Much research in computer security has focused on the means of preventing unauthorized and illegitimate access to systems and information. Unfortunately, the most damaging malicious activity is conducted by sophisticated nation-state adversaries who gain internal access to sensitive systems. Despite classic internal operating system security mechanisms and the body of work on formal specification of security and access control policies, including Bell-LaPadula and the Clark-Wilson models, there still exists an extensive problem of securing sensitive systems from remote attack. Indeed in many cases, formal security policies are incomplete and implicit. or they are purposely ignored to accomplish business goals.