Detecting policy conflicts by model checking UML state machines

Policies are convenient means to modify system behaviour at run-time. Nowadays, policies are created in great numbers by different actors, ranging from system administrators to lay-users. However, this situation may lead naturally to inconsistencies, a problem that has been recognized and termed policy conflict. The adoption of a widely-used notation, with good tool support, to express the policies, can not only support the detection, but also help all the involved actors in understanding and resolving the conflicts. In this respect, a natural candidate is UML due to its current wide use in the industrial practice. In this paper we show how to model check policies expressed in UML to verify whether they are free of conflicts: we define a correspondence between APPEL policies and UML state machines and use UMC as a model checker. We validate the approach with examples taken from the literature.