|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
Fourth IEEE International Workshop on Information Assurance (IWIA'06)
Ensuring Compliance between Policies, Requirements and Software Design: A Case Study
Royal Holloway, United Kingdom
April 13-April 14
ISBN: 0-7695-2564-4
| ASCII Text | x | ||
| Qingfeng He, Paul Otto, Annie I. Anton, Laurie Jones, "Ensuring Compliance between Policies, Requirements and Software Design: A Case Study," Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on, pp. 79-92, Fourth IEEE International Workshop on Information Assurance (IWIA'06), 2006. | |||
| BibTex | x | ||
| @article{ 10.1109/IWIA.2006.7, author = {Qingfeng He and Paul Otto and Annie I. Anton and Laurie Jones}, title = {Ensuring Compliance between Policies, Requirements and Software Design: A Case Study}, journal ={Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on}, volume = {0}, year = {2006}, isbn = {0-7695-2564-4}, pages = {79-92}, doi = {http://doi.ieeecomputersociety.org/10.1109/IWIA.2006.7}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on TI - Ensuring Compliance between Policies, Requirements and Software Design: A Case Study SN - 0-7695-2564-4 SP79 EP92 A1 - Qingfeng He, A1 - Paul Otto, A1 - Annie I. Anton, A1 - Laurie Jones, PY - 2006 KW - null VL - 0 JA - Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IWIA.2006.7
Specifying correct and complete access control policies is essential to secure data and ensure privacy in information systems. Traditionally, policy specification has not been an explicit part of the software development process. This isolation of policy specification from software development often results in policies that are not in compliance with system requirements and/or organizational security and privacy policies, leaving the system vulnerable to data breaches. This paper presents the results and lessons learned from a case study that employs the Requirements-based Access Control Analysis and Policy Specification (ReCAPS) method to specify access control policies for a web-based event registration system. The ReCAPS method aids software and security engineers in specifying access control policies derived from requirements specifications and other available sources. Our case study revealed that the ReCAPS method helps identify inconsistencies across various software artifacts, such as requirements specification, database design, and organizational security and privacy policies. Had these problems not been identified and resolved, they would have crippled later phases of software development, resulted in missing or incomplete system functionality, and compromised the system?s security and privacy. This case study reinforces, validates, and extends our previous recommendations that access control policy specification should be an integral part of the software development process for information systems to achieve information assurance and improve the quality of the information system.
Citation:
Qingfeng He, Paul Otto, Annie I. Anton, Laurie Jones, "Ensuring Compliance between Policies, Requirements and Software Design: A Case Study," iwia, pp.79-92, Fourth IEEE International Workshop on Information Assurance (IWIA'06), 2006
Usage of this product signifies your acceptance of the Terms of Use.