OpenPMF’s policies are captured in generic terms, rather than in technical security rules. This way, OpenPMF policies typically do not have to change when the application landscape changes.

OpenPMF automatically generates the technical security enforcement rules from those models by automatically analyzing the applications with all their interactions, and inferring which rules are required to enforce the requirements defined in the models. This approach is called “model-driven security”. It applies some of the concepts from model-driven software development to security.

OpenPMF’s patent-pending model-driven security feature ensures policies are manageable even if IT landscapes are large and change dynamically. Its automation also improves the correctness of the enforced security (in comparison to manual specification and continuous updating of technical rules). The result is a significant cost saving, esp. with respect to maintenance.

Request free OpenPMF Trial

OpenPMF Security Policy Automation.

1. Import
Import information about your organization, including systems/applications, networks, data flows, users and alerts. And Import your existing technical policies as a baseline, for example access control configurations.

2. Author
Author security policies that are intuitive, generic, rich and easy customizable. Policies are technology-neutral, allowing for easy application to many technologies

3. Generate
Generate technical enforcement rules & configurations for example for access control automatically. OpenPMF’s own enforcement infrastructure supports many technologies out-of-the-box, and other technologies on demand. OpenPMF comes with its own enforcement infrastructure, which includes local software agents.

OpenPMF ensures policies are manageable.

OpenPMF allows you to improve protection, monitoring, testing, and documenting – for your information, users and devices. OpenPMFTM turns human-manageable security policies automatically into the matching preventive technical implementation. OpenPMF lets you manage security policies in customizable terms that matter to your organization. OpenPMF ensures policies are manageable even if IT landscapes are large and change dynamically. The result is a significant cost saving, especially with respect to maintenance.

“Industry specialists agree that over 70% of all security break-ins happen on the application layer, not on the network layer. In order to ensure that enterprise security policies and regulations are adequately addressed on the application layer, matching fine-grained access policies need to be enforced reliably and consistently. And at low cost and low maintenance. Without application access control and auditing, enterprises would leave the most important layer in their IT landscape unprotected.”

OpenPMF in Detail and Screenshots.

OpenPMF uses your existing information to simplify policy automation. Import information about your networks, applications, systems, and users at the click of a button. Analyze and visualize the information, and select subsets you want to use for policy generation or policy testing.

Import existing security policies into OpenPMF as a basis for the policies you will manage in OepnPMF. For example, import from OASIS XACML compatible systems, or use OpenPMF’s customizable importers to import other existing policies.

Author policies in generic, intuitive, and rich concepts, using terms you choose.

  • Policy editor to author intuitive security policies
  • Most  policy building blocks user-configurable
  • Rapidly customizable/flexible
  • Standards-based (Eclipse EMF)
  • Web browser based, SaaS-ready

Generate enforcement of technical rules & configurations at the click of a button. OpenPMF generates “low-level” technical policy implementation from generic, intuitive expressive “high-level” policies and other – ideally already existing – information sources.

Test policies using formal methods. For example, you can test whether certain policies can or cannot occur.

Document compliance & natural language policy in English language text exported at the click of a button.

  • easy to read & understand
  • to make sure the policy is right
  • for audit & compliance

Enforce via OpenPMF’s own runtime. Many technologies out-of-the-box

  • Fine-grained Access Control Products (XACML)
  • Development Tools (Eclipse IDE & EMF)
  • Middleware: OSGi, BPMS BPMN SOA, web app servers, DDS, CORBA/CCM, IIOP ObjectWall
  • Network Intrusion Detection Systems
  • Identity Management, Directory Services, PMI & PKI, X.509, LDAP
  • Databases: PostgreSQL (under dev.)
  • Other technologies on demand

Export security configurations into 3rd party products using OpenPMF’s rapidly customizable exporter.

  • Firewalls, IDS/IPS, …
  • XACML, …
  • DLP
  • OS security


1) Monitor via OpenPMF’s own runtime. Many technologies out-of-the-box:

  • Fine-grained Access Control (XACML)
  • Development Tools (Eclipse)
  • Middleware: OSGi, BPMS BPMN SOA, web app servers, DDS, CORBA/CCM, IIOP ObjectWall
  • Network Intrusion Detection Systems
  • Identity Management, Directories, PMI & PKI, X.509, LDAP
  • other technologies on demand

2) Import 3rd party alerts: using OpenPMF’s customizable importer

Automatically update & rapidly customize:

  • policies when your IT landscape changes
  • policies & enforcement for your organization

To update, just import any changes to your IT landscape, and simply regenerate the technical policy at the click of a button.

Customize most features of OpenPMF, including policy features, importers, exporters, enforcement.

OpenPMF is based on standards (Eclipse EMF/MOF, OMG QVT etc.)

We generally favor ‘model driven security’ to actually execute and implement digital dynamic access control.

OpenPMF Security Policy Automation:

  • Turns human-manageable security policies automatically into the matching technical implementation.

  • Generates accreditation/compliance evidence automatically.

  • Reduces cost, improve security, speed up accreditation/compliance.

  • Supports security for today’s agile, interconnected applications, including Service-Oriented Architecture (SOA), Internet of Things (IoT), privacy by design (PbD), and cloud platforms (PaaS).

  • Uses model-driven security (MDS) – a unique, patent-pending technology – to simplify policy management more than other approaches (e.g. visual/linguistic).

  • Includes a model-driven policy authoring tool, a model-driven rule generation tool, an attribute-based authorization policy server, and policy decision/enforcement points.

  • Is standards-based incl. Ecore/MOF, XMI, XACML, attribute-based access control, etc.

  • Is very well suited to implement guidance/regulations (NIST 800-53, …)

  • Can be deployed locally or in the cloud (SaaS).

  • OpenPMF automates policy management, giving you the assurance that your security mechanisms are actually enforcing the policies you specify.

Interested in learning about the benefits of a Security Policy Automation? Request a free license for OpenPMF today.

Learn More