Research Directions in Requirements Engineering
FOSE '07 2007 Future of Software Engineering
Secure mobile agent environments: modelling role assignments
International Journal of Electronic Security and Digital Forensics
A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Conceptual Modeling: Foundations and Applications
A Personal Data Audit Method through Requirements Engineering
Computer Standards & Interfaces
A conceptual meta-model for secured information systems
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Engineering access control policies for provenance-aware systems
Proceedings of the third ACM conference on Data and application security and privacy
| Hi-index | 0.01 |
The restriction of access is a mechanism by which organisations protect their information assets. Requirements models use actor definitions to describe users and to specify their access policies. Actors normally represent roles that users adopt, while roles can represent different things, such as a position in an organisation or the assignment of a task. Current requirements modelling approaches do not provide a systematic way of defining roles for incorporation into access policies. We address this issue by proposing a framework that facilitates the derivation of role definitions from their wider organisational context. We illustrate how our framework can be used to extend a formal version of i - to define and verify access policies definitions - and demonstrate its applicability via a case study.