Building a responsibility model including accountability, capability and commitment

Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

Volumn , Issue , 2009, Pages 412-419

  Feltus, Christophe ^a   Petit, Michaël ^b  

^a LUXEMBOURG INSTITUTE OF SCIENCE AND TECHNOLOGY   (Luxembourg)

^b UNIVERSITY OF NAMUR   (Belgium)

Author keywords

Access control; Accountability; Capability; Commitment; Formal system; Responsibility; Right management; Security management

Indexed keywords

ACCOUNTABILITY; CAPABILITY; COMMITMENT; FORMAL SYSTEM; RESPONSIBILITY; RIGHT MANAGEMENT; SECURITY MANAGEMENT;

INDUSTRIAL MANAGEMENT; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 70349657124     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2009.45     Document Type: Conference Paper

References (43)

1. R. Sandhu, J. Park, Usage Control: A Vision for Next Generation Access Control, The Second International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, 2003.
2. C. Feltus, A. Rifaut, An Ontology for Requirements Analysis of Managers' Policies in Financial Institutions, I-ESA2007, Madeira, Portugal.
3. Gustaf Neumann, Mark Strembeck, A Scenario-driven Role Engineering Process for Functional RBAC Roles, SACMAT'02, June 34, 2002, Monterey, California, USA.
4. Coyne, E. J. 1996. Role engineering. First ACM Workshop on Role-Based Access Control, Gaithersburg, Maryland, United States.
5. N. Damianou, N. Dulay, E. Lupu, M. Sloman , The Ponder Policy Specification Language Workshop on Policies for Distributed Systems and Networks (Policy2001), HP Labs Bristol, 29-31. Springer-Verlag.
6. Bertino, E., Mileo, A., and Provetti, A. 2005. PDL with Preferences. IEEE international Workshop on Policies For Distributed Systems and Networks, Policy 2005 - Vol. 00, IEEE Computer Society, Washington, DC, 213-222.
7. Basile, C.; Lioy, A.; Perez, G. Martinez; C., F. J. Garcia; Skarmeta, A. F. Gomez, POSITIF: A Policy-Based Security Management SystemPolicies for Distributed Systems and Networks, 2007. POLICY'07, pp. 280 - 280.
8. Lalana Kagal, Rei : A Policy Language for the Me-Centric Project, TechReport, HP Labs, September 2002.
9. Colin Camerer, Redirecting Research in Business Policy and Strategy, Strategic Management Journal, Vol.6, No. 1. (Jan. - Mar., 1985), pp. 1-15.
10. René Wies, Using a Classification of Management Policies for Policy Specification and Policy Transformation. In Proc. ISINM '95, Santa Barbara, California, May 1995.
11. André Rifaut, Christophe Feltus, Improving Operational Risk Management Systems by Formalizing the Basel II Regulation with Goal Models and the ISO/IEC 15504 Approach, REMO2V'2006, Luxembourg.
12. Davrondhon Gafurov, Kirsi Helkala, Nils Kalstad Svendsen, Security models for electronic medical record, Telektronikk 1.2005.
13. David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandramouli, Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001, Pages 224-274.
14. C. Bettini, S. Jajodia, X. S. Wang, and D. Wijesekera, Provisions and Obligations in Policy Management and Security Applications, 28th VLDB conference, China, 2002.
15. Robert Crook, Darrel Ince, Bashar Nuseibeh, Modelling access policies using roles in requirements engineering, Information and Software Technology 45 (2003) 979-991.
16. Charles B. Haley, Robin C. Laney, Jonathan D. Moffett, and Bashar Nuseibeh, Using Trust Assumptions with Security Requirements, Requirements Engineering Journal, vol. 11 no. 2 (April 2006) pp. 138-15.
17. Robert Crook, Darrel Ince, Bashar Nuseibeh, On Modelling access policies: Relating Roles to their Organisational Context, RE 2005, Paris.
18. Pete A. Epstein, Engineering of Role/Permission Assignement, PhD thesis.
19. Crook, R., Ince, D., and Nuseibeh, B., "Using i* to Model Access Policies: Relating Roles to their Organisational Context", Social Modelling for Requirements Engineering, Giorgini, P., Maiden, N., Mylopoulos, J., and Yu, E., eds., MIT Press, 2006.
20. P.J. Fontaine, Goal-Oriented Elaboration of Security Requirements. M.S. Thesis, Dept. Computing Science, University of Louvain, June 2001.
