Today, the challenge in security of complex distributed systems does not anymore lie in encryption or access control of a single middleware platform, but in the protection of the system as a whole. This includes the definition of correct security policies at various abstraction layers, and also the unified and correct management and enforcement of the correct security policy at all relevant places in the system. As the authors have learned in the development of even comparatively simple distributed systems, e.g. an Air Traffic Control simulation system, this is not possible anymore by a manual definition of encryption properties and access control rules. Human security administrators are not able to define all the fine grained rules with sufficient assurance, to distribute them to all Policy Enforcement Points and to check many log files or admin consoles. This is especially impossible in highly distributed and agile service oriented or data driven systems.

In this paper, the authors describe an integrated approach to protect such complex and heterogeneous systems. It is based on Model Driven Security to generate high assurance security policies, rules and configurations from the system's functional model and a high level security policy, and the OpenPMF Policy Management Framework to manage and to correctly enforce the security policy in the system.

As a proof of concept, the protection of a prototypical implementation of System Wide Information Management (SWIM) in Air Traffic Management is briefly described.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.