Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
An Efficient Privacy-Preserving E-coupon System Kapitel lesen Erstes Kapitel lesen

2015 | OriginalPaper | Buchkapitel

A Model-Driven Security Requirements Approach to Deduce Security Policies Based on OrBAC

verfasst von : Denisse Muñante Arzapalo, Vanea Chiprianov, Laurent Gallon, Philippe Aniorté

Erschienen in: Information Security and Cryptology

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Attacks on unsecured systems result in important loses. Many of the causes are related to non-conformance of system architecture and implementation to the requirements. To reduce these conformity problems, Model Driven Engineering proposes using modelling languages for defining requirements and architecture and model transformations between them. We therefore introduce a modelling language extension/ profile for defining system requirements with basic security requirement concepts. We also formalize the model transformation between this profile and a security formal verification method. We exemplify our approach on a medical case study.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Three-Round Public-Coin Bounded-Auxiliary-Input Zero-Knowledge Arguments of Knowledge
Nächstes Kapitel Optimal Proximity Proofs
Literatur
1.
Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, New York (2001)
2.
Kleppe, A., Warmer, J., Bast, W.: MDA Explained-the Model Driven Architecture: Practice and Promise. Addison-Wesley, Boston (2003)
3.
Miége, A.: Definition of a formal framework for specifying security policies. The Or-BAC model and extensions, Ph.D. Thesis (2005)
4.
Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002) CrossRef
5.
Cuppens, F., Miège, A.: Modelling contexts in the Or-BAC model. In: 19th Annual Computer Security Applications Conference, December 2003
6.
Cuppens, F., Cuppens-Boulahia, N., Miège, A.: Inheritance hierarchies in the Or-BAC model and application in a network environment. In: Second Foundations of Computer Security Workshop (FCS 2004) (2004)
7.
Ben Ghorbel, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Managing delegation in access control models. In: 15th International Conference on Advanced Computing and Communication (ADCOM 2007), Inde (2007)
8.
Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data Knowl. Eng. 71(1), 127–147 (2012)CrossRef
9.
Autrel, F., Cuppens, F., Cuppens-Boulahia, N., Coma, C.: MotOrBAC 2: a security policy tool. In: Third Joint Conference on Security in Networks Architectures and Security of Information Systems (SARSSI) (2008)
10.
Muñante, D., Gallon, L., Aniorté, P.: An approach based on Model-driven Engineering to define Security Policies using the access control model OrBAC. In: The Eight International Workshop on Frontiers in Availability, Reliability and Security (FARES) (2013)
11.
Muñante, D., Gallon, L., Aniorté, P.: MoDELO: a MOdel-Driven sEcurity poLicy approach based on Orbac. In: 8ème Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d’Information (SARSII) (2013)
12.
Muñante, D., Chiprianov, V., Gallon, L., Aniorté, P.: A review of security requirements engineering methods with respect to risk analysis and model-driven engineering. In: Teufel, S., Min, T.A., You, I., Weippl, E. (eds.) CD-ARES 2014. LNCS, vol. 8708, pp. 79–93. Springer, Heidelberg (2014) CrossRef
13.
Lin, L., Nuseibeh, B., Ince, D., Jackson, M.: Using abuse frames to bound the scope of security problems. In: Proceedings of the 12th IEEE International Conference on Requirements Engineering (RE 2004), pp. 354–355. IEEE Computer Society (2004)
14.
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. J. 10(1), 34–44 (2005)CrossRef
15.
Sindre, G.: Mal-activity diagrams for capturing attacks on business processes. In: Heymans, P., Sawyer, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007) CrossRef
16.
van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, pp. 148–157, 23–28 May 2004
17.
Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)CrossRef
18.
Elahi, G., Yu, E.: A goal oriented approach for modeling and analyzing security trade-offs. University of Toronto. Technical report (2007)
19.
Anton, A.I., Earp, J.B.: Strategies for developing policies and requirements for secure electronic commerce systems. North Carolina State University. Technical report (2000)
20.
Braber, F., Hogganvik, I., Lund, M.S., Stolen, K., Vraalsen, F.: Model-based security analysis in seven steps-a guided tour to the CORAS method. BT Technol. J. 25(1), 101–117 (2007)CrossRef
21.
Asnar, Y., Giorgini, Y.P., Massacci, F., Zannone, N.: From trust to dependability through risk analysis. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp. 19–26. IEEE Computer Society (2007)
22.
Mayer, N., Rifaut, A., Dubois, E.: Towards a risk-based security requirements engineering framework. In: Proceedings of the 11th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ 2005), in Conjunction with the 17th Conference on Advanced Information Systems Engineering (CAiSE 2005) (2005)
23.
Massacci, F., Zannone, N.: A model-driven approach for the specification and analysis of access control policies. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1087–1103. Springer, Heidelberg (2008) CrossRef
24.
Ledru, Y., Richier, J., Idani, A., Labiadh, M.: From KAOS to RBAC: a case study in designing access control rules from a requirements analysis. In: 6ème Conf. sur la Sécurité des Architectures Réseaux et des Systèmes d’Information (SARSSI 2011) (2011)
25.
Mouratidis, H., Jürjens, J., Fox, J.: Towards a comprehensive framework for secure systems development. In: Martinez, F.H., Pohl, K. (eds.) CAiSE 2006. LNCS, vol. 4001, pp. 48–62. Springer, Heidelberg (2006) CrossRef
26.
Graa, M., Cuppens-Boulahia, N., Autrel, F., Azkia, H., Cuppens, F., Coatrieux, G., Cavalli, A., Mammar, A.: Using requirements engineering in an automatic security policy derivation process. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 155–172. Springer, Heidelberg (2012) CrossRef
27.
Hatebur, D., Heisel, M., Jürjens, J., Schmidt, H.: Systematic development of UMLsec design models based on security requirements. In: Giannakopoulou, D., Orejas, F. (eds.) FASE 2011. LNCS, vol. 6603, pp. 232–246. Springer, Heidelberg (2011) CrossRef
28.
Yu, E.: Modelling strategic relationships for process reengineering. Ph.D. thesis, University of Toronto (1995)
29.
Elahi, G., Yu, E., Zannone, N.: A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requir. Eng. 15(1), 41–62 (2010)CrossRef
30.
Sandhu, J.R., Coyne, E.J., Feinstein, H.J., Youman, C.E.: Role-based access control models. IEEE Comput. 29, 38–47 (1996)CrossRef
Metadaten
Titel
A Model-Driven Security Requirements Approach to Deduce Security Policies Based on OrBAC
verfasst von
Denisse Muñante Arzapalo
Vanea Chiprianov
Laurent Gallon
Philippe Aniorté
Copyright-Jahr
2015
Buch
Information Security and Cryptology

Print ISBN: 978-3-319-16744-2

Electronic ISBN: 978-3-319-16745-9

Copyright-Jahr: 2015

DOI
https://doi.org/10.1007/978-3-319-16745-9_9