REQUIREMENTS-BASED ACCESS CONTROL ANALYSIS AND POLICY SPECIFICATION

Get BibTex-formatted data

Author

Qingfeng He

Entry type

phdthesis

Abstract

HE, QINGFENG. Requirements-Based Access Control Analysis and Policy Specification. (Under the direction of Dr. Ana (Annie) I. Antón.) Access control is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) define how access is managed and the high-level rules of who can access what information under certain conditions. Traditionally, access control policies have been specified in an ad-hoc manner, leaving systems vulnerable to security breaches. ACP specification is often isolated from requirements analysis, resulting in policies that are not in compliance with system requirements. This dissertation introduces the Requirements-based Access Control Analysis and Policy Specification (ReCAPS) method for deriving access control policies from various sources, including software requirements specifications (SRS), software designs, and high-level security/privacy policies. The ReCAPS method is essentially an analysis method supported by a set of heuristics and a software tool: the Security and Privacy Requirements Analysis Tool (SPRAT). The method was developed in two formative case studies and validated in two summative case studies. All four case studies involved operational systems, and ReCAPS evolved as a result of the lessons learned from applying the method to these case studies. Further validation of the method was performed via an empirical study to evaluate the usefulness and effectiveness of the approach. Results from these evaluations indicate that the process and heuristics provided by the ReCAPS method are useful for specifying database-level and application-level ACPs. Additionally, ReCAPS integrates policy specification into software development, thus providing a basic framework for ensuring compliance between different levels of policies, system requirements and software design. The method also improves the quality of requirements specifications and system designs by clarifying ambiguities and resolving conflicts across these artifacts.

Key alpha

School

North Carolina State University

Publication Date

2001-01-01

List of Figures.......................................................................................................................................x List of Tables......................................................................................................................................xii List of Abbreviations........................................................................................................................xiv Glossary.............................................................................................................................................xvii Chapter 1 Introduction....................................................................................................................1 1.1 Research Context..........................................................................................................................2 1.2 Data Security and Privacy: A Healthcare Scenario.....................................................................3 1.3 Access Control Analysis and Policy Specification......................................................................5 1.4 Motivation of This Work and Problem Statement.......................................................................7 1.5 Overview of This Work..............................................................................................................10 1.6 Research Methodology and Classification.................................................................................11 1.7 Overview of Remaining Chapters..............................................................................................16 Chapter 2 Background and Related Work..................................................................................17 2.1 Requirements Engineering (RE)................................................................................................17 2.1.1 Classification of Requirements Engineering Research Efforts...............................18 2.1.2 Goal-Based Requirements Analysis.........................................................................20 2.1.3 Scenario-Based Requirements Analysis...................................................................24 2.1.4 From Requirements Analysis to Software Design...................................................25 2.2 Security Requirements Engineering...........................................................................................26 2.2.1 Security and Privacy Requirements Analysis..........................................................27 2.2.2 Access Control Analysis in Requirements Engineering..........................................28 2.3 Access Control in Security.........................................................................................................31 2.3.1 Access Control..........................................................................................................32 2.3.2 Access Control Policies............................................................................................33 2.3.3 Elements of Access Control Policies........................................................................33 2.3.4 Current Research Efforts on Access Control Policy Specifications.......................35 2.3.5 Role Engineering......................................................................................................36 2.4 Security and Privacy Policy Analysis and Specification...........................................................37 2.4.1 Policy Specification Languages...............................................................................37 2.4.2 Security Policy Analysis...........................................................................................41 2.4.3 Privacy Policy Analysis............................................................................................44 2.5 Summary.....................................................................................................................................46 Chapter 3 Formative Case Studies...............................................................................................48 3.1 Security and Privacy Requirements Analysis Tool (SPRAT)...................................................49 3.1.1 Methodology and Case Study Artifacts....................................................................50 3.1.2 Lessons Learned.......................................................................................................52 3.1.3 Results.......................................................................................................................61 3.2 Transnational Digital Government (TDG).................................................................................62 3.2.1 Methodology and Case Study Artifacts....................................................................63 3.2.2 Lessons Learned.......................................................................................................64 3.2.3 Results.......................................................................................................................69 3.3 Summary.....................................................................................................................................70 Chapter 4 Requirements-based Access Control Analysis and Policy Specification...............72 4.1 Overview of ReCAPS.................................................................................................................73 4.1.1 An ICOM Model of ReCAPS....................................................................................73 4.1.2 Assumptions..............................................................................................................75 4.1.3 Design Principles......................................................................................................75 4.1.4 Activities....................................................................................................................76 4.2 Analysis Process and Heuristics.................................................................................................78 4.2.1 Preparation...............................................................................................................79 4.2.2 Access Control Rule Identification & Specification................................................80 4.2.2.1 Identifying Objects.................................................................................................84 4.2.2.2 Identifying Subjects and Actions...........................................................................86 4.2.2.3 Identifying Conditions............................................................................................92 4.2.2.4 Identifying Obligations.........................................................................................102 4.2.2.5 Summary...............................................................................................................104 4.2.3 Access Control Rules Refinement...........................................................................104 4.2.3.1 Identifying and Removing Redundancies............................................................105 4.2.3.2 Identifying and Resolving Conflicts....................................................................107 4.2.4 Grouping AC Rules into ACPs...............................................................................109 4.2.5 Summary..................................................................................................................112 4.3 Tool Support.............................................................................................................................113 4.3.1 Overview.................................................................................................................113 4.3.2 ACP Specification Module.....................................................................................116 4.3.3 Design and Implementation....................................................................................123 4.4 Summary...................................................................................................................................124 Chapter 5 Validation....................................................................................................................125 5.1 Surry Arts Council (SAC) Web Enhancement........................................................................127 5.1.1 Methodology and Case Study Artifacts..................................................................128 5.1.2 Lessons Learned.....................................................................................................129 5.1.3 Summary and Discussion.......................................................................................134 5.2 NCSU College of Management Event Registration System...................................................136 5.2.1 Methodology and Case Study Artifacts..................................................................137 5.2.2 Lessons Learned.....................................................................................................139 5.2.3 Summary and Discussion.......................................................................................147 5.3 An Empirical Evaluation of ReCAPS......................................................................................149 5.3.1 Experimental Method.............................................................................................150 5.3.2 Results.....................................................................................................................157 5.3.2.1 Quality of Access Control Policies......................................................................160 5.3.2.2 Improvements to Source Documents...................................................................165 5.3.2.3 Time Effort............................................................................................................166 5.3.3 Summary and Discussion.......................................................................................168 5.4 Summary...................................................................................................................................171 Chapter 6 Conclusions....................................................................................................................173 6.1 Chapter Synopsis......................................................................................................................174 6.2 Summary of Contributions.......................................................................................................175 6.3 Current Limitations and Plans for Future Work......................................................................178 6.4 Conclusions...............................................................................................................................181 Appendix A Summary of ReCAPS Analysis Activities............................................................182 Appendix B Summary of ReCAPS Heuristics..........................................................................183 Appendix C Evolution of the ReCAPS Method........................................................................188 C.1 ReCAPS Method Summary Version 1 (Pre-SPRAT).............................................................188 C.2 ReCAPS Method Summary Version 2 (Pre-TDG).................................................................189 C.3 ReCAPS Method Summary Version 3 (Pre-SAC).................................................................194 C.4 ReCAPS Method Summary Version 4 (Pre-ERS)..................................................................202 Appendix D Experimental Instrumentation for Empirical Study..........................................203 D.1 NCSU Informed Consent Form for Research.........................................................................203 D.2 ReCAPS Group Assignment Description and Worksheets....................................................205 D.3 Control Group Assignment Description and Worksheets......................................................216 Bibliography.....................................................................................................................................224

