Matching Security Policies to Application

The issue of developing complex secure systems is still a great challenge. We claim that in contrast to the well known bottom-up oriented approaches secure concurrent systems should be developed top-down starting with a formal top-level speciication. A framework for developing secure systems is needed, which ooers means to specify security requirements adapted to the speciic demands of application areas. In addition, an appropriate security model is needed to formally describe the behavior and the security properties of systems. We will present a uniform framework which is appropriate to match security policies to application needs. Secure concurrent systems are modeled with two diierent levels of abstraction. The action model provides a sound and ne-grained basis to formalize security properties of the system. In order to ease system modeling we introduce the object security model by systematically coarsening the action model. In addition to our security model we will present a security requirement logic. Security policies tailored to the speciic requirements of applications may by speciied with the formulas of the logic. The security requirement logic allows to specify diierent security policies such as access control and information ow policies in a uniform way, and allows to compare these policies.