Abstract
We present a method for (1) specifying high-level security policies using UML sequence diagrams and (2) transforming high-level sequence diagram policies into low-level state machine policies that can be enforced by monitoring mechanisms. We believe that the method is both easy to use and useful since it automates much of the policy formalization process.