Abstract | ||
---|---|---|
Traditionally, a security policy is defined from an informal set of requirements, generally written using natural language. It is then difficult to appreciate the compatibility degree of the manually generated security policy with the informal requirements definition. The idea of this paper is to automate the process of deriving the formal security policy, using a more structured specification of the security objectives issued by the administrator of the information system to be secured. We chose the goal-oriented methodology KAOS to express the functional objectives, then based on the results of a risk analysis, we integrate the security objectives to the obtained KAOS framework. Finally, through a process of transformation applied to this structured security objectives specification, we automatically generate the corresponding security policy. This policy is consistent with the access control model OrBAC (Organization Access Control). |
Year | DOI | Venue |
---|---|---|
2011 | 10.1007/978-3-642-28879-1_11 | DPM/SETOP |
Keywords | Field | DocType |
requirements engineering,automatic security policy derivation,structured security objectives specification,goal-oriented methodology kaos,formal security policy,corresponding security policy,security policy,informal requirements definition,security objective,structured specification,informal set,kaos framework,requirement engineering | Security testing,Software engineering,Security engineering,Computer science,Information security,Security service,KAOS,Security information and event management,Security policy,Computer security model | Conference |
Citations | PageRank | References |
4 | 0.46 | 10 |
Authors | ||
8 |
Name | Order | Citations | PageRank |
---|---|---|---|
Mariem Graa | 1 | 9 | 4.25 |
Nora Cuppens-Boulahia | 2 | 1043 | 91.60 |
Fabien Autrel | 3 | 69 | 7.16 |
Hanieh Azkia | 4 | 12 | 1.71 |
Frédéric Cuppens | 5 | 2146 | 258.58 |
Gouenou Coatrieux | 6 | 513 | 44.01 |
Ana Cavalli | 7 | 53 | 6.47 |
Amel Mammar | 8 | 218 | 31.77 |