Security policy specification templates for critical infrastructure services in the cloud

Security policies are an established way for specifying security demands. However, stakeholders are hardly capable of specifying complex machine-readable security policies. Therefore, a user-friendly specification method is necessary, such as refineable natural-language security policy templates. This paper describes how a security expert can elicit security demands from various stakeholders and generalize them as security policy templates. By simply instantiating these templates, policy authors can easily specify their security demands. An examplary application in the context of cloud computing for critical infrastructure IT services is shown.