Enforcing a security pattern in stakeholder goal models

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 9-13

  Yu, Yijun ^a   Kaiya, Haruhiko ^b   Washizaki, Hironori ^c   Xiong, Yingfei ^d   Hu, Zhenjiang ^e   Yoshioka, Nobukazu ^e  

^a OPEN UNIVERSITY   (United Kingdom)

^b SHINSHU UNIVERSITY   (Japan)

^c WASEDA UNIVERSITY   (Japan)

^d UNIVERSITY OF TOKYO   (Japan)

^e NATIONAL INSTITUTE OF INFORMATICS   (Japan)

Author keywords

Goal models; Model transformations; RBAC; Security patterns

Indexed keywords

EARLY DETECTION; GOAL MODELS; GOAL ORIENTED MODELING; GOAL-ORIENTED; MODEL TRANSFORMATIONS; MODEL-DRIVEN; RBAC; REQUIREMENTS MODELS; ROLE-BASED ACCESS CONTROL; SECURITY PATTERNS; SECURITY PROBLEMS;

ACCESS CONTROL;

EID: 70349240293     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1456362.1456366     Document Type: Conference Paper

References (29)

1. E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design patterns: elements of reusable object-oriented software. Addison-Wesley, 1995.
2. E.B. Fernandez and R. Pan. A pattern language for security models. In Proc. of Conference on Pattern Languages of Programs (PLoP), 2001.
3. I. Sommerville. Software Engineering. Addison-Wesley, 2006.
4. Lin Liu, Eric Yu, and John Mylopoulos. Security and privacy requirements analysis within a social setting. In Proc. of International Conference on Requirements Engineering (RE), pages 151-161, 2003.
5. Charles Haley, Robin Laney, Jonathan Moffett, and Bashar Nuseibeh. Security requirements engineering: A framework for representation and analysis. IEEE Trans. Softw. Eng. (TSE), 34(1):133-153, 2008.
6. P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone. Modeling Security Requirements Through Ownership, Permission and Delegation. In Proc. of RE, volume 5, 2005.
7. CB Haley, RC Laney, JD Moffett, and B. Nuseibeh. The effect of trust assumptions on the elaboration of security requirements. In Proc. of RE, pages 102-111, 2004.
8. A. van Lamsweerde. Elaborating security requirements by construction of intentional anti-models. In Proc. of International Conference on Software Engineering (ICSE), pages 148-157, 2004.
9. G. Sindre and A.L. Opdahl. Eliciting security requirements with misuse cases. Requirements Engineering, 10(1):34-44, 2005.
10. L. Lin, B. Nuseibeh, D. Ince, M. Jackson, and J. Moffett. Introducing abuse frames for analysing security requirements. In Proc. of RE, pages 371-372, 2003.
11. F. Massacci, M. Prest, and N. Zannone. Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation. Computer Standards & Interfaces, 27(5):445-455, 2005.
12. Y. Asnar, P. Giorgini, F. Massacci, A. Saidane, R. Bonato, V. Meduri, and C. Riccucci. Secure and Dependable Patterns in Organizations: An Empirical Approach. In Proc. of RE, pages 287-292, 2007.
13. E.S.K. Yu. Modelling strategic relationships for process reengineering. PhD thesis, University of Toronto Toronto, Ont., Canada, Canada, 1996.
14. P. Bresciani, A. Perini, P. Giorgini, F. Giunchiglia, and J. Mylopoulos. Tropos: An Agent-Oriented Software Development Methodology. Autonomous Agents and Multi-Agent Systems, 8(3):203-236, 2004.
15. Bas Graaf, Sven Weber, and Arie van Deursen. Model-driven migration of supervisory machine control architectures. J. Syst. Softw., 81(4):517-535, 2008.
16. F. Budinsky, S.A. Brodsky, and E. Merks. Eclipse Modeling Framework. Pearson Education, 2003.
17. David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. Proposed nist standard for role-based access control. ACM Transactions on Information and System Security, 4(3):224 - 274, Aug. 2001.
18. E. Yu and L. Liu. Modelling Trust for System Design Using the i* Strategic Actors Framework. In Trust in Cyber-Societies-Integrating the Human and Artificial Perspectives, pages 175-194, 2001.
19. L. Liu, E. Yu, and J. Mylopoulos. Security Design Based on Social Modeling. pages 71-78, 2006.
20. Yijun Yu, Julio Cesar Sampaio do Prado Leite, and John Mylopoulos. From goals to aspects: Discovering aspects from goal models. In Proc. of RE, pages 38-47, 2004.
21. Jaap Gordijn, Eric Yu, and Bas van der Raadt. e-service design using i* and e3value modeling. IEEE Software, 2006.
22. Hugo Estrada et al. An empirical evaluation of the i* framework in a model-based software generation environment. In Proc. of CAiSE, pages 513-527, 2006.
23. Volha Bryl, Fabio Massacci, John Mylopoulos, and Nicola Zannone. Designing security requirements models through planning. In Proc. of CAiSE, 2006.
24. Haralambos Mouratidis, Jan Jurjens, and Jorge Fox. Towards a comprehensive framework for secure systems development. In Proc. of CAiSE, 2006.
25. Markus Schumacher. Security Engineering with Patterns: Origins, Theoretical Model, and New Applications. LNCS, Vol.2754, Springer, 2003.
26. Thongchai Rojkangsadan Kawin Supaporn, Nakornthip Prompoon. An Approach: Constructing the Grammar from Security Pattern. In Proc. of International Joint Conference on Computer Science and Software Engineering (JCSSE2007), 2007.
27. Ivan Araujo and Michael Weiss. Linking Patterns and Non-Functional Requirements. In Proc. of PLoP, 2002.
28. Xavier Franch Gemma Grau. A Goal-Oriented Approach for the Generation and Evaluation of Alternative Architectures. In Proc. of European Conference on Software Architecture (ECSA), 2007.
29. Yingfei Xiong, Dongxi Liu, Zhenjiang Hu, Haiyan Zhao, Masato Takeichi, and Hong Mei. Towards automatic model synchronization from model transformations. In Proc. of IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 164-173, 2007.