Validating the enforcement of access control policies and separation of duty principle in requirement engineering

Information and Software Technology

Volumn 49, Issue 2, 2007, Pages 142-157

  Alghathbar, Khaled ^a  

^a KING SAUD UNIVERSITY   (Saudi Arabia)

Author keywords

Access control policies; Security engineering; Semi formal methods; Separation of duty; Use cases

Indexed keywords

COMPUTER PROGRAMMING LANGUAGES; COMPUTER SIMULATION; CONTROL SYSTEMS; SECURITY OF DATA;

ACCESS CONTROL POLICIES; SECURITY ENGINEERING; SEMI FORMAL METHODS; SEPARATION OF DUTY; USE CASES;

SOFTWARE ENGINEERING;

EID: 33751113935     PISSN: 09505849     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.infsof.2006.03.009     Document Type: Article

References (30)

1. K. Alghathbar, D. Wijesekera, Modeling dynamic role-based access constraints using UML, in: Proceedings of the 1st International Conference on Software Engineering Research & Applications (ICSERA'03), San Francisco, CA, June (2003).
2. Alghathbar K., and Wijesekera D. AuthUML: a three-phased framework to analyze access control specifications in Use Cases, Washington, DC. Proceedings of the Workshop on Formal Methods in Security Engineering (FMSE) (2003), ACM Press, New York
3. Apt K., Blair H., and Walker A. Towards a theory of declarative knowledge. In: Minker J. (Ed). Foundations of deductive databases (1988), Morgan Kaufman, San Mateo 89-148
4. Boehm B. Software engineering economics (1981), Prentice-Hall, Englewood Cliffs, NJ
5. Booch G., Rumbaugh J., and Jacobson I. The Unified Modeling Language User Guide (1999), Addison-Wesley, Reading, MA
6. G. Brose, M. Koch, K.-P. Löhr, Integrating access control design into the software development process, in: Proceedings of the sixth biennial world conference on the Integrated Design and Process Technology (IDPT), Pasadena, CA, June (2002).
7. Brose G. A typed access control model for CORBA. In: Cuppens F., Deswarte Y., Gollmann D., and Weidner M. (Eds). Proceedings European Symposium on Research in Computer Security (ESORICS). Lecture Notes in Computer Science vol. 1895 (2000), Springer, Berlin 88-105
8. D.D. Clark, D.R. Wilson, A comparison of commercial and military computer security policies, in: Proceedings of the IEEE Symposium on Security and Privacy, 1987, pp. 184-919.
9. Devanbu P.T., and Stubblebine S. Software engineering for security: a roadmap. In: Finkelstein A. (Ed). The Future of Software Engineering (2000), ACM Press, New York
10. J. Dobson, J. McDermid, A framework for expressing models of security policy, in: Proceedings of the IEEE Symposium on Security and Privacy, 1989, pp. 229-241.
11. E. Fernandez-Medina, A. Martinez, C. Medina, M. Piattini, Integrating multilevel security in the database design process, in: Proceedings of the sixth biennial world conference on the Integrated Design and Process Technology (IDPT), Pasadena, CA, June (2002).
12. Fernandez-Medina E., and Piattini M. Designing secure databases. Information and Software Technology 47 7 (2005) 463-477
13. Gabbay D., and Hunter A. Making inconsistency respectable: a logical framework for inconsistency in reasoning, phase1 - a position paper. Proceedings of Fundamentals of Artificial Intelligence Research (1991), Springer, Berlin 19-32
14. Gabbay D., and Hunter A. Making Inconsistency Respectable: A Logical Framework for Inconsistency in Reasoning, Phase2. Symbolic and Quantitative Approaches to Reasoning and Uncertainty. Lecture Notes in Computer Science (1992), Springer, Berlin 129-136
15. Ahn G.-J., and Sandhu R. Role-based authorization constraints specification. ACM Transactions on Information and System Security 3 4 (2000) 207-226
16. M. Gelfond, V. Lifschitz, The stable model semantics for logic programming. in: Proceedings of the 5th International Conference and Symposium on Logic Programming, Seattle, Washington, 1988, pp. 1070-1080.
17. V. Gligor, S. Gavrila, D. Ferraiolo, On the formal definition of separation of duty policies and their composition, in: Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, May (1998).
18. Jajodia S., Samarati P., Luisa Sapino M., and Subrahmanian V.S. Flexible support for multiple access control policies. ACM Trans. on Database Systems 26 2 (2001) 214-260
19. Jurjens J. Towards development of secure systems using UMLsec. In: Hussmann H. (Ed). Fundamental Approaches to Software Engineering, 4th Internacional Conference, Proceedings. Lecture Notes in Computer Science (2001), Springer, Berlin 187-200
20. Lodderstedt T., Basin D., and Doser J. SecureUML: a UML-based modeling language for model-driven security. Proceedings of the 5th International Conference on the Unified Modeling Language, Dresden, Germany (2002), Springer, Berlin 426-441
21. M. Nash, K. Poland, Some conundrums concerning separation of duty, In: Proceedings of the IEEE Symposium on Security and Privacy, May 1990, pp. 201-207.
22. Nuseibeh B., Easterbrook S., and Russo A. Making respectable in software development. Journal of Systems and Software 56 11 (2001)
23. Object Management Group, OMG Unified Modeling Language Specification, Version 1.4, 2001 .
24. Sandhu R.S., Coyne E.J., Feinstein H.L., and Youman C.E. Role-based access control models. IEEE Computer 29 2 (1996) 38-47
25. R.S. Sandhu, Transaction control expressions for separation of duties, in: Proceedings of the Fourth Computer Security Applications Conference, 1988, pp. 282-286.
26. Sendall S., and Strohmeier A. From use cases to system operation specifications. UML (2000) 1-15
27. S. Sendall, Specifying Reactive System Behavior, Ph.D. thesis, Swiss Federal Institute of Technology - Lausanne (EPFL), May (2002).
28. R. Simon, M. Zurko, Separation of duty in role-based environments, in: Proceedings of the 10th Computer Security Foundations Workshop, Rockport, Massachusetts, June (1997).
29. Warmer J., and Kleppe A. The Object Constraint Language: Precise Modeling with UML (1999), Addison-Wesley, Reading, MA
30. Woo T., and Lam S. Authorizations in distributed systems: a new approach. Journal of Computer Security 2 2-3 (1993) 107-136