_153_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.mcm.2011.01.053"},{"key":"e_1_2_1_154_1","unstructured":"M. Mankai and L. Logrippo. 2005. Access control policies: Modeling and validation. In NOTERE. 85--91. M. Mankai and L. Logrippo. 2005. Access control policies: Modeling and validation. In NOTERE. 85--91."},{"key":"e_1_2_1_155_1","doi-asserted-by":"publisher","DOI":"10.1109\/POLICY.2009.36"},{"key":"e_1_2_1_156_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSC.2010.28"},{"key":"e_1_2_1_157_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSECOMPANION.2007.73"},{"key":"e_1_2_1_158_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2008.48"},{"key":"e_1_2_1_159_1","doi-asserted-by":"publisher","DOI":"10.1109\/SESS.2007.5"},{"key":"e_1_2_1_160_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242663"},{"key":"e_1_2_1_161_1","doi-asserted-by":"publisher","DOI":"10.1007\/11935308_11"},{"key":"e_1_2_1_162_1","unstructured":"A. Masood A. Ghafoor and A. Mathur. 2006. Scalable and Effective Test Generation for Access Control Systems that Employ RBAC Policies. Technical Report. SERC-TR-285 Purdue University. A. Masood A. Ghafoor and A. Mathur. 2006. Scalable and Effective Test Generation for Access Control Systems that Employ RBAC Policies. Technical Report. SERC-TR-285 Purdue University."},{"key":"e_1_2_1_163_1","volume-title":"Performance, effectiveness, and reliability issues in software testing","author":"Mathur A. P.","unstructured":"A. P. Mathur . 1991. Performance, effectiveness, and reliability issues in software testing . In COMPSAC. IEEE , 604--605. A. P. Mathur. 1991. Performance, effectiveness, and reliability issues in software testing. In COMPSAC. IEEE, 604--605."},{"key":"e_1_2_1_164_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133058.1133089"},{"key":"e_1_2_1_165_1","doi-asserted-by":"publisher","DOI":"10.1145\/1330295.1330299"},{"key":"e_1_2_1_166_1","doi-asserted-by":"publisher","DOI":"10.1145\/1178618.1178620"},{"key":"e_1_2_1_167_1","volume-title":"Retrieved","author":"McKeown N.","year":"2011","unstructured":"N. McKeown . 2011 . How SDN Will Shape Networking . Retrieved January 27, 2018 from http:\/\/www.youtube.com\/watch?v=c9-K5OqYgA. N. McKeown. 2011. How SDN Will Shape Networking. Retrieved January 27, 2018 from http:\/\/www.youtube.com\/watch?v=c9-K5OqYgA."},{"key":"e_1_2_1_168_1","doi-asserted-by":"publisher","DOI":"10.1145\/1355734.1355746"},{"key":"e_1_2_1_169_1","volume-title":"Symbolic Model Checking","author":"McMillan K. L.","unstructured":"K. L. McMillan . 1993. Symbolic model checking . In Symbolic Model Checking . Springer , 25--60. K. L. McMillan. 1993. Symbolic model checking. In Symbolic Model Checking. Springer, 25--60."},{"key":"e_1_2_1_170_1","first-page":"1","article-title":"Policy conflict analysis in distributed system management","volume":"4","author":"Moffett J. D.","year":"1994","unstructured":"J. D. Moffett and M. S. Sloman . 1994 . Policy conflict analysis in distributed system management . JOCEC 4 , 1 (1994), 1 -- 22 . J. D. Moffett and M. S. Sloman. 1994. Policy conflict analysis in distributed system management. JOCEC 4, 1 (1994), 1--22.","journal-title":"JOCEC"},{"key":"e_1_2_1_171_1","doi-asserted-by":"publisher","DOI":"10.1109\/BIBM.2011.79"},{"key":"e_1_2_1_172_1","doi-asserted-by":"publisher","DOI":"10.1145\/1880022.1880030"},{"key":"e_1_2_1_173_1","doi-asserted-by":"publisher","DOI":"10.1145\/2103621.2103685"},{"key":"e_1_2_1_174_1","unstructured":"C. Monsanto J. Reich N. Foster J. Rexford and D. Walker. 2013. Composing software-defined networks. In USENIX NSDI. ACM 21--14. C. Monsanto J. Reich N. Foster J. Rexford and D. Walker. 2013. Composing software-defined networks. In USENIX NSDI. ACM 21--14."},{"key":"e_1_2_1_175_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2008.2"},{"key":"e_1_2_1_176_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87875-9_38"},{"key":"e_1_2_1_177_1","doi-asserted-by":"crossref","unstructured":"T. Mouelhi Y. Le Traon and B. Baudry. 2007. Mutation analysis for security tests qualification. In TAICPART-MUTATION. IEEE 233--242. T. Mouelhi Y. Le Traon and B. Baudry. 