King Saud University Repository >
King Saud University >
Science Colleges >
College of Computer and Information Sciences >
College of Computer and Information Sciences >

Please use this identifier to cite or link to this item: http://hdl.handle.net/123456789/15426

Title: Validating the Enforcement of Access Control Policies and Separation of Duty Principle in Requirement Engineering
Authors: Khaled Alghathbar
Keywords: Access control policies; Security engineering; Use cases; Semi-formal methods; Separation of duty
Issue Date: 2007
Publisher: Journal of Information and Software Technology,
Abstract: Validating the compliance of software requirements with the access control policies during the early development life cycle improves the security of the software. It prevents authorizing unauthorized subject during the specification of requirements and analysis before proceeding to other phases where the cost of fixing defects is augmented. This paper provides a logical-based framework that analyzes the authorization requirements specified in the Unified Modeling Language (UML). It ensures that the access requirements are consistent, complete and conflict-free. The framework proposed in this paper is an extension to AuthUML framework. We refine AuthUML and extend it by expanding its analysis to validate the enforcement of the Separation of Duty (SoD) during the requirement engineering. We enhance and extend AuthUML with the necessary phase, predicates and rules. The paper shows the various types of SoD and how each type can be validated. The extension shows the flexibility and scalability of AuthUML to validate new policies. Also, the extension makes AuthUML spans to different phases of the software development process that widen the application of AuthUML.
URI: http://hdl.handle.net/123456789/15426
Appears in Collections:College of Computer and Information Sciences

Files in This Item:

File Description SizeFormat
Alghathbar_paper_24.docx12.43 kBMicrosoft Word XMLView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.


DSpace Software Copyright © 2002-2009 MIT and Hewlett-Packard - Feedback