A framework for information systems architecture
IBM Systems Journal
Software requirements & specifications: a lexicon of practice, principles and prejudices
Software requirements & specifications: a lexicon of practice, principles and prejudices
Optimistic security: a new access control paradigm
Proceedings of the 1999 workshop on New security paradigms
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Requirements Engineering: Processes and Techniques
Requirements Engineering: Processes and Techniques
Model Checking of Safety Properties
Formal Methods in System Design
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A Reference Model for Requirements and Specifications
ICRE '00 Proceedings of the 4th International Conference on Requirements Engineering (ICRE'00)
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
A Goal-based Approach to Policy Refinement
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Requirements Engineering
Automated Decomposition of Access Control Policies
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Communications of the ACM - Privacy and security in highly dynamic systems
Research Directions in Requirements Engineering
FOSE '07 2007 Future of Software Engineering
Specifying Software Requirements for Complex Systems: New Techniques and Their Application
IEEE Transactions on Software Engineering
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Information and Software Technology
Experiences with a Requirements Object Model
REFSQ '09 Proceedings of the 15th International Working Conference on Requirements Engineering: Foundation for Software Quality
Policy Evolution in Distributed Usage Control
Electronic Notes in Theoretical Computer Science (ENTCS)
Electronic Notes in Theoretical Computer Science (ENTCS)
State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition
NSS '09 Proceedings of the 2009 Third International Conference on Network and System Security
Distributed data usage control for web applications: a social network implementation
Proceedings of the first ACM conference on Data and application security and privacy
Model-based refinement of security policies in collaborative virtual organisations
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Commitment analysis to operationalize software requirements from privacy policies
Requirements Engineering - Special Issue on Digital privacy: theory, policies and technologies
Data-centric multi-layer usage control enforcement: a social network example
Proceedings of the 16th ACM symposium on Access control models and technologies
Ontology-based policy refinement using SWRL rules for management information definitions in OWL
DSOM'06 Proceedings of the 17th IFIP/IEEE international conference on Distributed Systems: operations and management
Representation-Independent data usage control
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
A policy language for distributed usage control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Towards a policy enforcement infrastructure for distributed usage control
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Data usage control enforcement in distributed systems
Proceedings of the third ACM conference on Data and application security and privacy
Model-Based usage control policy derivation
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
| Hi-index | 0.00 |
Usage control is concerned with how data is used after access to it has been granted. As such, it is particularly relevant to end users who own the data. System implementations of access and usage control enforcement mechanisms, however, do not always adequately reflect end user requirements. This is due to several reasons, one of which is the problem of mapping concepts in the end user's domain to technical events and artifacts. For instance, semantics of basic operators such as "copy" or "delete", which are fundamental for specifying privacy policies, tend to vary according to context. For this reason they can be mapped to different sets of system events. The behaviour users expect from the system, therefore, may differ from the actual behaviour. In this paper we present a translation of specification-level usage control policies into implementation-level policies which takes into account the precise semantics of domain-specific abstractions. A tool for automating the translation has also been implemented.