The Open UniversitySkip to content

Modelling access policies using roles in requirements engineering

Crook, Robert; Ince, Darrel and Nuseibeh, Bashar (2003). Modelling access policies using roles in requirements engineering. Information and Software Technology, 45(14) pp. 979–991.

DOI (Digital Object Identifier) Link:
Google Scholar: Look up in Google Scholar


Pressures are increasing on organisations to take an early and more systematic approach to security. A key to enforcing security is to restrict access to valuable assets. We regard access policies as security requirements that specify such restrictions. Current requirements engineering methods are generally inadequate for
eliciting and analysing these types of requirements, because they do not allow complex organisational structures
and procedures that underlie policies to be represented adequately.
This paper discusses roles and why they are important in the analysis of security. The paper relates roles to
organisational theory and how they could be employed to define access policies. A framework is presented, based on these concepts, for analysing access policies.

Item Type: Article
Copyright Holders: 2003 Elsevier B.V.
ISSN: 0950-5849
Keywords: access policies; security requirements; roles
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Interdisciplinary Research Centre: Centre for Research in Computing (CRC)
Centre for Policing Research and Learning (CPRL)
International Development & Inclusive Innovation
Item ID: 3619
Depositing User: Michelle Bailey
Date Deposited: 30 Jun 2006
Last Modified: 09 Feb 2017 12:37
Share this page:


Scopus Citations

▼ Automated document suggestions from open access sources

Actions (login may be required)

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340