Composing security policies with polymer

Lujo Bauer, Jay Ligatti, David Walker

Research output: Contribution to conferencePaperpeer-review

96 Scopus citations


We introduce a language and system that supports definition and composition of complex run-time security policies for Java applications. Our policies are comprised of two sorts of methods. The first is query methods that are called whenever an untrusted application tries to execute a security-sensitive action. A query method returns a suggestion indicating how the security-sensitive action should be handled. The second sort of methods are those that perform state updates as the policy's suggestions are followed. The structure of our policies facilitates composition, as policies can query other policies for suggestions. In order to give programmers control over policy composition, we have designed the system so that policies, suggestions, and application events are all first-class objects that a higher-order policy may manipulate. We show how to use these programming features by developing a library of policy combinators. Our system is fully implemented, and we have defined a formal semantics for an idealized subset of the language containing all of the key features. We demonstrate the effectiveness of our system by implementing a large-scale security policy for an email client.

Original languageEnglish (US)
Number of pages10
StatePublished - 2005
Event2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 05 - Chicago, IL, United States
Duration: Jun 12 2005Jun 15 2005


Other2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 05
Country/TerritoryUnited States
CityChicago, IL

All Science Journal Classification (ASJC) codes

  • Software


  • Composable security policies
  • Edit automata
  • Program monitors
  • Run-time enforcement
  • Security automata


Dive into the research topics of 'Composing security policies with polymer'. Together they form a unique fingerprint.

Cite this