Representing Access Control Policies in Use Cases

Representing Access Control Policies in Use Cases

Khaled Alghathbar
College of Computer and Information Sciences, Center of Excellence Information Assurance, King Saud University, Saudi Arabia
 
Abstract: Security requirements of a software product need to receive attention throughout its development lifecycle. This paper proposes the required notation and format to represent security requirements, especially access control policies in use case diagram and use case description. Such enhancements offer simple representation for positive and negative authorization; grouping sensitive use cases that form a critical business task; separation of duties – both static and dynamic; least privilege; inheritance of authorizations; and security state or label for data inputted, stored or outputted. Validating information flow requirements at an early stage prevents costly fixes that are mandated during later stages of the development life cycle.

Keywords: Access control policies, security engineering, use cases, misuse.

Received December 14, 2009; accepted May 21, 2010

Read 3543 times Last modified on Tuesday, 15 November 2011 02:19
Share
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…