Title :
From KAOS to RBAC: A Case Study in Designing Access Control Rules from a Requirements Analysis
Author :
Ledru, Yves ; Richier, Jean-Luc ; Idani, Akram ; Labiadh, Mohamed-Amine
Author_Institution :
Lab. d´´Inf. de Grenoble, UJF-Grenoble l, Grenoble, France
Abstract :
This paper presents the KAOS2RBAC approach for Security Requirements Engineering. Starting from functional requirements, linked to a data model, the approach first identifies high level security goals. It then refines these security goals into security requirements linked to the functional model. Finally, these security requirements lead to the design of access control rules. An informal verification step checks that the rules give enough permission to enable all functional requirements. The approach takes benefit of the KAOS notations to link functional and non-functional goals, agents, data, and access control rules in a single requirements model. This enables traceability between security goals and the resulting access control rules. The approach is illustrated by a case study: an information system for medical urgency, taken from a real project.
Keywords :
authorisation; formal verification; medical information systems; KAOS2RBAC approach; access control rules; informal verification step; information system; medical urgency; requirements analysis; security goals; security requirements engineering; Access control; Availability; Medical diagnostic imaging; Medical services; Regulators; Unified modeling language;
Conference_Titel :
Network and Information Systems Security (SAR-SSI), 2011 Conference on
Conference_Location :
La Rochelle
Print_ISBN :
978-1-4577-0735-3
DOI :
10.1109/SAR-SSI.2011.5931378
