文章基本信息

标题：Representing Access Control Policies in Use Cases
本地全文：下载
作者：Khaled Alghathbar
期刊名称：The International Arab Journal of Information Technology
印刷版ISSN：1683-3198
出版年度：2012
卷号：9
期号：3
出版社：Zarqa Private University
摘要：Security requirements of a software product need to receive attention throughout its development lifecycle. This paper proposes the required notation and format to represent security requirements, especially access control policies in use case diagram and use case description. Such enhancements offer simple representation for positive and negative authorization; grouping sensitive use cases that form a critical business task; separation of duties – both static and dynamic; least privilege; inheritance of authorizations; and security state or label for data inputted, stored or outputted. Validating information flow requirements at an early stage prevents costly fixes that are mandated during later stages of the development life cycle.
关键词：Access control policies; security engineering; use cases; misuse