21. Yu, E. S. and Liu, L. 2001. Modelling Trust for System Design Using the i* Strategic Actors Framework. Workshop on Deception, Fraud, and Trust in Agent Societies Held During the Autonomous, Eds. Lecture 35 194.
22. L. Liu, E. Yu, J. Mylopoulos, Analyzing Security Requirements as Relationships Among Strategic Actors, SREIS'02, Raleigh, North Carolina, 2002.
23. Antón, Goal-Based Requirements Analysi,. Second ICRE'96, Colorado Springs, USA, 1996.
24. Robert Crook, Darrel Ince, Bashar Nuseibeh, Towards an Analytical Role Modelling Framework for Security Requirements, Security Requirements Group, Departement of Computing, The Open University, Walton Hall, Milton Keynes, MK7 6AA, UK.
25. Henry Mintzberg, Structure in Fives: Designing Effective Organisations, Englewood Cliffs, NJ: Prentice-Hall, 1983. pp. 312
26. Qingfeng He, Annies I. Antón, "A Framework for Privacy-Enhanced Access Control Analysis in Requirements Engineering", Proc. of the 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'03), pp. 137-146, Klagenfurt/Velden, Austria, June 16-17, 2003.
27. E. B. Fernandez and J. C. Hawkins, "Determining Role Rights from Use Cases", Proc. of the ACM Workshop on Role-Based Access Control, 1997.
28. Roeckle, H., Schimpf, G., and Weidinger, R. 2000. Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In Proceedings of the Fifth ACM Workshop on Role-Based Access Control (Berlin, Germany, July 26 - 28, 2000). Role-Based Access Control '00.
29. Chandramouli, R. 2001. A Framework for Multiple Authorization Types in a Healthcare Application System. 17th Annual Computer Security Applications Conference, 2001. ACSAC. IEEE Computer Society, Washington, DC, 137.
30. D. J. Thomsen, Richard C. O'Brien and C. Payne, Napoleon: Network Application Policy Environment, ACM Workshop on Role-Based Access Control, 1999, pp. 145-152.
31. N. Dulay, E. Lupu, M. Solman, N. Damianou, A Policy Deployment Model for the Ponder Language , An extended version of paper in Proc. IEEE/IFIP International Symposium on Integrated Network Management, (IM'2001), Seattle, May 2001, IEEE Press.
32. OASIS, "eXtensible Access Control Markup Language (XACML) Version 2.0" February 2005. www.oasis-open.org/committees/xacml/
33. L. Cholvy, F. Cuppens, and C. Saurel. Towards a logical formalization of responsibility. In Proc. of the Sixth International Conference on Artificial Intelligence and Law, pages 233-242, 1997.
34. Mintzberg H. Mintzberg on Management: Inside our strange world of organizations. The Free Press, New York, 1989.
35. Gray, B. Collaborating. Jossey-Baas, San Francisco, 1991.
36. J. Aubert, B. Gateau, C. Incoul, C. Feltus, SIM : An Innovative Business-Oriented Approach for a Distributed Access Management, International Conference on Information & Communication Technologies: from Theory to Applications (IEEE ICTTA2008), Damascus, Syria.
37. http://plato.stanford.edu/entries/logic-deontic
38. J.-J. Ch. Meyer, R.J. Wieringa, F.P.M. Dignum, The Role of Deontic Logic in the Specification of Information Systems, International Series In Engineering And Computer Science archive, Logics for databases and information systems book contents, Kluwer, pp. 71-115, 1998.
39. C. Feltus, Preliminary Literature Review of Policy Engineering Methods- Toward Responsibility Concept, ICTTA2008, Damascus, Syria.
40. International Standard for Corporate Governance of IT (IT Governance) - ISO/IEC 38500, 2008
41. I. Sommerville, T. Storer, and R. Lock. Responsibility modelling for contingency planning. In Workshop on Understanding Why Systems Fail, Contingency Planning and Longer Term Perspectives on Learning from Failure in Safety Critical Systems, June 2007.
42. [42] P.M Wright, K. White, D. Gaebler-Spira (2004). Exploring the relevance of the personal and social responsibility model in adapted physical activity: A collective case study. Journal of Teaching in Physical Education, 23(1), 71-87.
43. B. Gâteau, D. Khadraoui, C. Feltus, B. de Rémont, Multi-Agents based Architecture for IS Security Incident Reaction, 6th IEEE International Conference on Computer Science, 2008 IEEE International Conference on Research, Innovation & Vision for the Future (IEEE RIVF 2008), 14-16/7/2008, Ho Chi Minh City, Vietnam.