Clark-Wilson policies in ACP : controlling information flow between solid apps

Forsyth, Ellie and Horne, Ross (2025) Clark-Wilson policies in ACP : controlling information flow between solid apps. CEUR Workshop Proceedings, 3947. pp. 100-108. ISSN 1613-0073

Preview

Text. Filename: Forsyth-and-Horne-2024-Clark-Wilson-Policies-in-ACP.pdf Final Published Version License: Download (463kB)| Preview

Abstract

This paper explains how to avoid certain unintended information flows between apps connected to the same Solid pod. We draw attention to threats faced if security policies for Solid pods omit the identities of clients, resulting in confidential information intended for one app leaking to other apps. We also explain good practice usage of ACP for avoiding such insecure configurations and draw parallels with the famous Clark-Wilson policy model for enterprise security. We propose that trusted apps enforcing security policy models should be developed so that pod owners need not be policy experts to operate secure pods.

ORCID iDs

Horne, Ross ORCID: https://orcid.org/0000-0003-0162-1901

• Share and Export
  

  Simple MetadataJSONRefWorksMETSRDF+N3Dublin CoreRDF+XMLRIS (EndNote Online, Zotero, Ref manager, etc)Data Cite XMLMultiline CSVBibTeXReferHTML CitationOpenURL ContextObjectRDF+N-TriplesEndNoteOpenURL ContextObject in SpanASCII CitationMODSRIOXX2 XMLEP3 XMLAtomMPEG-21 DIDL
• Item metadata

  Item type:	Article
  ID code:	92706
  Dates:	Date Event 7 April 2025 Published 5 March 2025 Accepted
  Subjects:	Science > Mathematics > Electronic computers. Computer science
  Department:	Faculty of Humanities and Social Sciences (HaSS) > Psychological Sciences and Health
  Depositing user:	Pure Administrator
  Date deposited:	28 Apr 2025 15:16
  Last modified:	28 Apr 2025 15:16
  Related URLs:	Scopus publication Publisher
  URI:	https://strathprints.strath.ac.uk/id/eprint/92706