Enforcing a security pattern in stakeholder goal models

Yijun Yu; Haruhiko Kaiya; Hironori Washizaki; Yingfei Xiong; Zhenjiang Hu; Nobukazu Yoshioka

doi:10.1145/1456362.1456366

Enforcing a security pattern in stakeholder goal models

Yijun Yu^*, Haruhiko Kaiya, Hironori Washizaki, Yingfei Xiong, Zhenjiang Hu, Nobukazu Yoshioka

^*Corresponding author for this work

School of Fundamental Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

16 Citations (Scopus)

Abstract

Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements.

Original language	English
Title of host publication	Proceedings of the 4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Pages	9-13
Number of pages	5
DOIs	https://doi.org/10.1145/1456362.1456366
Publication status	Published - 2008
Event	4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 - Alexandria, VA, United States Duration: 2008 Oct 27 → 2008 Oct 31

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Country/Territory	United States
City	Alexandria, VA
Period	08/10/27 → 08/10/31

Keywords

Goal models
Model transformations
RBAC
Security patterns

ASJC Scopus subject areas

Software
Computer Networks and Communications

Access to Document

10.1145/1456362.1456366

Cite this

Yu, Y., Kaiya, H., Washizaki, H., Xiong, Y., Hu, Z., & Yoshioka, N. (2008). Enforcing a security pattern in stakeholder goal models. In Proceedings of the 4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 (pp. 9-13). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1456362.1456366

Enforcing a security pattern in stakeholder goal models. / Yu, Yijun; Kaiya, Haruhiko; Washizaki, Hironori et al.

Proceedings of the 4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08. 2008. p. 9-13 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yu, Y, Kaiya, H, Washizaki, H, Xiong, Y, Hu, Z & Yoshioka, N 2008, Enforcing a security pattern in stakeholder goal models. in Proceedings of the 4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08. Proceedings of the ACM Conference on Computer and Communications Security, pp. 9-13, 4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08, Alexandria, VA, United States, 08/10/27. https://doi.org/10.1145/1456362.1456366

Yu Y, Kaiya H, Washizaki H, Xiong Y, Hu Z, Yoshioka N. Enforcing a security pattern in stakeholder goal models. In Proceedings of the 4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08. 2008. p. 9-13. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/1456362.1456366

@inproceedings{46c2c64da48c41118b8b49f727829068,

title = "Enforcing a security pattern in stakeholder goal models",

abstract = "Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements.",

keywords = "Goal models, Model transformations, RBAC, Security patterns",

author = "Yijun Yu and Haruhiko Kaiya and Hironori Washizaki and Yingfei Xiong and Zhenjiang Hu and Nobukazu Yoshioka",

year = "2008",

doi = "10.1145/1456362.1456366",

language = "English",

isbn = "9781605583211",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "9--13",

booktitle = "Proceedings of the 4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08",

note = "4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 ; Conference date: 27-10-2008 Through 31-10-2008",

}

TY - GEN

T1 - Enforcing a security pattern in stakeholder goal models

AU - Yu, Yijun

AU - Kaiya, Haruhiko

AU - Washizaki, Hironori

AU - Xiong, Yingfei

AU - Hu, Zhenjiang

AU - Yoshioka, Nobukazu

PY - 2008

Y1 - 2008

N2 - Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements.

AB - Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements.

KW - Goal models

KW - Model transformations

KW - RBAC

KW - Security patterns

UR - http://www.scopus.com/inward/record.url?scp=70349240293&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70349240293&partnerID=8YFLogxK

U2 - 10.1145/1456362.1456366

DO - 10.1145/1456362.1456366

M3 - Conference contribution

AN - SCOPUS:70349240293

SN - 9781605583211

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 9

EP - 13

BT - Proceedings of the 4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08

T2 - 4th ACM Workshop on Quality of Protection, QoP'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08

Y2 - 27 October 2008 through 31 October 2008

ER -

Enforcing a security pattern in stakeholder goal models

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this