Modelling Fine-Grained Access Control Policies in Grids

This paper presents an abstract specification of an enforcement mechanism of usage control for Grids, and verifies formally that such mechanism enforces UCON policies. Our technique is based on KAOS, a goal-oriented requirements engineering methodology with a formal LTL-based language and semantics. KAOS is used in a bottom-up form. We abstract the specification of the enforcement mechanism from current implementations of usage control for Grids. The result of this process is agent and operation models that describe the main components and operations of the enforcement mechanism. KAOS is used in top-down form by applying goal-refinement in order to refine UCON policies. The result of this process is a goal-refinement tree, which shows how a goal (policy) can be decomposed into sub-goals. Verification that a policy can be enforced is then equivalent to prove that a goal can be implemented by the enforcement mechanism represented by the agent and operation models.