Modelling access policies using roles in requirements engineering

Crook, Robert; Ince, Darrel C.; Nuseibeh, Bashar

doi:10.1016/s0950-5849(03)00097-1

Cited by 44 publications

(28 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It would be useful to have some traceability between constraints and the threat(s) they counter; we are looking at the representation Rashid et al propose in [24] and at an adaptation of the multi-dimensional concerns matrix proposed by Ossher and Tarr in their work describing ondemand application remodularization [22]. Better integration with some of our colleagues' research, such as the organizational access control work of Crook [4] and the abuse analysis work of Lin [17], is desired. As noted in the related work section, the expressive powers of this approach and o [15]) need to be better understood.…”

Section: Discussionmentioning

confidence: 99%

Deriving security requirements from crosscutting threat descriptions

Haley

Laney

Nuseibeh

2004

Proceedings of the 3rd International Conference on Aspect-Oriented Software Development

Self Cite

View full text Add to dashboard Cite

It is generally accepted that early determination of the stakeholder requirements assists in the development of systems that better meet the needs of those stakeholders. General security requirements frustrate this goal because it is difficult to determine how they affect the functional requirements of the system. This paper illustrates how representing threats as crosscutting concerns aids in determining the effect of security requirements on the functional requirements. Assets (objects that have value in a system) are first enumerated, and then threats on these assets are listed. The points where assets and functional requirements join are examined to expose vulnerabilities to the threats. Security requirements, represented as constraints, are added to the functional requirements to reduce the scope of the vulnerabilities. These requirements are used during the analysis and specification process, thereby incorporating security concerns into the functional requirements of the system.

show abstract

Section: Discussionmentioning

confidence: 99%

Deriving security requirements from crosscutting threat descriptions

Haley

Laney

Nuseibeh

2004

Proceedings of the 3rd International Conference on Aspect-Oriented Software Development

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, information systems engineering and security engineering research communities traditionally work independently. On the one hand, information systems engineering techniques and methodologies do not consider security as an important issue, although they have integrated concepts such as reliability and performance and they usually fail to provide precise enough semantics to support the analysis and design of security requirements and properties (Crook et al, 2003;Mouratidis, 2004). On the other hand, security engineering research has mainly produced formal and theoretical methods, which are difficult to understand by non-security experts and which, apart from security, they only consider limited aspects of the system.…”

Section: Independent Solutionsmentioning

confidence: 99%

“…In addition, Van Lamsweerde (2004) defines also the notion of antimodels, models that capture attackers, their goals and capabilities. Similarly, Crook et al (2003) introduce the notion of antirequirements to represent the requirements of malicious attackers. Antirequirements are expressed in terms of the problem domain phenomena and are satisfied when the security threats imposed by the attacker are realised in any one instance of the problem.…”

Section: Problems In Current State-of-the-artmentioning

confidence: 99%

“…In particular, Devanbu and Stubblebine (2000) state on their roadmap on information systems engineering for security "security concepts must inform every phase of software development, from requirements engineering to design, implementation, testing, and deployment". Similarly Crook et al (2003) state "our vision is that we will be able to model these [security] concepts and integrate them into the requirements engineering process". In line with these statements, Mouratidis et al (2005) argued that security should be considered from the early stages of the development process and security requirements should be defined alongside with the system's requirements specification.…”

Section: Problematic Scenariosmentioning

confidence: 99%

See 1 more Smart Citation

Secure information systems engineering: a manifesto

Mouratidis

2007

IJESDF

View full text Add to dashboard Cite

Abstract:In this paper, we lay down the agenda for a discipline that is meant to promote research on increasing the development of secure information systems. In particular, we introduce areas related to the development of secure information systems; we identify limitations of existing approaches and the barriers that currently limit research and we discuss the characteristics for an engineering discipline for the development of secure information systems, its principles and the challenges that must be addressed.

show abstract

“…Without the context of accomplishing one or more tasks in different privilege levels, information access makes no sense. The rational of using a combined multilevel and multilateral model is further supported by the fact that a job responsibility is determined by the level of authority and the division of work [14]. The former prevents information flow downwards and the latter prevents information flow across, being concerned about workgroup membership and job speciality under our further refinement.…”

Section: Overview Of a Layered Security Modelmentioning

confidence: 99%

Secure Interaction Models for the HealthAgents System

Xiao

Lewis

Dasmahapatra

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Distributed decision support systems designed for healthcare use can benefit from services and information available across a decentralised environment. The sophisticated nature of collaboration among involved partners who contribute services or sensitive data in this paradigm, however, demands careful attention from the beginning of designing such systems. Apart from the traditional need of secure data transmission across clinical centres, a more important issue arises from the need of consensus for access to system-wide resources by separately managed user groups from each centre. A primary concern is the determination of interactive tasks that should be made available to authorised users, and further the clinical resources that can be populated into interactions in compliance with user clinical roles and policies. To this end, explicit interaction modelling is put forward along with the contextual constraints within interactions that together enforce secure access, the interaction participation being governed by system-wide policies and local resource access being governed by node-wide policies. Clinical security requirements are comprehensively analysed, prior to the design and building of our security model. The application of the approach results in a Multi-Agent System driven by secure interaction models. This is illustrated using a prototype of the HealthAgents system.

show abstract

Modelling access policies using roles in requirements engineering

Cited by 44 publications

References 21 publications

Deriving security requirements from crosscutting threat descriptions

Deriving security requirements from crosscutting threat descriptions

Secure information systems engineering: a manifesto

Secure Interaction Models for the HealthAgents System

Contact Info

Product

Resources

About