A model-driven approach for the specification and analysis of access control policies

F. Massacci, N. Zannone

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    17 Citations (Scopus)
    2 Downloads (Pure)

    Abstract

    The last years have seen the definition of many languages, models and standards tailored to specify and enforce access control policies, but such frameworks do not provide methodological support during the policy specification process. In particular, they do not provide facilities for the analysis of the social context where the system operates. In this paper we propose a model-driven approach for the specification and analysis of access control policies. We build this framework on top of SI*, a modeling language tailored to capture and analyze functional and security requirements of socio-technical systems. The framework also provides formal mechanisms to assist policy writers and system administrators in the verification of access control policies and of the actual user-permission assignment.
    Original languageEnglish
    Title of host publicationOn the Move to Meaningful Internet Systems 2008: OTM 2008 Confederated International Conferences (Monterrey, Mexico, November 9-14, 2008), Part II
    EditorsR. Meersman, Z. Tari
    Place of PublicationBerlin
    PublisherSpringer
    Pages1087-1103
    ISBN (Print)978-3-540-88872-7
    DOIs
    Publication statusPublished - 2008

    Publication series

    NameLecture Notes in Computer Science
    Volume5332
    ISSN (Print)0302-9743

    Fingerprint Dive into the research topics of 'A model-driven approach for the specification and analysis of access control policies'. Together they form a unique fingerprint.

  • Cite this

    Massacci, F., & Zannone, N. (2008). A model-driven approach for the specification and analysis of access control policies. In R. Meersman, & Z. Tari (Eds.), On the Move to Meaningful Internet Systems 2008: OTM 2008 Confederated International Conferences (Monterrey, Mexico, November 9-14, 2008), Part II (pp. 1087-1103). (Lecture Notes in Computer Science; Vol. 5332). Springer. https://doi.org/10.1007/978-3-540-88873-4_11