2007. Mutation analysis for security tests qualification. In TAICPART-MUTATION. IEEE 233--242.","DOI":"10.1109\/TAIC.PART.2007.21"},{"key":"e_1_2_1_178_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2009.49"},{"key":"e_1_2_1_179_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10772-6_25"},{"key":"e_1_2_1_180_1","volume-title":"11th USENIX Symposium on Networked Systems Design and Implementation (NSDI'14)","volume":"14","author":"Nelson T.","unstructured":"T. Nelson , A. D. Ferguson , M. J. G. Scheer , and S. Krishnamurthi . 2014. Tierless programming and reasoning for software-defined networks . In 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI'14) , Vol. 14 . USENIX Association, 519--531. T. Nelson, A. D. Ferguson, M. J. G. Scheer, and S. Krishnamurthi. 2014. Tierless programming and reasoning for software-defined networks. In 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI'14), Vol. 14. USENIX Association, 519--531."},{"key":"e_1_2_1_181_1","volume-title":"Proceedings of Advances in Neural Information Processing Systems (NIPS'02)","author":"Ng A. Y.","unstructured":"A. Y. Ng , M. I. Jordan , and Y. Weiss . 2002. On spectral clustering: Analysis and an algorithm . In Proceedings of Advances in Neural Information Processing Systems (NIPS'02) . MIT Press, 849--856. A. Y. Ng, M. I. Jordan, and Y. Weiss. 2002. On spectral clustering: Analysis and an algorithm. In Proceedings of Advances in Neural Information Processing Systems (NIPS'02). MIT Press, 849--856."},{"key":"e_1_2_1_182_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.11.003"},{"key":"e_1_2_1_183_1","doi-asserted-by":"publisher","DOI":"10.1145\/1805974.1805980"},{"key":"e_1_2_1_184_1","volume-title":"JMLR","author":"Pedregosa F.","year":"2011","unstructured":"F. Pedregosa , G. Varoquaux , A. Gramfort , V. Michel , B. Thirion , O. Grisel , M. Blondel , P. Prettenhofer , R. Weiss , V. Dubourg , 2011 . Scikit-learn: Machine learning in Python . JMLR 12, Oct (2011), 2825--2830. F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, et al. 2011. Scikit-learn: Machine learning in Python. JMLR 12, Oct (2011), 2825--2830."},{"key":"e_1_2_1_185_1","volume-title":"A persuasion dialog for gaining access to information","author":"Perrussel L.","unstructured":"L. Perrussel , S. Doutre , J. Th\u00e9venin , and P. McBurney . 2007. A persuasion dialog for gaining access to information . In ArgMAS. Springer , 63--79. L. Perrussel, S. Doutre, J. Th\u00e9venin, and P. McBurney. 2007. A persuasion dialog for gaining access to information. In ArgMAS. Springer, 63--79."},{"key":"e_1_2_1_186_1","doi-asserted-by":"publisher","DOI":"10.1145\/2295136.2295153"},{"key":"e_1_2_1_187_1","doi-asserted-by":"crossref","unstructured":"D. J. Power M. Slaymaker and A. Simpson. 2011. Conformance checking of dynamic access control policies. In ICFEM. Springer 227--242. D. J. Power M. Slaymaker and A. Simpson. 2011. Conformance checking of dynamic access control policies. In ICFEM. Springer 227--242.","DOI":"10.1007\/978-3-642-24559-6_17"},{"key":"e_1_2_1_188_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2008.44"},{"key":"e_1_2_1_189_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022643204877"},{"key":"e_1_2_1_190_1","volume-title":"5: Programs for Machine Learning","author":"Quinlan J. R.","unstructured":"J. R. Quinlan . 2014. C4. 5: Programs for Machine Learning . Elsevier . J. R. Quinlan. 2014. C4. 5: Programs for Machine Learning. Elsevier."},{"key":"e_1_2_1_191_1","doi-asserted-by":"publisher","DOI":"10.1145\/103140.103144"},{"key":"e_1_2_1_192_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542207.1542218"},{"key":"e_1_2_1_193_1","doi-asserted-by":"publisher","DOI":"10.1109\/POLICY.2007.8"},{"key":"e_1_2_1_194_1","doi-asserted-by":"crossref","unstructured":"A. Russo R. Miller B. Nuseibeh and J. Kramer. 2002. An abductive approach for analysing event-based requirements specifications. In ICLP. Springer 22--37. A. Russo R. Miller B. Nuseibeh and J. Kramer. 