Errors can occur when defining and evaluating the overall security policy in a cyber-physical system. The effect of these policy errors on the secure operation of information systems can result in unacceptable levels of risk from the user's point of view. Relying on security paradigms based solely on formal methods makes it difficult, if not impossible, to detect and/or reason about certain classes of IT security threats and vulnerabilities. 
We are interested in designing an environment integrating formal and heuristic reasoning as a basis for modeling complex systems with heterogeneous security policies. To support our proposal, we consider the problem of reasoning about computer security plans in the case where agents evolve in a constrained environment to perform tasks that require synchronization and communication between agents.  
Keywords: security policies, artificial intelligence, reasoning, knowledge representation, constraints