Model-driven simulation for cross-domain policy enforcement

Abstract

This paper proposes an enforcement architecture and develop a simulation framework for cross-domain policy enforcement. The entire simulation environment is used to solve the problem of enforcing policies across domain boundaries when permanent or temporary collaborations have to span over multiple domains. In reality, different systems from different organizations or domains have very different high-level policy representations and various low-level enforcement mechanisms, such as high-level security policies, privacy configurations, and low-level system calls (services). To make sure the compatibility and enforceability of one policy set in another domain, a simulation environment is needed before actual policy deployment and code development. The framework developed in this simulation environment can also be used to generate policy enforcement code directly for permanent integrations or temporary interactions. This framework provides various functions to enforce policies automatically or semi-automatically across domains as by-products. A case study in healthcare information systems confirms the advantages of these new functions and facilities in this simulation environment. © 2010 ICST.