Enforcing a security pattern in stakeholder goal models

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Enforcing a security pattern in stakeholder goal models

Full text

Pdf (534 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 4th ACM workshop on Quality of protection table of contents

Alexandria, Virginia, USA

SESSION: Security measurement table of contents

Pages 9-14

Year of Publication: 2008

ISBN:978-1-60558-321-1

Authors

Yijun Yu	The Open University, Milton Keynes, United Kngdm
Haruhiko Kaiya	Shinshu University, Nagano City, Japan
Hironori Washizaki	Waseda University, Tokyo, Japan
Yingfei Xiong	University of Tokyo, Tokyo, Japan
Zhenjiang Hu	NII, Tokyo, Japan
Nobukazu Yoshioka	NII, Tokyo, Japan

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 7, Downloads (12 Months): 124, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456362.1456366 What is a DOI?

ABSTRACT

Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Erich Gamma , Richard Helm , Ralph Johnson , John Vlissides, Design patterns: elements of reusable object-oriented software, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1995
	2	E. B. Fernandez and R. Pan. A pattern language for security models. In Proc. of Conference on Pattern Languages of Programs (PLoP), 2001.
	3	Ian Sommerville, Software Engineering (7th Edition), Pearson Addison Wesley, 2004
	4	Lin Liu , Eric Yu , John Mylopoulos, Security and Privacy Requirements Analysis within a Social Setting, Proceedings of the 11th IEEE International Conference on Requirements Engineering, p.151, September 08-12, 2003
	5	Charles Haley , Robin Laney , Jonathan Moffett , Bashar Nuseibeh, Security Requirements Engineering: A Framework for Representation and Analysis, IEEE Transactions on Software Engineering, v.34 n.1, p.133-153, January 2008 [doi>10.1109/TSE.2007.70754]
	6	Paolo Giorgini , Fabio Massacci , John Mylopoulos , Nicola Zannone, Modeling Security Requirements Through Ownership, Permission and Delegation, Proceedings of the 13th IEEE International Conference on Requirements Engineering, p.167-176, August 29-September 02, 2005 [doi>10.1109/RE.2005.43]
	7	Charles B. Haley , Robin C. Laney , Jonathan D. Moffett , Bashar Nuseibeh, The Effect of Trust Assumptions on the Elaboration of Security Requirements, Proceedings of the Requirements Engineering Conference, 12th IEEE International, p.102-111, September 06-10, 2004 [doi>10.1109/RE.2004.50]
	8	Axel van Lamsweerde, Elaborating Security Requirements by Construction of Intentional Anti-Models, Proceedings of the 26th International Conference on Software Engineering, p.148-157, May 23-28, 2004
	9	Guttorm Sindre , Andreas L. Opdahl, Eliciting security requirements with misuse cases, Requirements Engineering, v.10 n.1, p.34-44, January 2005 [doi>10.1007/s00766-004-0194-4]
	10	Luncheng Lin , Bashar Nuseibeh , Darrel Ince , Michael Jackson , Jonathan Moffett, Introducing Abuse Frames for Analysing Security Requirements, Proceedings of the 11th IEEE International Conference on Requirements Engineering, p.371, September 08-12, 2003
	11	F. Massacci, M. Prest, and N. Zannone. Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation. Computer Standards & Interfaces, 27(5):445--455, 2005.
	12	Y. Asnar, P. Giorgini, F. Massacci, A. Saidane, R. Bonato, V. Meduri, and C. Riccucci. Secure and Dependable Patterns in Organizations: An Empirical Approach. In Proc. of RE, pages 287--292, 2007.
	13	Eric Siu-Kwong Yu, Modelling strategic relationships for process reengineering, University of Toronto, Toronto, Ont., Canada, 1996
	14	Paolo Bresciani , Anna Perini , Paolo Giorgini , Fausto Giunchiglia , John Mylopoulos, Tropos: An Agent-Oriented Software Development Methodology, Autonomous Agents and Multi-Agent Systems, v.8 n.3, p.203-236, May 2004 [doi>10.1023/B:AGNT.0000018806.20944.ef]
	15	Bas Graaf , Sven Weber , Arie van Deursen, Model-driven migration of supervisory machine control architectures, Journal of Systems and Software, v.81 n.4, p.517-535, April, 2008 [doi>10.1016/j.jss.2007.06.007]
	16	Frank Budinsky , Stephen A. Brodsky , Ed Merks, Eclipse Modeling Framework, Pearson Education, 2003
	17	David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001 [doi>10.1145/501978.501980]
	18	Eric S. K. Yu , Lin Liu, Modelling Trust for System Design Using the i* Strategic Actors Framework, Proceedings of the workshop on Deception, Fraud, and Trust in Agent Societies held during the Autonomous Agents Conference: Trust in Cyber-societies, Integrating the Human and Artificial Perspectives, p.175-194, June 01, 2000
	19	L. Liu, E. Yu, and J. Mylopoulos. Security Design Based on Social Modeling. pages 71--78, 2006.
	20	Yijun Yu , Julio Cesar Sampaio do Prado Leite , John Mylopoulos, From Goals to Aspects: Discovering Aspects from Requirements Goal Models, Proceedings of the Requirements Engineering Conference, 12th IEEE International, p.38-47, September 06-10, 2004 [doi>10.1109/RE.2004.23]
	21	Jaap Gordijn , Eric Yu , Bas van der Raadt, e-Service Design Using i* and e3value Modeling, IEEE Software, v.23 n.3, p.26-33, May 2006 [doi>10.1109/MS.2006.71]
	22	Hugo Estrada et al. An empirical evaluation of the i* framework in a model-based software generation environment. In Proc. of CAiSE, pages 513--527, 2006.
	23	Volha Bryl, Fabio Massacci, John Mylopoulos, and Nicola Zannone. Designing security requirements models through planning. In Proc. of CAiSE, 2006.
	24	Haralambos Mouratidis, Jan Jurjens, and Jorge Fox. Towards a comprehensive framework for secure systems development. In Proc. of CAiSE, 2006.
	25	Markus Schumacher, Security Engineering with Patterns: Origins, Theoretical Models, and New Applications, Springer-Verlag New York, Inc., Secaucus, NJ, 2003
	26	Thongchai Rojkangsadan Kawin Supaporn, Nakornthip Prompoon. An Approach: Constructing the Grammar from Security Pattern. In Proc. of International Joint Conference on Computer Science and Software Engineering (JCSSE2007), 2007.
	27	Ivan Araujo and Michael Weiss. Linking Patterns and Non-Functional Requirements. In Proc. of PLoP, 2002.
	28	Xavier Franch Gemma Grau. A Goal-Oriented Approach for the Generation and Evaluation of Alternative Architectures. In Proc. of European Conference on Software Architecture (ECSA), 2007.
	29	Yingfei Xiong , Dongxi Liu , Zhenjiang Hu , Haiyan Zhao , Masato Takeichi , Hong Mei, Towards automatic model synchronization from model transformations, Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering, November 05-09, 2007, Atlanta, Georgia, USA [doi>10.1145/1321631.1321657]