TY - JOUR
T1 - Conviviality-driven access control policy
AU - El Kateb, Donia
AU - Zannone, N.
AU - Moawad, Assaad
AU - Caire, Patrice
AU - Nain, Grégory
AU - Mouelhi, Tejeddine
AU - Le Traon, Yves
PY - 2015/11/22
Y1 - 2015/11/22
N2 - Nowadays many organizations experience security incidents due to unauthorized access to information. To reduce the risk of such incidents, security policies are often employed to regulate access to information. Such policies, however, are often too restrictive, and users do not have the rights necessary to perform assigned duties. As a consequence, access control mechanisms are perceived by users as a barrier and thus bypassed, making the system insecure. In this paper, we draw a bridge between the social concept of conviviality and access control. Conviviality has been introduced as a social science concept for ambient intelligence and multi-agent systems to highlight soft qualitative requirements like user-friendliness of systems. To bridge the gap between conviviality and security, we propose a methodological framework for updating and adapting access control policies based on conviviality recommendations. Our methodology integrates and extends existing techniques to assist system designers in the derivation of access control policies from socio-technical requirements of the system, while taking into account the conviviality of the system. We illustrate our framework using the Ambient Assisted Living use case from the HotCity of Luxembourg.
AB - Nowadays many organizations experience security incidents due to unauthorized access to information. To reduce the risk of such incidents, security policies are often employed to regulate access to information. Such policies, however, are often too restrictive, and users do not have the rights necessary to perform assigned duties. As a consequence, access control mechanisms are perceived by users as a barrier and thus bypassed, making the system insecure. In this paper, we draw a bridge between the social concept of conviviality and access control. Conviviality has been introduced as a social science concept for ambient intelligence and multi-agent systems to highlight soft qualitative requirements like user-friendliness of systems. To bridge the gap between conviviality and security, we propose a methodological framework for updating and adapting access control policies based on conviviality recommendations. Our methodology integrates and extends existing techniques to assist system designers in the derivation of access control policies from socio-technical requirements of the system, while taking into account the conviviality of the system. We illustrate our framework using the Ambient Assisted Living use case from the HotCity of Luxembourg.
KW - Access control
KW - Conviviality
KW - Negotiable and non-negotiable authorizations
KW - Requirement model
UR - http://www.scopus.com/inward/record.url?scp=84941996526&partnerID=8YFLogxK
U2 - 10.1007/s00766-014-0204-0
DO - 10.1007/s00766-014-0204-0
M3 - Article
SN - 0947-3602
VL - 20
SP - 363
EP - 382
JO - Requirements Engineering
JF - Requirements Engineering
IS - 4
ER -