By Topic

From KAOS to RBAC: A Case Study in Designing Access Control Rules from a Requirements Analysis

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Ledru, Y. ; Lab. d''Inf. de Grenoble, UJF-Grenoble l, Grenoble, France ; Richier, J. ; Idani, A. ; Labiadh, M.

This paper presents the KAOS2RBAC approach for Security Requirements Engineering. Starting from functional requirements, linked to a data model, the approach first identifies high level security goals. It then refines these security goals into security requirements linked to the functional model. Finally, these security requirements lead to the design of access control rules. An informal verification step checks that the rules give enough permission to enable all functional requirements. The approach takes benefit of the KAOS notations to link functional and non-functional goals, agents, data, and access control rules in a single requirements model. This enables traceability between security goals and the resulting access control rules. The approach is illustrated by a case study: an information system for medical urgency, taken from a real project.

Published in:

Network and Information Systems Security (SAR-SSI), 2011 Conference on

Date of Conference:

18-21 May 2011