ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

Representing Access Control Policies in Use Cases

Journal: The International Arab Journal of Information Technology (Vol.9, No. 3)

Publication Date:

Authors : ;

Page : 268-275

Keywords : Access control policies; security engineering; use cases; misuse.;

Source : Downloadexternal Find it from : Google Scholarexternal

Abstract

Security requirements of a software product need to receive attention throughout its development lifecycle. This paper proposes the required notation and format to represent security requirements, especially access control policies in use case diagram and use case description. Such enhancements offer simple representation for positive and negative authorization; grouping sensitive use cases that form a critical business task; separation of duties – both static and dynamic; least privilege; inheritance of authorizations; and security state or label for data inputted, stored or outputted. Validating information flow requirements at an early stage prevents costly fixes that are mandated during later stages of the development life cycle.

Last modified: 2019-05-06 21:00:51