The first step to improving an organization's security posture is to define the organization's security goals. At a technical level, these goals are expressed as security policies. Security policies are predicates over programs, that return true or false if the program adheres to the policy. Defining these policies correctly is thus essential to ensuring the overarching security goals are met, but it is often quite difficult to translate human-oriented goals into their technical policy counterparts. In addition, these policies must be specified so that they are enforceable while minimizing false positives and false negatives. Integrity policies, which specify how data should or should not be modified, are a common class of security policies. This dissertation explores how integrity policies can be specified, enforced, and measured across a variety of applications. This includes the development of a specialized graphical application for defining provenance policies, implementing a runtime monitor to enforce a memory access control policy, and crawling millions of GitHub projects to determine the potential impact of a proposed policy change for prepared-statement libraries. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.]