Deriving Policies from Grid Security Requirements Model

  • Syed Naqvi
  • Alvaro E. Arenas
  • Philippe Massonet


The emerging Grid applications require rigorous approaches to handle security management issues as their scale, heterogeneity, and complexity can not be handled with simple examination and monitoring mechanisms. In this paper, we propose a rigorous method of deriving security policies for grid applications. These policies are derived from a security requirements model built using the KAOS requirements engineering methodology. We consider an example grid application of distributed file system; its formal security requirements model is developed followed by its refinement and then the derivation of security policy for this application. The derived policies are refined and transformed into operational policies for their implementation. We developed templates for the security policies to facilitate and formalise the various stages of policy derivation.


Grid security formal requirements modelling security policies 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    A. Dardenne, A. Lamsweerde, and S. Fickas. Goal-directed requirements acquisition. Science of Computer Programming, (20):3–50, 1993.zbMATHCrossRefGoogle Scholar
  2. [2]
    J. Dorr, D. Kerkow, A. Knethen, and B. Paech. Eliciting efficiency requirements with use cases. 9th International Workshop on Requirments Engineering - Foundation for Software Quality, Workshop held at CaiSE’03, 2003.Google Scholar
  3. [3]
    I. Foster, C. Kesselman, and S. Tuecke. The anatomy of the grid: Enabling scalable virtual organizations. International Journal of Supercomputer Applications, 15(3), 2001.CrossRefGoogle Scholar
  4. [4]
    A. Fuxman, M. Pistore, J. Mylopoulos, and P. Traverso. Model checking early requirements specifications in tropos. Proceedings of Fifth IEEE International Symposium on Requirements Engineering 2001 (RE’01), pages 174–181, 2001.Google Scholar
  5. [5]
    E. Kalyvianaki and I. Pratt. Building adaptive peer-to-peer systems. 4th International Conference on Peer-to-Peer Computing (P2P 2004), (ISBN 0-7695-2156-8), 2004.Google Scholar
  6. [6]
    A. Lamsweerde. Elaborating security requirements by construction of intentional anti-models. 26th ACM-IEEE International Conference on Software Engineering (ICSE’04), pages 148–157, 2004.Google Scholar
  7. [7]
    S. Naqvi, P. Massonet, and A. Arenas. Security requirements model for grid data management systems. Proceedings of the International Workshop on Critical Information Infrastructure Security 2006 (CRITIS’06), 2006.Google Scholar
  8. [8]
    S. Naqvi, P. Massonet, and A. Arenas. A study of languages for the specification of grid security policies. CoreGRID Technical Report TR0037, 2006.Google Scholar
  9. [9]
    S. Naqvi, O. Poitou, P. Massonet, and A. Arenas. Security requirements analysis for large-scale distributed file systems. Proceedings of the CoreGRID Workshop on Middleware, 2006.Google Scholar
  10. [10]
    R. Strum and W. Morris. Foundations of service level management. Book, (ISBN 0-6723-1743-5):288, 2004.Google Scholar
  11. [11]
    G. Wasson and M. Humphrey. Toward explicit policy management for virtual organisations. 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY2003), 2003.Google Scholar
  12. [12]
    L. Wills. Security policies: Where to begin. SANS Whitepaper, 2002.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Syed Naqvi
    • 1
  • Alvaro E. Arenas
    • 2
  • Philippe Massonet
    • 3
  1. 1.Centre of Excellence in Information and Communication Technologies (CETIC)STFC Rutherford Appleton LaboratoryUnited Kingdom
  2. 2.STFC Rutherford Appleton LaboratoryUnited Kingdom
  3. 3.Centre of Excellence in Information and Communication Technologies (CETIC)Belgium

Personalised recommendations