Requirements-Based Access Control Analysis and Policy Specification

Keywords ReCAPS thesis requirements requirements-based IEEE software engineering requirements engineering
Standards groups

Access control model. Access control models formally represent an access control system. They provide ways to reason about the policies they support and prove the security properties of the access control system. Access control models provide a level of abstraction between policies and mechanisms, enabling the design of implementation mechanisms to enforce multiple policies
in various computing environments.

Access control policy. Access control policies are security requirements that describe how access is managed, what information can be accessed by whom, and under what conditions that information can be accessed. These policies are enforced via a mechanism that mediates access requests and makes grant/deny decisions. In this dissertation, access control policies are comprised of access control rules that are specified in a structured format.

Access control rule. A typical access control rule in this dissertation is expressed as a 5tuple , such that a subject can perform some action on an object. Additionally, each access control rule has a mode (e.g., allow/deny/refrain/oblige)

Date published
Document type
educational report
Defines standard
Replaced/Superseded by document(s)
Cancelled by
Amended by
File MIME type Size (KB) Language Download
Thesis Requirements-Based Access Control Analysis and Specification etd.pdf application/pdf   3.37 MB English DOWNLOAD!
File attachments
Cover images

Access control is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) define how access is managed and the high-level rules of who can access what information under certain conditions.

Traditionally, access control policies have been specified in an ad-hoc manner, leaving systems vulnerable to security breaches. ACP specification is often isolated from requirements analysis, resulting in policies that are not in compliance with system requirements.

Quingfeng He
Visit also