Protecting computational resources and digital information against unauthorized access is one of the fundamental security requirements in modern computer systems. Usage control addresses the control of computational resources after access has been granted. Despite its fundamental importance, no systematic methods exist to implement formal usage control specifications. This paper presents a model driven approach to solve this problem based on graph transformation. Using the precise semantics of graph transformation, access control models and policies can be formally analyzed in an early phase. The existing solutions on automated verification and efficient implementation of graph transformation show that this approach is suitable to address security concerns throughout the overall software development process.