Security Policy Refinement: High-Level Specification to Low-Level Implementation

Abstract

Security and privacy policies are stated in the context of abstract concepts such as users/roles, objects and actions that relate to a specific level of abstraction in the system design. Refinement of the abstract design down to lower level implementations can result in a disconnect between the implementation and the more abstract security policy. In this paper we introduce the concept of security policy refinement for access control policies that allows us to maintain a tighter coupling between the security policy and its implementation. We use a purpose-based privacy policy as an example to explain the concepts. The resulting refinement technique provides for improved verification and validation that the system, as implemented, satisfies the abstract security policy, and sets the stage for further research in this area.