Compositional Refinement of Policies in UML --- Exemplified for Access Control

Authors:
Bjørnar Solhaug;Ketil Stølen
Affiliations:
Dep. of Information Science and Media Studies, University of Bergen, and SINTEF ICT,;SINTEF ICT, and Dep. of Informatics, University of Oslo,
Venue:
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Year:
2008

Citing 10
Cited 0

Conflicts in Policy-Based Distributed Systems Management

IEEE Transactions on Software Engineering
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
A Policy Language for a Pervasive Computing Environment

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Come, Let's Play: Scenario-Based Programming Using LSC's and the Play-Engine

Come, Let's Play: Scenario-Based Programming Using LSC's and the Play-Engine
A Goal-based Approach to Policy Refinement

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Using Linear Temporal Model Checking for Goal-Oriented Policy Refinement Frameworks

POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
A Functional Solution for Goal-Ooriented Policy Refinement

POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Triggered Message Sequence Charts

IEEE Transactions on Software Engineering
Specifying Policies Using UML Sequence Diagrams--An Evaluation Based on a Case Study

POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Security and management policy specification

IEEE Network: The Magazine of Global Internetworking

Quantified Score

Hi-index	0.00

Visualization

Abstract

The UML is the de factostandard for system specification, but offers little specialized support for the specification and analysis of policies. This paper presents Deontic STAIRS, an extension of the UML sequence diagram notation with customized constructs for policy specification. The notation is underpinned by a denotational trace semantics. We formally define what it means that a system satisfies a policy specification, and introduce a notion of policy refinement. We prove that the refinement relation is transitive and compositional, thus supporting a stepwise and modular specification process. The approach is exemplified with access control policies.