ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Communications of the ACM
Securing your business process
Computers and Security
Security architectures using formal methods
IEEE Journal on Selected Areas in Communications
Designing high integrity systems using aspects
Integrity and internal control in information systems V
Hi-index | 0.24 |
Security in networked information systems is a very complex task that ranges from the level of crypto-primitives over crypto-protocols to the level of organizational matters and legislation. All this is comprised in a so-called security policy, which is often treated as an after-thought. One of the main reasons is the lack of appropriate techniques for conceptual modeling of security policy at early stages of system design. The approach in this paper is based on flow controls as one of the key ingredients for defining a security policy. Consequent security services and security architectures are derived by means of the proposed technique, which also bridges the gap to formal techniques. The result is a formalized output that serves as a basis for further refinement in subsequent stages of the modeling process.