Policy refinement is the process of deriving low-level policies from high-level policy specifications. A basic example is that of the refinement of policies referring to users, resources and applications at a high level, such as the level of virtual organsiations, to policies referring to user ids, resource addresses and computational commands at the low level of system and network environments. This paper tackles the refinement problem by proposing an approach using model-to-model transformation techniques for transforming XACML-based VO policies to the resource level. Moreover, the transformation results in deployable policies referring to at most a single resource, hence avoiding the problem of cross-domain intereference. The applicability of our approach is demonstrated within the domain of distributed geographic map processing.
|Publication status||Published - 2011|
|Event||International Symposium on Engineering Secure Software and Systems - Madrid, Spain|
Duration: 9 Feb 2011 → 11 Feb 2011
|Conference||International Symposium on Engineering Secure Software and Systems|
|Abbreviated title||ESSOS 2011|
|Period||9/02/11 → 11/02/11|