Formal access control analysis in the software development process

Authors:
Manuel Koch;Francesco Parisi-Presicce
Affiliations:
Freie Universität Berlin, Germany;George Mason University, VA
Venue:
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Year:
2003

Citing 14
Cited 3

Handbook of graph grammars and computing by graph transformation: volume I. foundations

Handbook of graph grammars and computing by graph transformation: volume I. foundations
Algebraic approaches to graph transformation. Part II: single pushout approach and comparison with double pushout approach

Handbook of graph grammars and computing by graph transformation
Towards a UML based approach to role engineering

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Requirements engineering: a roadmap

Proceedings of the Conference on The Future of Software Engineering
Software engineering for security: a roadmap

Proceedings of the Conference on The Future of Software Engineering
On the specification and evolution of access control policies

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A graph-based formalism for RBAC

ACM Transactions on Information and System Security (TISSEC)
The Category of Typed Graph Grammars and its Adjunctions with Categories

Selected papers from the 5th International Workshop on Graph Gramars and Their Application to Computer Science
Conflict Detection and Resolution in Access Control Policy Specifications

FoSSaCS '02 Proceedings of the 5th International Conference on Foundations of Software Science and Computation Structures
SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Raccoon - An Infrastructure For Managing Access Control in CORBA

Proceedings of the IFIP TC6 / WG6.1 Third International Working Conference on New Developments in Distributed Applications and Interoperable Systems
Manageable access control for CORBA

Journal of Computer Security - Special issue on ESORICS 2000
Protection

ACM SIGOPS Operating Systems Review

Information flow property preserving transformation of UML interaction diagrams

Proceedings of the eleventh ACM symposium on Access control models and technologies
Proactive identification and prevention of unexpected future rule conflicts in attribute based access control

ICCSA'10 Proceedings of the 2010 international conference on Computational Science and Its Applications - Volume Part IV
Verification of UML-Based security policy model

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security is a crucial aspect in any modern software system. To ensure security in the final product, security requirements must be considered in the entire software development process. We evaluate in this paper how security requirements can be integrated into the analysis phase of an object-oriented software development process. Our approach is model driven by providing models for security aspects related to the models for functional requirements. We investigate how the security models can be generated from the functional models. We give a graph-based formal semantics to the security models and present verification concepts which ensure the security requirements in the models.