Deriving Event-Based Usage Control Policies from Declarative Security Requirements Models

Deriving Event-Based Usage Control Policies from Declarative Security Requirements Models

De Landtsheer R, Ponsard C, Massonet P., "Deriving Event-Based Usage Control Policies from Declarative Security Requirements Models", Second International Workshop on Security in Model Driven Architecture, University of Pierre & Marie Curie, Paris, France, June 16th 2010.

Expressive security policy specification languages such as
Polpa or XACML are now available to express domain-specific security
policies and are enforced by middelwares. However the design and maintenance of policies that correctly enforce security requirements in complex environment remain a challenge. This paper takes a model-driven approach based on the precise specification of system wide security requirements using temporal logics and their transformation into opera-tional security policies. The derivation of those policies is based on a semantically sound chain of model transformations. It was implemented in a prototype tool and experimented with on a set of security models in the context of a distributed file system on the Grid