Goal-directed requirements acquisition
6IWSSD Selected Papers of the Sixth International Workshop on Software Specification and Design
Role-Based Access Control Models
Computer
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The use of goals to surface requirements for evolving systems
Proceedings of the 20th international conference on Software engineering
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
MAC and UML for secure software design
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
On Modelling Access Policies: Relating Roles to their Organisational Context
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
The DLV system for knowledge representation and reasoning
ACM Transactions on Computational Logic (TOCL)
Data Protection and Compliance in Context
Data Protection and Compliance in Context
Computer-aided Support for Secure Tropos
Automated Software Engineering
Model based development of access policies
International Journal on Software Tools for Technology Transfer (STTT)
Enabling verification and conformance testing for access control model
Proceedings of the 13th ACM symposium on Access control models and technologies
Analyzing and Managing Role-Based Access Control Policies
IEEE Transactions on Knowledge and Data Engineering
External sources of computation for answer set solvers
LPNMR'05 Proceedings of the 8th international conference on Logic Programming and Nonmonotonic Reasoning
Security and trust requirements engineering
Foundations of Security Analysis and Design III
Applying a security requirements engineering process
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
A conceptual meta-model for secured information systems
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Organizational Patterns for Security and Dependability: From Design to Application
International Journal of Secure Software Engineering
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
Secure federation of semantic information services
Decision Support Systems
Hi-index | 0.00 |
The last years have seen the definition of many languages, models and standards tailored to specify and enforce access control policies, but such frameworks do not provide methodological support during the policy specification process. In particular, they do not provide facilities for the analysis of the social context where the system operates. In this paper we propose a model-driven approach for the specification and analysis of access control policies. We build this framework on top of SI*, a modeling language tailored to capture and analyze functional and security requirements of socio-technical systems. The framework also provides formal mechanisms to assist policy writers and system administrators in the verification of access control policies and of the actual user-permission assignment.