Policy modeling and compliance verification in enterprise software systems: A survey

During the past few years we are witnessing a paradigm shift in enterprise computing, from the classic host-based service-oriented architecture pattern, to a more complex or elastic computing pattern that facilitates the provision of on-demand computing resources. This new computing paradigm offers numerous advantages but also, poses significant challenges. Advantages are related to the flexibility service providers have on deploying virtual resources on as-needed-basis, providing thus opportunities for large scale computing capabilities, while limiting the total cost of ownership. However, these benefits come at the cost of the user partially losing control over the deployed resources and the cost managing platforms and applications that are now provisioned at an unprecedented rate and interaction complexity. In order to address the above challenges, a service management and service assurance framework is required, whereby policies should be formally modeled, and consequently be verified against runtime system behavior models. In this paper, we survey a number of policy modeling and policy compliance verification techniques and we propose a corresponding basic taxonomy for these.