Enforcing a security pattern in stakeholder goal models

Yijun Yu, Haruhiko Kaiya, Hironori Washizaki, Yingfei Xiong, Zhenjiang Hu, Nobukazu Yoshioka

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    13 Citations (Scopus)

    Abstract

    Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements.

    Original languageEnglish
    Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
    Pages9-13
    Number of pages5
    DOIs
    Publication statusPublished - 2008
    Event4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 - Alexandria, VA
    Duration: 2008 Oct 272008 Oct 31

    Other

    Other4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
    CityAlexandria, VA
    Period08/10/2708/10/31

    Fingerprint

    Access control

    Keywords

    • Goal models
    • Model transformations
    • RBAC
    • Security patterns

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications

    Cite this

    Yu, Y., Kaiya, H., Washizaki, H., Xiong, Y., Hu, Z., & Yoshioka, N. (2008). Enforcing a security pattern in stakeholder goal models. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 9-13) https://doi.org/10.1145/1456362.1456366

    Enforcing a security pattern in stakeholder goal models. / Yu, Yijun; Kaiya, Haruhiko; Washizaki, Hironori; Xiong, Yingfei; Hu, Zhenjiang; Yoshioka, Nobukazu.

    Proceedings of the ACM Conference on Computer and Communications Security. 2008. p. 9-13.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Yu, Y, Kaiya, H, Washizaki, H, Xiong, Y, Hu, Z & Yoshioka, N 2008, Enforcing a security pattern in stakeholder goal models. in Proceedings of the ACM Conference on Computer and Communications Security. pp. 9-13, 4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08, Alexandria, VA, 08/10/27. https://doi.org/10.1145/1456362.1456366
    Yu Y, Kaiya H, Washizaki H, Xiong Y, Hu Z, Yoshioka N. Enforcing a security pattern in stakeholder goal models. In Proceedings of the ACM Conference on Computer and Communications Security. 2008. p. 9-13 https://doi.org/10.1145/1456362.1456366
    Yu, Yijun ; Kaiya, Haruhiko ; Washizaki, Hironori ; Xiong, Yingfei ; Hu, Zhenjiang ; Yoshioka, Nobukazu. / Enforcing a security pattern in stakeholder goal models. Proceedings of the ACM Conference on Computer and Communications Security. 2008. pp. 9-13
    @inproceedings{46c2c64da48c41118b8b49f727829068,
    title = "Enforcing a security pattern in stakeholder goal models",
    abstract = "Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements.",
    keywords = "Goal models, Model transformations, RBAC, Security patterns",
    author = "Yijun Yu and Haruhiko Kaiya and Hironori Washizaki and Yingfei Xiong and Zhenjiang Hu and Nobukazu Yoshioka",
    year = "2008",
    doi = "10.1145/1456362.1456366",
    language = "English",
    isbn = "9781605583211",
    pages = "9--13",
    booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

    }

    TY - GEN

    T1 - Enforcing a security pattern in stakeholder goal models

    AU - Yu, Yijun

    AU - Kaiya, Haruhiko

    AU - Washizaki, Hironori

    AU - Xiong, Yingfei

    AU - Hu, Zhenjiang

    AU - Yoshioka, Nobukazu

    PY - 2008

    Y1 - 2008

    N2 - Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements.

    AB - Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements.

    KW - Goal models

    KW - Model transformations

    KW - RBAC

    KW - Security patterns

    UR - http://www.scopus.com/inward/record.url?scp=70349240293&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=70349240293&partnerID=8YFLogxK

    U2 - 10.1145/1456362.1456366

    DO - 10.1145/1456362.1456366

    M3 - Conference contribution

    AN - SCOPUS:70349240293

    SN - 9781605583211

    SP - 9

    EP - 13

    BT - Proceedings of the ACM Conference on Computer and Communications Security

    ER -