On modelling access policies: Relating roles to their organisational context

Proceedings of the IEEE International Conference on Requirements Engineering

Volumn , Issue , 2005, Pages 157-166

  Crook, Robert ^a   Ince, Darrel ^a   Nuseibeh, Bashar ^a  

^a OPEN UNIVERSITY   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

CUSTOMER SATISFACTION; REQUIREMENTS ENGINEERING;

INFORMATION ASSETS; MODELING APPROACHES; ORGANIZATIONAL CONTEXT;

PUBLIC POLICY;

EID: 27644540336     PISSN: 1090705X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/re.2005.48     Document Type: Conference Paper

References (47)

1. th Int. Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ-02), Essen, Germany, 9-10 Sept. 2002.
2. R. Anderson, Security Engineering - A Guide to building dependable distributed Systems, Wiley, 2001.
3. th ACM Work, on Role-based access control, 21-30, Jul 2000.
4. J. Bacon, M. Lloyd, and K. Moody, "Translating Role-based Access Control within Context", Proc. of Int. Workshop Policies for Distributed Systems and Networks (Policy 2001), Bristol, UK, Jan. 2001, Springer, 107-119.
5. D. Bell, and L.J. LaPadula, Secure Computer Systems: A Mathematical Model, MITRE Tech Rep. 2547, Vol 2, 1973.
6. D.F.C Brewer, and M.J. Nash, "The Chinese wall security policy", Proc. of the IEEE Symposium on Security and Privacy, 206-214, 1989.
7. S. J. Brown and O. W. Steenbeek, "Doubling: Nick Leeson's Strategy", Pacific Basin Journal, 2001.
8. British Standards Institution, BS799-1:1999 Information security management - Part 1: Code of Practice for Information Security, London, 1999.
9. th Int. Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ02), Essen, Germany, 2002.
10. R. Crook, D. Ince, and B. Nuseibeh, "Modelling Access Policies Using Roles in requirements Engineering", Information and Software Technology, 45(14): 979-991, November 2003, Elsevier.
11. st ACM Workshop on Role-based access control, 1996.
12. D.D Clark, and D.R Wilson, "A comparison of commercial and military computer security policies", Proc. of IEEE Symposium on Security and Privacy, 184-194, 1987.
13. N. Dulay, E. Lupu, M Sloman, and N. Damianou, "A Policy Deployment Model for the Ponder Language", Proc. IEEE/IFIP Intl. Symposium on Integrated Network Management (IM'2001), Seattle, USA, May 2001.
14. st IEEE Int. Conference on Requirements Engineering (ICRE '94), 158-165, Colorado Springs, Colorado, USA,18-22 April 1994.
15. A. Dardenne, A. van Lamsweerde, and S. Fickas, "Goal-directed Requirements Acquisition", Science of Computer Programming, Volume 20, 1993.
16. P. Fontaine, "Goal oriented elaboration of security requirements", Project Dissertation, Universite Catholique de Louvain, Belgium, 2001.
17. nd ACM workshop on Role-based access control, 121-125, 1997.
18. 5th IEEE Int. Symposium on Requirements Engineering Conference (RE '01), Aug 2001, Canada.
19. th ACM Symposium on Access control models and technologies, 21-27, May 2001.
20. th Intl. Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'03), 137-146, Austria, 16-17 June 2003.
21. C. Handy, Understanding Organisations, Penguin, 1985.
22. A. Lamsweerde "Requirements Engineering in the year 00: A Research Perspective", Proc. of Int. Conf. on Software Engineering(ICSE'2000), Ireland, June 2000, ACM Press.
23. A. Lamsweerde, "Formal Specification, A Roadmap", ICSE-2000 Future of Software Engineering, A. Finkelstein (Ed.), ACM Press, June 2000.
24. th Int. Conference on Software Engineering (ICSE-04), 148-157, Edinburgh, UK, May 2004.
25. D. Jackson, Micromodels of Software: Lightweight Modelling and Analysis with Alloy Software, Design Group. MIT Lab. for Computer Science, 2002.
26. S. Jajodia, P Samarati, and V.S. Sabrahmanian, "A Logical Language for Expressing Authorisations", Proc. of IEEE Symposium on Research in Security and Privacy, 31-42 Oakland, USA, May 1997.
27. nd Int. Workshop on Requirements for High Assurance Systems (RHAS 2003), Monterrey, USA. September 2003.
28. P. Loucopoulus and E.Kavakli, "Enterprise Modelling and the Teological Approach to Requirements Engineering", Int. Journal of Intelligent and Cooperative Information Systems, 4(1): 45-79, 1995.
29. rd Int. Works. on Requirements for High Assurance Systems, 2004.
30. nd Symposium on Requirements Engineering for Information Systems (SREIS'02), 2002.
31. th IEEE Int. Conference on Requirements Engineering (RE'03), Monterrey, USA, 2003.
32. H. Mintzberg, Structure in Fives: Designing effective organisations, Prentice Hall, 1992.
33. th ACM workshop on role-based access control, 153-160, October 1999.
34. rd ACM workshop on Role-based access control, 63-69, October 1998.
35. J. D. Moffett and Morris S. Sloman, "The Source of Authority for Commercial Access Control", IEEE Computer 21(2): 59-69.1988.
36. th ACM symposium on access control models and technologies, 33-42, 2002.
37. R. Sandhu, E. Coyne,H. Feinstaein, C. Youmann, "Role Based Access Control Models", IEEE Computer, 29(2): 38-47, Feb. 1996.
38. A. Schaad, "Framework for Organisational Control Principles", PhD Thesis, Dept. of Computer Science, University of York, UK, 2003.
39. M.R. Strens and J.E. Dobson, "Responsibility Modelling as a Technique for Requirements Definition", IEE Intelligent Systems Engineering, 3(1): 20-26, 1994.
40. G. Sindre and A. L. Opdahl, "Eliciting Security Requirements by Misuse Cases", Proc. of TOOLS Pacific 2000, 120-131, 20-23 Nov. 2000.
41. th Int. Workshop for Requirements Engineering, Foundation for Software Quality (REFSQ'2001), Interlaken, Switzerland, 4-5 June 2001.
42. nd Edition, Prentice Hall, 1992.
43. rd Northern Formal Methods Workshop, Ilkley, UK, Sept.'98.
44. nd ACM workshop on Role-based access control, Fairfax, USA 1997.
45. R.K.Thomas and R.S. Sandhu, "Conceptual foundations for a model of task-based authorizations", IEEE Proc. on Computer Security Foundations Workshop VII, CSFW 7, 66-79, 1994.
46. E. Yu and L. Liu Modelling, "Trust in the i* Strategic Actors Framework", Proc. of 3 Workshop on Deception, Fraud and Trust in Agent Societies, 2000.
47. E. Yu, "A Framework for Organizational Modeling", PhD Thesis, Department of Computer Science, University of Toronto, Canada, 1995.