Qingfeng He scite author profile

a b s t r a c tAccess control (AC) is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) express rules concerning who can access what information, and under what conditions. ACP specification is not an explicit part of the software development process and is often isolated from requirements analysis activities, leaving systems vulnerable to security breaches because policies are specified without ensuring compliance with system requirements. In this paper, we present the Requirements-based Access Control Analysis and Policy Specification (ReCAPS) method for deriving and specifying ACPs, and discuss three validation efforts. The method integrates policy specification into the software development process, ensures consistency across software artifacts, and provides prescriptive guidance for how to specify ACPs. It also improves the quality of requirements specifications and system designs by clarifying ambiguities and resolving conflicts across these artifacts during the analysis, making a significant step towards ensuring that policies are enforced in a manner consistent with a system's requirements specifications. To date, the method has been applied within the context of four operational systems. Additionally, we have conducted an empirical study to evaluate its usefulness and effectiveness. A software tool, the Security and Privacy Requirements Analysis Tool (SPRAT), was developed to support ReCAPS analysis activities.

show abstract

Inside JetBlue's privacy policy violations

Antón

Baumer

2004

IEEE Secur. Privacy Mag.

View full text Add to dashboard Cite

“I Need It Now”: Improving Website Usability by Contextualizing Privacy Policies

Bolchini

Antón

et al. 2004

View full text Add to dashboard Cite

Abstract. Internet privacy policies are complex and difficult to use. In the eyes of end-users, website policies appear to be monolithic blocks of poorly structured texts that are difficult to parse when attempting to retrieve specific information. In an increasingly privacy-aware society, end-users must be able to easily access privacy policies while navigating a website's pages and readily understand the relevant parts of the policy. We propose a structured methodology to improve web design and increase user's privacy awareness. This systematic approach allows policy makers to effectively and efficiently reshape their current policies by structuring policies according to the subject that is relevant to specific user interaction contexts, making them more usercentered and user-friendly. The methodology is built upon prior work in privacy policy analysis and navigation context design.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Qingfeng He

Financial privacy policies and the need for standardization

Requirements-based Access Control Analysis and Policy Specification (ReCAPS)

Inside JetBlue's privacy policy violations

“I Need It Now”: Improving Website Usability by Contextualizing Privacy Policies

Contact Info

Product

Resources

About