2009
DOI: 10.1016/j.infsof.2008.11.005
|View full text |Cite
|
Sign up to set email alerts
|

Requirements-based Access Control Analysis and Policy Specification (ReCAPS)

Abstract: a b s t r a c tAccess control (AC) is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) express rules concerning who can access what information, and under what conditions. ACP specification is not an explicit part of the software development process and is often isolated from requirements analysis activities, leaving systems vulnerable to security breaches because policies are specified without ensuring compliance with system requirements. In this pape… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
23
0

Year Published

2009
2009
2017
2017

Publication Types

Select...
4
2
1

Relationship

0
7

Authors

Journals

citations
Cited by 28 publications
(23 citation statements)
references
References 33 publications
0
23
0
Order By: Relevance
“…Covered Entities (CE) or Business Associates (BA) should consider multiple factor for administrative access e.g. two-factor authentication to enhance HIPAA compliance [18]. Above tactic can be called as access control tactic under HIPAA.…”
Section: A Am 1 Access Controlmentioning
confidence: 99%
“…Covered Entities (CE) or Business Associates (BA) should consider multiple factor for administrative access e.g. two-factor authentication to enhance HIPAA compliance [18]. Above tactic can be called as access control tactic under HIPAA.…”
Section: A Am 1 Access Controlmentioning
confidence: 99%
“…Several approaches have been proposed to derive access control policies from requirement specifications, but none of them focuses on the automatic generation of data protection policies. He and Anton [13] propose Requirements-based Access Control Analysis and Policy Specification (ReCAPS). The method provides guidelines for identifying access rules elements from the requirements specifications and for detecting and resolving conflicts among the rules based on a set of heuristics.…”
Section: Related Workmentioning
confidence: 99%
“…In the context of security, modeling vulnerabilities, failures and countermeasures [18][19][20][21], security requirements and their potential conflicts with other functional and non-functional requirements, application of standards [22,23], access control policies and requirements [24,25] and policy description languages [7,[26][27][28] have been mainly addressed.…”
Section: Related Workmentioning
confidence: 99%