Object-oriented software engineering
Object-oriented software engineering
Guiding the construction of textual use case specifications
Data & Knowledge Engineering - Special jubilee issue: DKE 25
Light parsing as finite state filtering
Extended finite state models of language
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Writing Effective Use Cases
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Natural-Language Processing Support for Developing Policy-Governed Software Systems
TOOLS '01 Proceedings of the 39th International Conference and Exhibition on Technology of Object-Oriented Languages and Systems (TOOLS39)
Anaphora for everyone: pronominal anaphora resoluation without a parser
COLING '96 Proceedings of the 16th conference on Computational linguistics - Volume 1
Object-Oriented Software Engineering: A Use Case Driven Approach
Object-Oriented Software Engineering: A Use Case Driven Approach
The Talent system: TEXTRACT architecture and data model
Natural Language Engineering
Usable security and privacy: a case study of developing privacy management tools
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Evaluating interfaces for privacy policy rule authoring
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Identifying Nocuous Ambiguities in Natural Language Requirements
RE '06 Proceedings of the 14th IEEE International Requirements Engineering Conference
How natural is natural language?: how well do computer science students write use cases?
Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
Xengine: a fast and scalable XACML policy evaluation engine
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Assessing Quality of Policy Properties in Verification of Access Control Policies
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Information and Software Technology
Unsupervised named-entity extraction from the Web: An experimental study
Artificial Intelligence
Inferring Resource Specifications from Natural Language API Documentation
ASE '09 Proceedings of the 2009 IEEE/ACM International Conference on Automated Software Engineering
Text2Test: Automated Inspection of Natural Language Use Cases
ICST '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation
Extending Nocuous Ambiguity Analysis for Anaphora in Natural Language Requirements
RE '10 Proceedings of the 2010 18th IEEE International Requirements Engineering Conference
ACPT: A Tool for Modeling and Verifying Access Control Policies
POLICY '10 Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks
Precise identification of problems for structural test generation
Proceedings of the 33rd International Conference on Software Engineering
Designing natural language and structured entry methods for privacy policy authoring
INTERACT'05 Proceedings of the 2005 IFIP TC13 international conference on Human-Computer Interaction
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Inferring method specifications from natural language API descriptions
Proceedings of the 34th International Conference on Software Engineering
SmartSynth: synthesizing smartphone automation scripts from natural language
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
Implementing database access control policy from unconstrained natural language text
Proceedings of the 2013 International Conference on Software Engineering
Detecting API documentation errors
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
WHYPER: towards automating risk assessment of mobile applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
Access Control Policies (ACP) specify which principals such as users have access to which resources. Ensuring the correctness and consistency of ACPs is crucial to prevent security vulnerabilities. However, in practice, ACPs are commonly written in Natural Language (NL) and buried in large documents such as requirements documents, not amenable for automated techniques to check for correctness and consistency. It is tedious to manually extract ACPs from these NL documents and validate NL functional requirements such as use cases against ACPs for detecting inconsistencies. To address these issues, we propose an approach, called Text2Policy, to automatically extract ACPs from NL software documents and resource-access information from NL scenario-based functional requirements. We conducted three evaluations on the collected ACP sentences from publicly available sources along with use cases from both open source and proprietary projects. The results show that Text2Policy effectively identifies ACP sentences with the precision of 88.7% and the recall of 89.4%, extracts ACP rules with the accuracy of 86.3%, and extracts action steps with the accuracy of 81.9%.