Modelling access policies using roles in requirements engineering

被引：35

作者：

Crook, R ^{[1
]}

Ince, D ^{[1
]}

Nuseibeh, B ^{[1
]}

机构：

[1] Open Univ, Dept Comp, Secur Requirements Grp, Milton Keynes MK7 6AA, Bucks, England

来源：

INFORMATION AND SOFTWARE TECHNOLOGY | 2003年 / 45卷 / 14期

关键词：

access policies; security requirements; roles;

D O I：

10.1016/S0950-5849(03)00097-1

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Pressures are increasing on organisations to take an early and more systematic approach to security. A key to enforcing security is to restrict access to valuable assets. We regard access policies as security requirements that specify such restrictions. Current requirements engineering methods are generally inadequate for eliciting and analysing these types of requirements, because they do not allow complex organisational structures and procedures that underlie policies to be represented adequately. This paper discusses roles and why they are important in the analysis of security. The paper relates roles to organisational theory and how they could be employed to define access policies. A framework is presented, based on these concepts, for analysing access policies. (C) 2003 Elsevier B.V. All rights reserved.

引用

页码：979 / 991

页数：13

共 32 条

[1]

[Anonymous], 2001, P 6 ACM S ACC CONTR, DOI DOI 10.1145/373256.373259

[2]

ANTON A, 1997, THESIS GEORGIA I TEC

[3]

ANTON AI, 2001, RECENT ADV SECURE PR

[4]

BACON J, 2001, LNCS, P107

[5]

BACON M, 2001, LNCS, P107

[6] Framework for role-based delegation models [J].

Barka, E ;

Sandhu, R .

16TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2000, :168-176

[7]

BELL D, 1973, 2547 MITRE, V2

[8]

Bertino E., 2000, Proceedings of the fifth ACM workshop on Role-based access control, RBAC '00, P21

[9]

*BRIT STAND I, 1999, BS7991 BRIT STAND I

[10]

Chung L., 1993, Advanced Information Systems Engineering 5th International Conference. CAiSE '93 Proceedings, P234

← 1 2 3 4 →