A methodology for integrating access control policies within database development

Computers and Security

Volumn 31, Issue 3, 2012, Pages 299-314

  Abramov, Jenny ^a   Anson, Omer ^a   Dahan, Michal ^a   Shoval, Peretz ^a   Sturm, Arnon ^a  

^a BEN GURION UNIVERSITY OF THE NEGEV   (Israel)

Author keywords

Access control; ADOM; Authorization; Database design; Domain analysis; FOOM; Security; Security patterns; UML

Indexed keywords

ADOM; AUTHORIZATION; DATABASE DESIGN; DOMAIN ANALYSIS; FOOM; SECURITY; SECURITY PATTERNS; UML;

ACCESS CONTROL; AUTOMATIC PROGRAMMING; DESIGN; SECURITY SYSTEMS;

DATABASE SYSTEMS;

EID: 84859434803     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2012.01.004     Document Type: Article

References (37)

1. J. Abramov, O. Anson, A. Sturm, and P. Shoval Tool support for enforcing security policies on databases CAiSE Forum 2011 41 48 CEUR-WS
2. K. Alghathbar, and D. Wijesekera authUML: a three-phased framework to analyze access control specifications in use cases workshop on formal methods in security engineering 2003 ACM 77 86
3. K. Alghathbar Enhancement of use case diagram to capture authorization requirements Fourth international conference on software engineering advances 2009 IEEE Computer Society 394 400
4. K. Alghathbar Validating the enforcement of access control policies and separation of duty principle in requirement engineering Information & Software Technology 49 2007 142 157 (Pubitemid 44765201)
5. D. Basin, M. Clavel, J. Doser, and M. Egea Automated analysis of security-design models Information & Software Technology 51 2009 815 831
6. D. Basin, J. Doser, and T. Lodderstedt Model driven security: from UML models to access control infrastructures ACM Transaction on Software Engineering and Methodologies 15 1 2006 39 91 (Pubitemid 43947939)
7. M. Blaha, W. Premerlani, and H. Shen Converting OO models into RDBMS schema IEEE Software 11 1994 28 39
8. J. Czuprynski Oracle label security The Database Journal 2003
9. G.S. Dhillon Information security management: global challenges in the new millennium 2001 IGI Publishing
10. E.B. Fernandez, and J.C. Hawkins Determining role rights from use cases Workshop on role-based access control 1997 121 125
11. E.B. Fernandez, M.M. Larrondo-Petrie, T. Sorgente, and M. VanHilst A methodology to develop secure systems using patterns H. Mouratidis, P. Giorgini, Integrating security and software engineering: advances and future vision 2006 IDEA Press
12. E. Fernández-Medina, and M. Piattini Designing secure databases Information & Software Technology 47 7 2005 463 477 (Pubitemid 40466991)
13. E. Gamma, R. Helm, R. Johnson, and J. Vlissides Design patterns: elements of reusable object-oriented software Addison-Wesley Professional 1995
14. H. Gomaa, and M.E. Shin Separating application and security concerns in use case models 15th workshop on Earlt aspects 2009 ACM 1 6
15. M. Hafner, and R. Breu Security engineering for service oriented architectures 2009 Springer
16. F. Heidenreich, C. Wende, and B. Demuth A framework for generating query language code from OCL invariants Electronic Communications of the EASST 9 2008
17. F. Jouault, F. Allilaire, J. Bézivin, and I.A.T.L. Kurtev A model transformation tool Science of Computer Programming 72 1-2 2008 31 39
18. J. Jürjens Secure systems development with UML 2005 SpringerVerlag
19. D.M. Kienzle, M.C. Elder, D. Tyree, and J. Edwards-Hewitt Security patterns repository version 1.0 Technical report 2002 http://www.scrypt.net/ ∼celer/securitypatterns last accessed: December 2010
20. M. Koch, and F. Parisi-Presicce UML specification of access control policies and their formal verification Software and System Modeling 5 2006 429 447 (Pubitemid 44824555)
21. T. Lodderstedt, D.A. Basin, and J. Doser SecureUML: a UML-based modeling language for model-driven security 5th international conference on the unified modeling language 2002 Springer-Verlag 426 441
22. H. Mouratidis, and P. Giorgini Secure Tropos: a security-oriented extension of the Tropos methodology International Journal of Software Engineering and Knowledge Engineering 17 2007 285 309 (Pubitemid 46782074)
23. H. Mouratidis, and J. Jürjens From goal-driven security requirements engineering to secure design International Journal on Intelligent Systems 25 8 2010 813 840
24. OMG. Object constraint language, version 2.2, http://www.omg.org/spec/ OCL/2.2/; [last accessed: December 2010].
25. Oracle: Oracle@database - security guide, http://download.oracle.com/ docs/cd/B28359-01/network.111/b28531.pdf; [last accessed: December 2011].
26. J.A. Pavlich-Mariscal, S.A. Demurjian, and L.D. Michel A framework of composable access control features: preserving separation of access control concerns from models to code Computers & Security 29 2010 350 379
27. G. Popp, J. Jürjens, G. Wimmel, and R. Breu Security-critical system development with extended use cases 10th Asia-Pacific software engineering conference 2003 IEEE Computer Society 478 487
28. I. Ray, R.B. France, N. Li, and G. Georg An aspect-based approach to modeling access control concerns Information & Software Technology 46 2004 575 587
29. I. Reinhartz-Berger, and A. Sturm Utilizing domain models for application design and validation Information & Software Technology 51 2009 1275 1289
30. M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Buschmann, and P. Sommerlad Security patterns: integrating security and systems engineering 2006 John Wiley & Sons
31. M. Schumacher Security engineering with patterns: origins, theoretical models, and new applications 2003 Springer-Verlag
32. B. Selic The pragmatics of model-driven development. Software IEEE software 20 5 2003 19 25
33. P. Shoval ADISSA: architectural design of information systems based on structured analysis Information Systems 13 1988 193 210 (Pubitemid 18650393)
34. P. Shoval Functional and object-oriented analysis & design - an integrated methodology 2007 IGI - Idea Group
35. G. Sindre, and A.L. Opdahl Eliciting security requirements with misuse cases Requirements Engieering 10 1 2005 34 44
36. StringTemplate, http://www.stringtemplate.org/; [last accessed: December 2010].
37. TOPCASED, www.topcased.org; [last accessed: December 2010].