Supporting agile development of authorization rules for SME applications

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering

Volumn 10 LNICST, Issue , 2009, Pages 461-471

  Bartsch, Steffen ^a   Sohr, Karsten ^a   Bormann, Carsten ^a  

^a UNIVERSITY OF BREMEN   (Germany)

Author keywords

Agile security engineering; Authorization policy; DSL; End user development; SME applications

Indexed keywords

AGILE DEVELOPMENT; AGILE METHODOLOGIES; AGILE SECURITY; AUTHORIZATION POLICY; AUTHORIZATION RULES; DOMAIN EXPERTS; END-USER DEVELOPMENT; END-USER INVOLVEMENTS; PLUG-INS; RUBY ON RAILS; SECURITY ENGINEERING; SME APPLICATIONS; WEB APPLICATION; WORKFLOW APPLICATIONS;

USER INTERFACES;

SECURITY SYSTEMS;

EID: 79551558962     PISSN: 18678211     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-03354-4_35     Document Type: Conference Paper

References (20)

1. ISO/IEC 27001:2005. Information technology - Security techniques - Information security management systems - Requirements. ISO, Geneva, Switzerland
2. ANSI INCITS 359-2004. Role-Based Access Control. American Nat'l Standard for Information Technology (2004)
3. Aydal, E.G., Paige, R.F., Chivers, H., Brooke, P.J.: Security planning and refactoring in extreme programming. In: Abrahamsson, P., Marchesi, M., Succi, G. (eds.) XP 2006. LNCS, vol. 4044, pp. 154-163. Springer, Heidelberg (2006) (Pubitemid 44098513)
4. Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65-104 (1999)
5. Chivers, H., Paige, R.F., Ge, X.: Agile security using an incremental security architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds.) XP 2005. LNCS, vol. 3556, pp. 57-65. Springer, Heidelberg (2005) (Pubitemid 41424950)
6. Church, L.: End user security: The democratisation of security usability. In: Security and Human Behaviour (2008)
7. Cockburn, A.: Agile Software Development. Addison-Wesley Professional, Reading (2001)
8. Dai, J., Alves-Foss, J.: Logic based authorization policy engineering. In: The 6th World Multiconference on Systemics, Cybernetics and Informatics (2002)
9. Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST-NCSC National Computer Security Conference, pp. 554-563 (1992)
10. Ge, X., Paige, R.F., Polack, F., Brooke, P.J.: Extreme programming security practices. In: Concas, G., Damiani, E., Scotto, M., Succi, G. (eds.) XP 2007. LNCS, vol. 4536, pp. 226-230. Springer, Heidelberg (2007)
11. Kongsli, V.: Towards agile security in web applications. In: OOPSLA 2006: Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications, pp. 805-808. ACM, New York (2006) (Pubitemid 46729405)
12. Lieberman, H.: End user development. Springer, Heidelberg (2006)
13. McDermott, J., Fox, C.: Using abuse case models for security requirements analysis. In: ACSAC 1999: Proceedings of the 15th Annual Computer Security Applications Conference, Washington, DC, USA, p. 55. IEEE Computer Society, Los Alamitos (1999)
14. Oh, S., Park, S.: Task-role-based access control model. Inf. Syst. 28(6), 533-562 (2003)
15. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38-47 (1996)
16. Sun, Y., Meng, X., Liu, S., Pan, P.: Flexible workflow incorporated with RBAC. In: Shen, W.-m., Chao, K.-M., Lin, Z., Barthès, J.-P.A., James, A. (eds.) CSCWD 2005. LNCS, vol. 3865, pp. 525-534. Springer, Heidelberg (2006) (Pubitemid 43971638)
17. Tappenden, A., Beatty, P., Miller, J.: Agile security testing of web-based systems via httpunit. In: AGILE, pp. 29-38. IEEE Computer Society Press, Los Alamitos (2005) (Pubitemid 46379839)
18. Thomas, R.K., Sandhu, R.S.: Thomas and Ravi S. Sandhu. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented autorization management. In: Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI, London, UK, pp. 166-181. Chapman & Hall, Ltd., Boca Raton (1998)
19. Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC - a workflow security model incorporating controlled overriding of constraints. Int. J. Cooperative Inf. Syst. 12(4), 455-485 (2003) (Pubitemid 38000660)
20. Zurko, M.E., Simon, R.T.: User-centered security. In: NSPW 1996: Proceedings of the 1996 workshop on New security paradigms, pp. 27-33. ACM, New York (1996)