Model-Based Refinement of Security Policies in Collaborative Virtual Organisations

Policy refinement is the process of deriving low-level policies from high-level policy specifications. A basic example is that of the refinement of policies referring to users, resources and applications at a high level, such as the level of virtual organsiations, to policies referring to user ids, resource addresses and computational commands at the low level of system and network environments. This paper tackles the refinement problem by proposing an approach using model-to-model transformation techniques for transforming XACML-based VO policies to the resource level. Moreover, the transformation results in deployable policies referring to at most a single resource, hence avoiding the problem of cross-domain intereference. The applicability of our approach is demonstrated within the domain of distributed geographic map processing.

[1]  Emil C. Lupu,et al.  Conflict Analysis for Management Policies , 1997, Integrated Network Management.

[2]  Benjamin Aziz A framework for reasoning about trust and security in grids at requirement and application levels , 2009 .

[3]  Paris Flegkas,et al.  Using linear temporal model checking for goal-oriented policy refinement frameworks , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[4]  Marek J. Sergot,et al.  A logic-based calculus of events , 1989, New Generation Computing.

[5]  Marty Humphrey,et al.  Policy and enforcement in virtual organizations , 2003, Proceedings. First Latin American Web Congress.

[6]  Radu State,et al.  Large Scale Management of Distributed Systems , 2006, Lecture Notes in Computer Science.

[7]  Jorge Lobo,et al.  Policies for Distributed Systems and Networks , 2001, Lecture Notes in Computer Science.

[8]  Alessandra Russo,et al.  A goal-based approach to policy refinement , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[9]  Frédéric Jouault,et al.  Transforming Models with ATL , 2005, MoDELS.

[10]  Julio Berrocal,et al.  Ontology-Based Policy Refinement Using SWRL Rules for Management Information Definitions in OWL , 2006, DSOM.

[11]  Akhil Sahai,et al.  A Classification-Based Approach to Policy Refinement , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[12]  Marty Humphrey,et al.  Toward explicit policy management for virtual organizations , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[13]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[14]  Álvaro Enrique Arenas,et al.  A Secure and Scalable Grid-Based Content Management System , 2010, 2010 International Conference on Availability, Reliability and Security.

[15]  Morris Sloman,et al.  Policies Hierarchies for Distributed Systems Management , 1993, IEEE J. Sel. Areas Commun..

[16]  Heiko Krumm,et al.  Policy modeling and refinement for network security systems , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[17]  Álvaro Enrique Arenas,et al.  Controlling Usage in Business Process Workflows through Fine-Grained Security Policies , 2008, TrustBus.

[18]  Jean Bézivin,et al.  ATL: A model transformation tool , 2008, Sci. Comput. Program..

[19]  David W. Chadwick,et al.  Automated decomposition of access control policies , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[20]  Jean-Michel Bruel,et al.  Satellite Events at the MoDELS 2005 Conference , 2006 .

[21]  Alvaro Arenas,et al.  On trust management in grids , 2007, AUTONOMICS 2007.