2002. An abductive approach for analysing event-based requirements specifications. In ICLP. Springer 22--37.","DOI":"10.1007\/3-540-45619-8_3"},{"key":"e_1_2_1_195_1","doi-asserted-by":"publisher","DOI":"10.1145\/300830.300839"},{"key":"e_1_2_1_196_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"e_1_2_1_197_1","volume-title":"Proceedings of the 2004 Workshop on Issues in the Theory of Security (WITS'04)","author":"Sarna-Starosta B.","unstructured":"B. Sarna-Starosta and S. D. Stoller . 2004. Policy analysis for security-enhanced Linux . In Proceedings of the 2004 Workshop on Issues in the Theory of Security (WITS'04) . ACM, 1--12. B. Sarna-Starosta and S. D. Stoller. 2004. Policy analysis for security-enhanced Linux. In Proceedings of the 2004 Workshop on Issues in the Theory of Security (WITS'04). ACM, 1--12."},{"key":"e_1_2_1_198_1","doi-asserted-by":"publisher","DOI":"10.1145\/507711.507714"},{"key":"e_1_2_1_199_1","doi-asserted-by":"publisher","DOI":"10.1145\/1063979.1064008"},{"key":"e_1_2_1_200_1","doi-asserted-by":"publisher","DOI":"10.1090\/dimacs\/026\/25"},{"key":"e_1_2_1_201_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-016-0317-1"},{"key":"e_1_2_1_202_1","doi-asserted-by":"crossref","unstructured":"R. A. Shaikh K. Adi L. Logrippo and S. Mankovski. 2010. Detecting incompleteness in access control policies using data classification schemes. In ICDIM. IEEE 417--422. R. A. Shaikh K. Adi L. Logrippo and S. Mankovski. 2010. Detecting incompleteness in access control policies using data classification schemes. In ICDIM. IEEE 417--422.","DOI":"10.1109\/ICDIM.2010.5664664"},{"key":"e_1_2_1_203_1","doi-asserted-by":"crossref","unstructured":"R. A. Shaikh K. Adi L. Logrippo and S. Mankovski. 2010. Inconsistency detection method for access control policies. In IAS. IEEE 204--209. R. A. Shaikh K. Adi L. Logrippo and S. Mankovski. 2010. Inconsistency detection method for access control policies. In IAS. IEEE 204--209.","DOI":"10.1109\/ISIAS.2010.5604062"},{"key":"e_1_2_1_204_1","first-page":"1","article-title":"The future of networking, and the past of protocols","volume":"20","author":"Shenker S.","year":"2011","unstructured":"S. Shenker , M. Casado , T. Koponen , N. McKeown , 2011 . The future of networking, and the past of protocols . Open Networking Summit 20 (2011), 1 -- 30 . S. Shenker, M. Casado, T. Koponen, N. McKeown, et al. 2011. The future of networking, and the past of protocols. Open Networking Summit 20 (2011), 1--30.","journal-title":"Open Networking Summit"},{"key":"e_1_2_1_205_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516684"},{"key":"e_1_2_1_206_1","doi-asserted-by":"publisher","DOI":"10.1109\/TVCG.2006.166"},{"key":"e_1_2_1_207_1","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/16.1.30"},{"key":"e_1_2_1_208_1","volume-title":"CUDD: CU decision diagram package release 2.3.0","author":"Somenzi F.","unstructured":"F. Somenzi . 1998. CUDD: CU decision diagram package release 2.3.0 . University of Colorado at Boulder (1998) . F. Somenzi. 1998. CUDD: CU decision diagram package release 2.3.0. University of Colorado at Boulder (1998)."},{"key":"e_1_2_1_209_1","unstructured":"N. I. Spanoudakis A. C. Kakas and P. Moraitis. 2016. Gorgias-B: Argumentation in practice. In COMMA. IEEE 477--478. N. I. Spanoudakis A. C. Kakas and P. Moraitis. 2016. Gorgias-B: Argumentation in practice. In COMMA. IEEE 477--478."},{"key":"e_1_2_1_210_1","volume-title":"Proceedings of the 19th National Information Systems Security Conference (NISSC'96)","author":"Staniford-Chen S.","unstructured":"S. Staniford-Chen , S. Cheung , R. Crawford , M. Dilger , J. Frank , J. Hoagland , K. Levitt , C. Wee , R. Yip , and D. Zerkle . 1996. GrIDS-a graph based intrusion detection system for large networks . In Proceedings of the 19th National Information Systems Security Conference (NISSC'96) . Defense Technical Information Center, 361--370. S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle. 1996. GrIDS-a graph based intrusion detection system for large networks. In Proceedings of the 19th National Information Systems Security Conference (NISSC'96). Defense Technical Information Center, 361--370."},{"key":"e_1_2_1_211_1","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2011.34"},{"key":"e_1_2_1_212_1","doi-asserted-by":"publisher","DOI":"10.1145\/1809842.1809853"},{"key":"e_1_2_1_213_1","unstructured":"P. Tan M. Steinbach A. Karpatne and V. Kumar. 