A framework for defining and analysing access policies in requirements models

Crook, Robert P. (2007). A framework for defining and analysing access policies in requirements models. PhD thesis The Open University.

DOI: https://doi.org/10.21954/ou.ro.0000fa36


Enforcing access policies derived from management control principles is a way by which organisations protect their information assets. The minimum privileges principle is an example of a management control principle, which specifies that users should only have access to resources they require to carry out their duties. Requirements models use actors to specify their access policies. Actors normally represent roles that users adopt, however a role can have different meanings, such as a position in an organisation or the assignment of a task, and can therefore be misleading. Current requirements modelling approaches do not provide a systematic way of defining roles for incorporation into access policies, and therefore we can not ensure that they satisfy management control principles. In this thesis we address the need to provide precise role definitions by developing a framework that facilitates the derivation of roles from the organisational context. The framework consists of a metamodel, which enables the organisational context to be represented and related to actors; a set of heuristics for deriving the organisational context; and a set of language constructs for formulating access policies, and verifying them using scenarios.
We use the meta-model and language constructs that we developed to extend an existing requirements modelling language, the i* framework, and in particular a formal version of it, formal Tropos, to define and verify access policies definitions satisfying the minimum privileges principle. We also investigate the use of automated tool checking by translating the formal Tropos definitions into the specification language Alloy, which is supported by a tool that automatically checks assertions, to ensure consistency of the access policy definitions. We carry out a detailed case study taken from the literature to verify the extensions to the i* framework and the tool supported analysis.
The framework presented in this thesis makes a novel contribution to the modelling of access policies as requirements, enabling us to define access policies using actors derived from the organisational context, that satisfy the minimum privileges principle.

Viewing alternatives

Download history


Public Attention

Altmetrics from Altmetric

Number of Citations

Citations from Dimensions

Item Actions