A Model-Driven Approach for the Specification and Analysis of Access Control Policies

被引:0
|
作者
Massacci, Fabio [1 ]
Zannone, Nicola [2 ]
机构
[1] Univ Trento, Dept Informat & Commun Technol, Trento, Italy
[2] Univ Toronto, Dept Comp Sci, Toronto, ON, Canada
来源
ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS: OTM 2008, PT II, PROCEEDINGS | 2008年 / 5332卷
基金
加拿大自然科学与工程研究理事会;
关键词
Security Requirements Engineering; Access Control; Policy Specification;
D O I
暂无
中图分类号
TP39 [计算机的应用];
学科分类号
081203 ; 0835 ;
摘要
The last years have seen the definition of many languages, models and standards tailored to specify and enforce access Control policies, but such frameworks do not provide methodological support during the policy specification process. In particular, they do not provide facilities for the analysis of the social context where the system operates. In this paper we propose a model-driven approach for the specification and analysis of access control policies. We build this framework Oil top of SI*. a modeling language tailored to capture and analyze functional and Security requirements of socio-technical systems. The framework also provides formal mechanisms to assist policy writers and system administrators in the verification of access control policies and of the actual user-permission assignment.
引用
收藏
页码:1087 / +
页数:3
相关论文
共 50 条
  • [1] A model-driven approach for the visual specification of Role-Based Access Control policies in web systems
    Diaz, Paloma
    Aedo, Ignacio
    Sanz, Daniel
    Malizia, Alessio
    2008 IEEE SYMPOSIUM ON VISUAL LANGUAGES AND HUMAN-CENTRIC COMPUTING, PROCEEDINGS, 2008, : 203 - 210
  • [2] A Model-driven Approach to Service Policies
    Jegadeesan, Harshavardhan
    Balasubramaniam, Sundar
    JOURNAL OF OBJECT TECHNOLOGY, 2009, 8 (02): : 163 - 186
  • [3] A Model-Driven Engineering approach for the observation needs specification
    Zendagui, Boubekeur
    ICALT: 2009 IEEE INTERNATIONAL CONFERENCE ON ADVANCED LEARNING TECHNOLOGIES, 2009, : 67 - 69
  • [4] Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems
    Martinez, Salvador
    Garcia-Alfaro, Joaquin
    Cuppens, Frederic
    Cuppens-Boulahia, Nora
    Cabot, Jordi
    ICT SYSTEMS SECURITY AND PRIVACY PROTECTION, 2015, 455 : 218 - 233
  • [5] Requirements specification using templates: a model-driven approach
    Darif, Ikram
    El Boussaidi, Ghizlane
    Kpodjedo, Segla
    SOFTWARE AND SYSTEMS MODELING, 2025,
  • [6] A Model-Driven Service Specification Approach from BPMN Models
    Blal, Redouane
    Leshob, Abderrahmane
    2017 IEEE 14TH INTERNATIONAL CONFERENCE ON E-BUSINESS ENGINEERING (ICEBE 2017), 2017, : 126 - 133
  • [7] From model-driven specification to design-level set-based analysis of XACML policies
    Mourad, Azzam
    Tout, Hanine
    Talhi, Chamseddine
    Otrok, Hadi
    Yahyaoui, Hamdi
    COMPUTERS & ELECTRICAL ENGINEERING, 2016, 52 : 65 - 79
  • [8] Model-driven specification of software services
    Shishkov, Boris
    van Sinderen, Marten
    Tekinerdogan, Bedir
    ICEBE 2007: IEEE INTERNATIONAL CONFERENCE ON E-BUSINESS ENGINEERING, PROCEEDINGS, 2007, : 13 - +
  • [9] A user-access model-driven approach to proxy cache performance analysis
    Watson, EF
    Shi, Y
    Chen, YS
    DECISION SUPPORT SYSTEMS, 1999, 25 (04) : 309 - 338
  • [10] Model-Driven Extraction and Analysis of Network Security Policies
    Martinez, Salvador
    Garcia-Alfaro, Joaquin
    Cuppens, Frederic
    Cuppens-Boulahia, Nora
    Cabot, Jordi
    MODEL-DRIVEN ENGINEERING LANGUAGES AND SYSTEMS, 2013, 8107 : 52 - 68
12345