2006. Introduction to Data Mining. Pearson Education India. P. Tan M. Steinbach A. Karpatne and V. Kumar. 2006. Introduction to Data Mining. Pearson Education India."},{"key":"e_1_2_1_214_1","doi-asserted-by":"publisher","DOI":"10.1145\/775412.775438"},{"key":"e_1_2_1_215_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-46666-7_7"},{"key":"e_1_2_1_216_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijar.2016.07.001"},{"key":"e_1_2_1_217_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266870"},{"key":"e_1_2_1_218_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180424"},{"key":"e_1_2_1_219_1","doi-asserted-by":"crossref","unstructured":"F. H. Van Eemeren and R. Grootendorst. 2004. A Systematic Theory of Argumentation: The Pragma-Dialectical Approach. Vol. 14. Cambridge University Press. F. H. Van Eemeren and R. Grootendorst. 2004. A Systematic Theory of Argumentation: The Pragma-Dialectical Approach. Vol. 14. Cambridge University Press.","DOI":"10.1017\/CBO9780511616389"},{"key":"e_1_2_1_220_1","doi-asserted-by":"crossref","unstructured":"D. Verma S. Calo S. Chakraborty E. Bertino C. Williams J. Tucker and B. Rivera. 2017. Generative policy model for autonomic management. In DAIS. IEEE 4--8. D. Verma S. Calo S. Chakraborty E. Bertino C. Williams J. Tucker and B. Rivera. 2017. Generative policy model for autonomic management. In DAIS. IEEE 4--8.","DOI":"10.1109\/UIC-ATC.2017.8397410"},{"key":"e_1_2_1_221_1","unstructured":"Y. Wang H. Zhang X. Dai and J. Liu. 2010. Conflicts analysis and resolution for access control policies. In ICITIS. IEEE 264--267. Y. Wang H. Zhang X. Dai and J. Liu. 2010. Conflicts analysis and resolution for access control policies. In ICITIS. IEEE 264--267."},{"key":"e_1_2_1_222_1","volume-title":"Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann.","author":"Witten I. H.","year":"2016","unstructured":"I. H. Witten , E. Frank , M. A. Hall , and C. J. Pal . 2016 . Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann. I. H. Witten, E. Frank, M. A. Hall, and C. J. Pal. 2016. Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann."},{"key":"e_1_2_1_223_1","doi-asserted-by":"publisher","DOI":"10.1109\/CIS.2009.248"},{"key":"e_1_2_1_224_1","doi-asserted-by":"publisher","DOI":"10.1145\/2914642.2914653"},{"key":"e_1_2_1_225_1","doi-asserted-by":"publisher","DOI":"10.1145\/1377836.1377863"},{"key":"e_1_2_1_226_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03007-9_5"},{"key":"e_1_2_1_227_1","unstructured":"Z. Xu and S. D. Stoller. 2013. Mining attribute-based access control policies from RBAC policies. In CEWIT. IEEE 1--6. Z. Xu and S. D. Stoller. 2013. Mining attribute-based access control policies from RBAC policies. In CEWIT. IEEE 1--6."},{"key":"e_1_2_1_228_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.16"},{"key":"e_1_2_1_229_1","doi-asserted-by":"publisher","DOI":"10.1109\/69.846291"},{"key":"e_1_2_1_230_1","doi-asserted-by":"crossref","unstructured":"L. Zhang and S. Malik. 2002. The quest for efficient Boolean satisfiability solvers. In CADE. Springer 313--331. L. Zhang and S. Malik. 2002. The quest for efficient Boolean satisfiability solvers. In CADE. Springer 313--331.","DOI":"10.1007\/3-540-45620-1_26"},{"key":"e_1_2_1_231_1","doi-asserted-by":"publisher","DOI":"10.1007\/11556992_32"},{"key":"e_1_2_1_232_1","doi-asserted-by":"publisher","DOI":"10.5555\/1370684.1370685"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3295749","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3295749","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:12:50Z","timestamp":1750201970000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3295749"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,2,4]]},"references-count":232,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2019,11,30]]}},"alternative-id":["10.1145\/3295749"],"URL":"https:\/\/doi.org\/10.1145\/3295749","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,2,4]]},"assertion":[{"value":"2018-02-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-02-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}