TY - GEN
T1 - Model-based usage control policy derivation
AU - Kumari, Prachi
AU - Pretschner, Alexander
PY - 2013
Y1 - 2013
N2 - Usage control is concerned with how data is used after access to it has been granted. In existing usage control enforcement frameworks, policies are assumed to exist and the derivation of implementation-level policies from specification-level policies has not been looked into. This work fills this gap. One challenge in the derivation of policies is the absence of clear semantics of high-level domain-specific constructs like data and action. In this paper we present a model-based refinement of these constructs. Using this refinement, we translate usage control policies from the specification to the implementation level. We also provide methodological guidance to partially automate this translation.
AB - Usage control is concerned with how data is used after access to it has been granted. In existing usage control enforcement frameworks, policies are assumed to exist and the derivation of implementation-level policies from specification-level policies has not been looked into. This work fills this gap. One challenge in the derivation of policies is the absence of clear semantics of high-level domain-specific constructs like data and action. In this paper we present a model-based refinement of these constructs. Using this refinement, we translate usage control policies from the specification to the implementation level. We also provide methodological guidance to partially automate this translation.
UR - http://www.scopus.com/inward/record.url?scp=84893101876&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-36563-8_5
DO - 10.1007/978-3-642-36563-8_5
M3 - Conference contribution
AN - SCOPUS:84893101876
SN - 9783642365621
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 58
EP - 74
BT - Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings
T2 - 5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013
Y2 - 27 February 2013 through 1 March 2013
ER -