Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
A formally verified mechanism for countering SPIT
CRITIS'10 Proceedings of the 5th international conference on Critical Information Infrastructures Security
Modelling context-aware RBAC models for mobile business processes
International Journal of Wireless and Mobile Computing
Hi-index | 0.01 |
Policy rules define what behavior is desired in a software-based system, they do not describe the corresponding action and event sequences that actually "produce" desired ("legal") or undesired ("illegal") behavior. Therefore, policy rules alone are not sufficient to model every (behavioral) aspect of an information system. In other words, like requirements policies only exist in context, and a policy rule set can only be assessed and sensibly interpreted with adequate knowledge of its embedding context. Scenarios and goals are artifacts used in requirements engineering and system design to model different facets of software systems. With respect to policy rules, scenarios are well suited to define how these rules are embedded into a specific environment. A goal is an objective that the system under consideration should or must achieve. Thus, the control objectives of a system must be reflected in the policy rules that actually govern a systemýs behavior.