Modelling access policies using roles in requirements engineering

Information and Software Technology

Volumn 45, Issue 14, 2003, Pages 979-991

  Crook, Robert ^a   Ince, Darrel ^a   Nuseibeh, Bashar ^a  

^a OPEN UNIVERSITY   (United Kingdom)

Author keywords

Access policies; Roles; Security requirements

Indexed keywords

COMPUTER GRAPHICS; COMPUTER PROGRAMMING LANGUAGES; SECURITY OF DATA;

REQUIREMENTS ENGINEERING (RE);

COMPUTER SOFTWARE;

EID: 0141733117     PISSN: 09505849     EISSN: None     Source Type: Journal    
DOI: 10.1016/S0950-5849(03)00097-1     Document Type: Conference Paper

References (32)

1. Antón A.I., Earp J.B. Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems. Recent Advances in Secure and Private E-Commerce. 2001;Kluwer Acedemic Publishers, Dordecht.
2. E. Bertino, P.A. Bonatti, E. Ferrari, TRBAC: A temporal role-based access control model, Proceedings of the 5th ACM Workship on Role-based Access Control, July 2000, pp. 21-30.
3. Bell D., La Padula L.J. Secure Computer Systems: A Mathematical Model. MITRE Technical Report 2547. vol. II:1973.
4. J. Bacon, M. Lloyd, K. Moody, Translating Role-based Access Control within Context, Proceedings of International Workshop Policies for Distributed Systems and Networks (Policy 2001), Bristol, January 2001, LNCS, Springer-Verlag, pp. 107-119.
5. E. Barka, R. Sandhu, A framework for role based delegation model, Proceedings of 23rd National Information Systems Security Conference, Baltimore, October 16-19 2000, pp. 101-114.
6. M.J. Covington, W. Long, S. Srinivasan, A.K. Dev, M. Ahamad, G.D. Abowd, Securing context-aware applications using environment roles, Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, May 2001, pp. 10-20.
7. Clark D., Wilson D. A comparison of commercial and military computer security policies. Proceedings of the IEEE Symposium on Security and Privacy. 1987;184-194.
8. Department of Defense Trusted Computer System Evaluation Criteria Dod 5200-28-Std, 1985.
9. C.K. Georgiadis, I. Mavridis, G. Pangalos, R.K. Thomas, Flexible team-based access control using contexts, Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, May 2001, pp. 21-27.
10. Handy C. Understanding Organizations. 1985;Penguin, Harmondsworth.
11. Mintzberg H. Structure in Fives: Designing effective organisations. 1992;Prentice Hall, Englewood Cliffs, NJ.
12. J.D. Moffett, Control principles and role hierarchies, Proceedings of the 3rd ACM Symposium on Access Control Models and Technologies, October 1998, pp. 63-69.
13. Nyanchama M., Osborn S.L. Modeling mandatory access control in role-based security systems. Spooner D.L., Demurjian S.A., Dobson J.E. Proceedings of the IFIP WG 11.3 9th Annual Working Conference on Database Security. 1995;129-144 Chapman and Hall, London.
14. Sandhu R., Coyne E., Feinstaein H., Youmann C. Role-based access control models. IEEE Computer. 29:(2):1996;38-47.
15. Sandhu R., Ferraiolo D., Kuhn R. The NIST model for role-based access control: towards a unified standard. Proceedings of the 5th ACN Workshop on Role-Based Access Control (RBAC-00), Berlin Germany, July. 26-27:2000;47-64.
16. R. Sandhu, Q. Munawer, How to do discretionary access control using roles, Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, October 1998, pp. 47-54.
17. R.K. Thomas, Team-based access control a primitive for applying role-based access controls in collaborative environments, Proceedings of the 2nd ACM Workshop on Role-Based Access Control, Fairfax, USA, 1997.
18. W. Yao, K. Moody, J. Bacon, A Model of OASIS role-based access control and its support for active security, SACMAT'01, Chantilly Virginia, USA, 2001.
19. Dardenne A., Lamsweerde A. Goal-Directed Requirements Acquisition. Science of Computer Programming. vol. 20:1993.
20. S. Jajodia, P. Samarati, V.S. Sabrahmanian, A logical language for expressing authorisations, Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland CA, May 1997, pp. 31-42.
21. Damianou N., Dulay N., Lupu E., Sloman M. Ponder A Language for specifying Management and Security Policies for Distributed Systems. Imperial College Research Report DoC2001, January. 2001.
22. E. Lupu, A Role-Based Framework for Distributed Management Systems, PhD Thesis, Imperial College of Science Technology and Medicine, Department of Computing, 1998.
23. Thomas R.K. Conceptual foundations for a Model of Task-Based Authorizations. IEEE proceedings on Computer Security Foundations Workshop VII, CSFW. 7:1994;66-79.
24. BS799-1: Information Security Management - Part 1: Code of Practice for Information Security, British Standards Institution, London, 1999.
25. E. Yu, L. Liu, Modelling Trust in the i* Strategic Actors Framework, Proceedings of the 3rd Workshop on Deception, Fraud and Trust in Agent Societies, Barcelona, Spain, 2000.
26. Chung L. Dealing with security requirements during the development of information systems. Rolland C., Bodart F., Cauvet C. Proceedings of CaiSE'93, 5th International Conferene on Advanced Information Systems Engineering, Paris, France. 1993;234-251 Springer-Verlag, Berlin.
27. P.-J. Fontaine, Goal Oriented Elaboration of Security Requirements, Project Dissertation, Université Catholique de Louvain, Belgium, 2001.
28. Bacon M., Lloyd K., Moody K. Translating Role-Based Access Control within Context. Proceedings International Workshop Policy2001, Policies for Distributed Systems and Networks, Bristol, January 2001. 2001;Springer-Verlag, Berlin. pp. 107-119, LNCS.
29. A. Antón, Goal Identification and Refinement in the Specification of Software-Based Information Systems, PhD Thesis, Georgia Institute of Technology, June 1997.
30. R. Crook, D. Ince, B. Nuseibeh, Towards an Analytical Role Modelling Framework for Security Requirements, Proceedings of 8th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ-02), Essen, Germany, September 9-10, 2002.
31. E. Yu, A Framework for Organizational Modeling, PhD Thesis, Department of Computer Science, University of Toronto, 1995.
32. N.C. Damianou, A Policy Framework for Management of Distributed Systems, PhD Thesis, Chapter 2, Imperial College of Science, Technology and Medicine, Department of Computing, London, 2002.