Describing access control models as design patterns using roles

Kim, Dae-Kyoo; Mehta, Pooja; Gokhale, Priya

doi:10.1145/1415472.1415485

Cited by 9 publications

(7 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…After transformation, the technique can be also used to check correct incorporation of the pattern properties by evaluating conformance of the transformed model to the solution specification of the pattern. We have also used the proposed approach for patterns (e.g., DAC, MAC, RBAC) (Kim et al 2006) in the security domain to check access control properties in security systems.…”

Section: Resultsmentioning

confidence: 99%

Evaluating pattern conformance of UML models: a divide-and-conquer approach and case studies

Kim

Shen

2008

Software Qual J

Self Cite

View full text Add to dashboard Cite

A design pattern is realized in various forms depending on the context of the applications. There has been intensive research on detecting pattern instances in models and in implementations. However, little work addresses variations of pattern realization. This paper describes an approach for evaluating conformance of pattern variations. This approach uses a divide-and-conquer strategy to evaluate the structural conformance of a UML class diagram to the solution of a design pattern. A design pattern is specified in an extension of the UML that defines the pattern in terms of roles. To demonstrate the approach, we use the Visitor pattern and two case studies of a price calculator and a word processor. We also present a prototype tool that supports the approach.

show abstract

Section: Resultsmentioning

confidence: 99%

Evaluating pattern conformance of UML models: a divide-and-conquer approach and case studies

Kim

Shen

2008

Software Qual J

Self Cite

View full text Add to dashboard Cite

show abstract

“…We interviewed each expert with an existing hierarchy already created from patterns gathered from textbooks and our pattern repository [9,12,36,37,38]. Our goal was to further expand and refine our hierarchy as well as to find a unique subset of the patterns in the hierarchy that would apply to each scenario based on expert opinion.…”

Section: Expert Interviewsmentioning

confidence: 99%

Managing security requirements patterns using feature diagram hierarchies

Slavin

Lehker

Niu

et al. 2014

2014 IEEE 22nd International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

Abstract-Security requirements patterns represent reusable security practices that software engineers can apply to improve security in their system. Reusing best practices that others have employed could have a number of benefits, such as decreasing the time spent in the requirements elicitation process or improving the quality of the product by reducing product failure risk. Pattern selection can be difficult due to the diversity of applicable patterns from which an analyst has to choose. The challenge is that identifying the most appropriate pattern for a situation can be cumbersome and time-consuming. We propose a new method that combines an inquiry-cycle based approach with the feature diagram notation to review only relevant patterns and quickly select the most appropriate patterns for the situation. Similar to patterns themselves, our approach captures expert knowledge to relate patterns based on decisions made by the pattern user. The resulting pattern hierarchies allow users to be guided through these decisions by questions, which elicit and refine requirements as well as introduce related patterns. Furthermore, our approach is unique in the way that pattern forces are interpreted as quality attributes to balance trade-offs in the resulting requirements. We evaluate our approach using access control patterns in a pattern user study.

show abstract

“…For instance, the S-TTP determines an Access Level (AL) for the EHRs based on three factors: the identification of an Authorised Device and Authorised Person who wants to have access to a patient's medical information, the patient's consent, and the relevant healthcare legislation. Based on these factors the S-TTP maintains three access control lists: Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC) [8,9]. The MAC and DAC list are made by using the patient's consent.…”

Section: Proposed National Communication Frameworkmentioning

confidence: 99%

A Secure Framework and Related Protocols for Ubiquitous Access to Electronic Health Records Using Java SIM Cards

Hassanzadeh

Sahama

Fidge

2010

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

International audienceUbiquitous access to patient medical records is an important aspect of caring for patient safety. Unavailability of sufficient medical information at the patient point-of-care could possibly lead to a fatality. In this paper we propose employing emergent technologies such as Java SIM Cards (JSC), Smart Phones (SP), Next Generation Networks (NGN), Near Field Communications (NFC), Public Key Infrastructure (PKI), and Biometric Identification to develop a secure framework and related protocols for ubiquitous access to Electronic Health Records (EHRs). A partial EHR contained within a JSC can be used at the patient point-of-care in order to help quick diagnosis of a patient's problems. The full EHR can be accessed from an Electronic Healthcare Records Centre (EHRC)

show abstract

Describing access control models as design patterns using roles

Cited by 9 publications

References 16 publications

Evaluating pattern conformance of UML models: a divide-and-conquer approach and case studies

Evaluating pattern conformance of UML models: a divide-and-conquer approach and case studies

Managing security requirements patterns using feature diagram hierarchies

A Secure Framework and Related Protocols for Ubiquitous Access to Electronic Health Records Using Java SIM Cards

Contact Info

Product

Resources

About