Abstract
HE, QINGFENG. Requirements-Based Access Control Analysis and Policy Specification. (Under
the direction of Dr. Ana (Annie) I. Antón.)
Access control is a mechanism for achieving confidentiality and integrity in software systems.
Access control policies (ACPs) define how access is managed and the high-level rules of who can
access what information under certain conditions. Traditionally, access control policies have been
specified in an ad-hoc manner, leaving systems vulnerable to security breaches. ACP
specification is often isolated from requirements analysis, resulting in policies that are not in
compliance with system requirements. This dissertation introduces the Requirements-based
Access Control Analysis and Policy Specification (ReCAPS) method for deriving access control
policies from various sources, including software requirements specifications (SRS), software
designs, and high-level security/privacy policies. The ReCAPS method is essentially an analysis
method supported by a set of heuristics and a software tool: the Security and Privacy
Requirements Analysis Tool (SPRAT). The method was developed in two formative case studies
and validated in two summative case studies. All four case studies involved operational systems,
and ReCAPS evolved as a result of the lessons learned from applying the method to these case
studies. Further validation of the method was performed via an empirical study to evaluate the
usefulness and effectiveness of the approach. Results from these evaluations indicate that the
process and heuristics provided by the ReCAPS method are useful for specifying database-level
and application-level ACPs. Additionally, ReCAPS integrates policy specification into software
development, thus providing a basic framework for ensuring compliance between different levels
of policies, system requirements and software design. The method also improves the quality of
requirements specifications and system designs by clarifying ambiguities and resolving conflicts
across these artifacts.
Contents
List of Figures.......................................................................................................................................x
List of Tables......................................................................................................................................xii
List of Abbreviations........................................................................................................................xiv
Glossary.............................................................................................................................................xvii
Chapter 1 Introduction....................................................................................................................1
1.1 Research Context..........................................................................................................................2
1.2 Data Security and Privacy: A Healthcare Scenario.....................................................................3
1.3 Access Control Analysis and Policy Specification......................................................................5
1.4 Motivation of This Work and Problem Statement.......................................................................7
1.5 Overview of This Work..............................................................................................................10
1.6 Research Methodology and Classification.................................................................................11
1.7 Overview of Remaining Chapters..............................................................................................16
Chapter 2 Background and Related Work..................................................................................17
2.1 Requirements Engineering (RE)................................................................................................17
2.1.1 Classification of Requirements Engineering Research Efforts...............................18
2.1.2 Goal-Based Requirements Analysis.........................................................................20
2.1.3 Scenario-Based Requirements Analysis...................................................................24
2.1.4 From Requirements Analysis to Software Design...................................................25
2.2 Security Requirements Engineering...........................................................................................26
2.2.1 Security and Privacy Requirements Analysis..........................................................27
2.2.2 Access Control Analysis in Requirements Engineering..........................................28
2.3 Access Control in Security.........................................................................................................31
2.3.1 Access Control..........................................................................................................32
2.3.2 Access Control Policies............................................................................................33
2.3.3 Elements of Access Control Policies........................................................................33
2.3.4 Current Research Efforts on Access Control Policy Specifications.......................35
2.3.5 Role Engineering......................................................................................................36
2.4 Security and Privacy Policy Analysis and Specification...........................................................37
2.4.1 Policy Specification Languages...............................................................................37
2.4.2 Security Policy Analysis...........................................................................................41
2.4.3 Privacy Policy Analysis............................................................................................44
2.5 Summary.....................................................................................................................................46
Chapter 3 Formative Case Studies...............................................................................................48
3.1 Security and Privacy Requirements Analysis Tool (SPRAT)...................................................49
3.1.1 Methodology and Case Study Artifacts....................................................................50
3.1.2 Lessons Learned.......................................................................................................52
3.1.3 Results.......................................................................................................................61
3.2 Transnational Digital Government (TDG).................................................................................62
3.2.1 Methodology and Case Study Artifacts....................................................................63
3.2.2 Lessons Learned.......................................................................................................64
3.2.3 Results.......................................................................................................................69
3.3 Summary.....................................................................................................................................70
Chapter 4 Requirements-based Access Control Analysis and Policy Specification...............72
4.1 Overview of ReCAPS.................................................................................................................73
4.1.1 An ICOM Model of ReCAPS....................................................................................73
4.1.2 Assumptions..............................................................................................................75
4.1.3 Design Principles......................................................................................................75
4.1.4 Activities....................................................................................................................76
4.2 Analysis Process and Heuristics.................................................................................................78
4.2.1 Preparation...............................................................................................................79
4.2.2 Access Control Rule Identification & Specification................................................80
4.2.2.1 Identifying Objects.................................................................................................84
4.2.2.2 Identifying Subjects and Actions...........................................................................86
4.2.2.3 Identifying Conditions............................................................................................92
4.2.2.4 Identifying Obligations.........................................................................................102
4.2.2.5 Summary...............................................................................................................104
4.2.3 Access Control Rules Refinement...........................................................................104
4.2.3.1 Identifying and Removing Redundancies............................................................105
4.2.3.2 Identifying and Resolving Conflicts....................................................................107
4.2.4 Grouping AC Rules into ACPs...............................................................................109
4.2.5 Summary..................................................................................................................112
4.3 Tool Support.............................................................................................................................113
4.3.1 Overview.................................................................................................................113
4.3.2 ACP Specification Module.....................................................................................116
4.3.3 Design and Implementation....................................................................................123
4.4 Summary...................................................................................................................................124
Chapter 5 Validation....................................................................................................................125
5.1 Surry Arts Council (SAC) Web Enhancement........................................................................127
5.1.1 Methodology and Case Study Artifacts..................................................................128
5.1.2 Lessons Learned.....................................................................................................129
5.1.3 Summary and Discussion.......................................................................................134
5.2 NCSU College of Management Event Registration System...................................................136
5.2.1 Methodology and Case Study Artifacts..................................................................137
5.2.2 Lessons Learned.....................................................................................................139
5.2.3 Summary and Discussion.......................................................................................147
5.3 An Empirical Evaluation of ReCAPS......................................................................................149
5.3.1 Experimental Method.............................................................................................150
5.3.2 Results.....................................................................................................................157
5.3.2.1 Quality of Access Control Policies......................................................................160
5.3.2.2 Improvements to Source Documents...................................................................165
5.3.2.3 Time Effort............................................................................................................166
5.3.3 Summary and Discussion.......................................................................................168
5.4 Summary...................................................................................................................................171
Chapter 6 Conclusions....................................................................................................................173
6.1 Chapter Synopsis......................................................................................................................174
6.2 Summary of Contributions.......................................................................................................175
6.3 Current Limitations and Plans for Future Work......................................................................178
6.4 Conclusions...............................................................................................................................181
Appendix A Summary of ReCAPS Analysis Activities............................................................182
Appendix B Summary of ReCAPS Heuristics..........................................................................183
Appendix C Evolution of the ReCAPS Method........................................................................188
C.1 ReCAPS Method Summary Version 1 (Pre-SPRAT).............................................................188
C.2 ReCAPS Method Summary Version 2 (Pre-TDG).................................................................189
C.3 ReCAPS Method Summary Version 3 (Pre-SAC).................................................................194
C.4 ReCAPS Method Summary Version 4 (Pre-ERS)..................................................................202
Appendix D Experimental Instrumentation for Empirical Study..........................................203
D.1 NCSU Informed Consent Form for Research.........................................................................203
D.2 ReCAPS Group Assignment Description and Worksheets....................................................205
D.3 Control Group Assignment Description and Worksheets......................................................216
Bibliography.....................................................................................................................................224