Model-Based Refinement of Security Policies in Collaborative Virtual Organisations

  • Benjamin Aziz
  • Alvaro E. Arenas
  • Michael Wilson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6542)


Policy refinement is the process of deriving low-level policies from high-level policy specifications. A basic example is that of the refinement of policies referring to users, resources and applications at a high level, such as the level of virtual organsiations, to policies referring to user ids, resource addresses and computational commands at the low level of system and network environments. This paper tackles the refinement problem by proposing an approach using model-to-model transformation techniques for transforming XACML-based VO policies to the resource level. Moreover, the transformation results in deployable policies referring to at most a single resource, hence avoiding the problem of cross-domain intereference. The applicability of our approach is demonstrated within the domain of distributed geographic map processing.


Security Policy Resource Policy National Geographic Individual Resource Atlas Transformation Language 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Arenas, A.E., Wilson, M., Matthews, B.: On Trust Management in Grids. In: International Conference on Autonomic Computing and Communication Systems, Autonomics 2007, ACM, New York (2007)Google Scholar
  2. 2.
    Wasson, G.S., Humphrey, M.: Toward Explicit Policy Management for Virtual Organisations. In: 4th IEEE Int. Workshop on Policies for Distributed Systems and Networks (2003)Google Scholar
  3. 3.
    Aziz, B., Arenas, A.E., Martinelli, F., Matteucci, I., Mori, P.: Controlling Usage in Business Process Workflows through Fine-Grained Security Policies. In: Furnell, S.M., Katsikas, S.K., Lioy, A. (eds.) TrustBus 2008. LNCS, vol. 5185, pp. 100–117. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Moffett, J.D., Sloman, M.S.: Policy hierarchies for distributed system management. IEEE Journal of Selected Areas in Comms., Special Issue on Network Management 11(9) (1993)Google Scholar
  5. 5.
    Su, L., Chadwick, D.W., Basden, A., Cunningham, J.A.: Automated decomposition of access control policies. In: Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2005, pp. 3–13. IEEE, Los Alamitos (2005)Google Scholar
  6. 6.
    GridTrust: Deliverable D5.1(M19): Specifications of Applications and Test Cases (2007)Google Scholar
  7. 7.
    Aziz, B., Arenas, A.E., Cortese, G., Crispo, B., Causetti, S.: A Secure and Scalable Grid-based Content Management System. In: 5th International Workshop on Frontiers in Availability, Reliability and Security, FARES 2010. IEEE Computer Society, Los Alamitos (2010)Google Scholar
  8. 8.
    Landtsheer, R.D., Ponsard, C., Massonet, P.: Deriving Event-Based Usage Control Policies from Declarative Security Requirements Models. In: Second International Workshop on Security in Model Driven Architecture, Paris, France (2010)Google Scholar
  9. 9.
    Lupu, E., Sloman, M.: Conflict Analysis for Management Policies. In: Proceedings of the Fifth IFIP/IEEE International Symposium on Integrated Network Management V: Integrated Management in a Virtual World, London, UK, pp. 430–443. Chapman & Hall, Ltd., Boca Raton (1997)CrossRefGoogle Scholar
  10. 10.
    Wasson, G.S., Humphrey, M.: Policy and Enforcement in Virtual Organizations. In: GRID, pp. 125–133. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  11. 11.
    Moses, T. (ed.): eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard (2005)Google Scholar
  12. 12.
    Jouault, F., Kurtev, I.: Transforming Models with ATL. In: Bruel, J.-M. (ed.) MoDELS 2005. LNCS, vol. 3844, pp. 128–138. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Jouault, F., Allilaire, F., Bézivin, J., Kurtev, I.: ATL: A Mmodel Rransformation Tool. Sci. Comput. Program. 72(1-2), 31–39 (2008)CrossRefzbMATHGoogle Scholar
  14. 14.
    GridTrust: Deliverable D4.1: A Framework for Reasoning about Trust and Security in Grids at Requirement and Application Levels (2009)Google Scholar
  15. 15.
    Bandara, A.K., Lupu, E.C., Moffett, J., Russo, A.: A Goal-based Approach to Policy Refinement. In: Proceedings of the Fifth IEEE Int. Workshop on Policies for Distributed Systems and Networks, Washington, DC, USA, p. 229. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  16. 16.
    Rubio-Loyola, J., Serrat, J., Charalambides, M., Flegkas, P., Pavlou, G., Lafuente, A.L.: Using Linear Temporal Model Checking for Goal-Oriented Policy Refinement Frameworks. In: Proceedings of the Sixth IEEE Int. Workshop on Policies for Distributed Systems and Networks, Washington, DC, USA, pp. 181–190. IEEE Computer Society, Los Alamitos (2005)CrossRefGoogle Scholar
  17. 17.
    Udupi, Y.B., Sahai, A., Singhal, S.: A Classification-Based Approach to Policy Refinement. In: Integrated Network Management, pp. 785–788 (2007)Google Scholar
  18. 18.
    Guerrero, A., Villagrá, V.A., de Vergara, J.E.L., Sánchez-Macián, A., Berrocal, J.: Ontology-Based Policy Refinement Using SWRL Rules for Management Information Definitions in OWL. In: State, R., van der Meer, S., O’Sullivan, D., Pfeifer, T. (eds.) DSOM 2006. LNCS, vol. 4269, pp. 227–232. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Porto de Albuquerque, J., Krumm, H., Licio de Geus, P.: Policy Modeling and Refinement for Network Security Systems. In: Proceedings of the Sixth IEEE Int. Workshop on Policies for Distributed Systems and Networks, Washington, DC, USA, pp. 24–33. IEEE Computer Society, Los Alamitos (2005)CrossRefGoogle Scholar
  20. 20.
    Kowalski, R., Sergot, M.: A Logic-Based Calculus of Events. New Gen. Comput. 4(1), 67–95 (1986)CrossRefzbMATHGoogle Scholar
  21. 21.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Benjamin Aziz
    • 1
  • Alvaro E. Arenas
    • 2
  • Michael Wilson
    • 3
  1. 1.School of ComputingUniversity of PortsmouthPortsmouthU.K.
  2. 2.Department of Information SystemsInstituto de Empresa Business SchoolMadridSpain
  3. 3.e-Science CentreSTFC Rutherford Appleton LaboratoryOxfordshireU.K.

Personalised recommendations