Model-based usage control policy derivation

Prachi Kumari, Alexander Pretschner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Usage control is concerned with how data is used after access to it has been granted. In existing usage control enforcement frameworks, policies are assumed to exist and the derivation of implementation-level policies from specification-level policies has not been looked into. This work fills this gap. One challenge in the derivation of policies is the absence of clear semantics of high-level domain-specific constructs like data and action. In this paper we present a model-based refinement of these constructs. Using this refinement, we translate usage control policies from the specification to the implementation level. We also provide methodological guidance to partially automate this translation.

Original languageEnglish
Title of host publicationEngineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings
Pages58-74
Number of pages17
DOIs
StatePublished - 2013
Event5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013 - Paris, France
Duration: 27 Feb 20131 Mar 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7781 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013
Country/TerritoryFrance
CityParis
Period27/02/131/03/13

Fingerprint

Dive into the research topics of 'Model-based usage control policy derivation'. Together they form a unique fingerprint.

Cite this