Paper Info
Title
Using requirements engineering in an automatic security policy derivation process
Abstract
Traditionally, a security policy is defined from an informal set of requirements, generally written using natural language. It is then difficult to appreciate the compatibility degree of the manually generated security policy with the informal requirements definition. The idea of this paper is to automate the process of deriving the formal security policy, using a more structured specification of the security objectives issued by the administrator of the information system to be secured. We chose the goal-oriented methodology KAOS to express the functional objectives, then based on the results of a risk analysis, we integrate the security objectives to the obtained KAOS framework. Finally, through a process of transformation applied to this structured security objectives specification, we automatically generate the corresponding security policy. This policy is consistent with the access control model OrBAC (Organization Access Control).
Year
DOI
Venue
2011
10.1007/978-3-642-28879-1_11
DPM/SETOP
Keywords
Field
DocType
requirements engineering,automatic security policy derivation,structured security objectives specification,goal-oriented methodology kaos,formal security policy,corresponding security policy,security policy,informal requirements definition,security objective,structured specification,informal set,kaos framework,requirement engineering
Security testing,Software engineering,Security engineering,Computer science,Information security,Security service,KAOS,Security information and event management,Security policy,Computer security model
Conference
Citations 
PageRank 
References 
4
0.46
10
Authors
8
Name
Order
Citations
PageRank
Mariem Graa194.25
Nora Cuppens-Boulahia2104391.60
Fabien Autrel3697.16
Hanieh Azkia4121.71
Frédéric Cuppens52146258.58
Gouenou Coatrieux651344.01
Ana Cavalli7536.47
Amel Mammar821831.77