Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. - -

Tuesday 25 September 2007


ObjectSecurity is just finishing a larger study about model-driven security (MDS), as part of which they did an exhaustive search of different approaches, architectures, and definitions. In the end they settled for the following definition:

Model driven security (MDS) is the tool supported process of modelling security requirements at a high level of abstraction, and using other information sources available about the system (produced by other stakeholders). These inputs, which are expressed in Domain Specific Languages (DSL), are then transformed into enforceable security rules with as little human intervention as possible. MDS explicitly also includes the run-time security management (e.g. entitlements/authorisations), i.e. run-time enforcement of the policy on the protected IT systems, dynamic policy updates and the monitoring of policy violations.

Please put any suggestions into the comments field and we will modify this definition as needed.

As part of their study, they also analysed the product/vendor landscape in technical depth, and identified industry trends - this information can be made available upon request. Contact us
here if you are interested in details or would like to purchase a report.

No comments: