• DocumentCode
    2392684
  • Title

    On modelling access policies: relating roles to their organisational context

  • Author

    Crook, Robert ; Ince, Darrel ; Nuseibeh, Bashar

  • Author_Institution
    Dept. of Comput., Open Univ., Milton Keynes, UK
  • fYear
    2005
  • fDate
    29 Aug.-2 Sept. 2005
  • Firstpage
    157
  • Lastpage
    166
  • Abstract
    The restriction of access is a mechanism by which organisations protect their information assets. Requirements models use actor definitions to describe users and to specify their access policies. Actors normally represent roles that users adopt, while roles can represent different things, such as a position in an organisation or the assignment of a task. Current requirements modelling approaches do not provide a systematic way of defining roles for incorporation into access policies. We address this issue by proposing a framework that facilitates the derivation of role definitions from their wider organisational context. We illustrate how our framework can be used to extend a formal version of i* - to define and verify access policies definitions -and demonstrate its applicability via a case study.
  • Keywords
    formal specification; organisational aspects; security of data; access policy modelling; access policy role definitions; access restriction; organisation information assets protection; organisational context; requirements modelling; task assignment; Access control; Context modeling; Control systems; Organizational aspects; Permission; Protection; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Requirements Engineering, 2005. Proceedings. 13th IEEE International Conference on
  • Print_ISBN
    0-7695-2425-7
  • Type

    conf

  • DOI
    10.1109/RE.2005.48
  • Filename
    1531037
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2392684