The Open UniversitySkip to content
 

Modelling access policies using roles in requirements engineering

Crook, Robert; Ince, Darrel and Nuseibeh, Bashar (2003). Modelling access policies using roles in requirements engineering. Information and Software Technology, 45(14) pp. 979–991.

DOI (Digital Object Identifier) Link: http://dx.doi.org/10.1016/S0950-5849(03)00097-1
Google Scholar: Look up in Google Scholar

Abstract

Pressures are increasing on organisations to take an early and more systematic approach to security. A key to enforcing security is to restrict access to valuable assets. We regard access policies as security requirements that specify such restrictions. Current requirements engineering methods are generally inadequate for
eliciting and analysing these types of requirements, because they do not allow complex organisational structures
and procedures that underlie policies to be represented adequately.
This paper discusses roles and why they are important in the analysis of security. The paper relates roles to
organisational theory and how they could be employed to define access policies. A framework is presented, based on these concepts, for analysing access policies.

Item Type: Journal Article
Copyright Holders: 2003 Elsevier B.V.
ISSN: 0950-5849
Keywords: access policies; security requirements; roles
Academic Unit/Department: Mathematics, Computing and Technology > Computing & Communications
Interdisciplinary Research Centre: Centre for Research in Computing (CRC)
Item ID: 3619
Depositing User: Michelle Bailey
Date Deposited: 30 Jun 2006
Last Modified: 04 May 2011 12:29
URI: http://oro.open.ac.uk/id/eprint/3619
Share this page:

Actions (login may be required)

View Item
Report issue / request change

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340   general-enquiries@open.ac.uk