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Phdthesis{ He,
	title = "REQUIREMENTS-BASED ACCESS CONTROL ANALYSIS  AND POLICY SPECIFICATION",
	author = "Qingfeng He",
	school = "North Carolina State University ",
	abstract = "HE, QINGFENG. Requirements-Based Access Control Analysis and Policy Specification. (Under 
the direction of Dr. Ana (Annie) I. Anto&#769;n.) 
Access control is a mechanism for achieving confidentiality and integrity in software systems. 
Access control policies (ACPs) define how access is managed and the high-level rules of who can 
access what information under certain conditions. Traditionally, access control policies have been 
specified in an ad-hoc manner, leaving systems vulnerable to security breaches. ACP 
specification is often isolated from requirements analysis, resulting in policies that are not in 
compliance with system requirements. This dissertation introduces the Requirements-based 
Access Control Analysis and Policy Specification (ReCAPS) method for deriving access control 
policies from various sources, including software requirements specifications (SRS), software 
designs, and high-level security/privacy policies. The ReCAPS method is essentially an analysis 
method supported by a set of heuristics and a software tool: the Security and Privacy 
Requirements Analysis Tool (SPRAT). The method was developed in two formative case studies 
and validated in two summative case studies. All four case studies involved operational systems, 
and ReCAPS evolved as a result of the lessons learned from applying the method to these case 
studies. Further validation of the method was performed via an empirical study to evaluate the 
usefulness and effectiveness of the approach.  Results from these evaluations indicate that the 
process and heuristics provided by the ReCAPS method are useful for specifying database-level 
and application-level ACPs. Additionally, ReCAPS integrates policy specification into software 
development, thus providing a basic framework for ensuring compliance between different levels 
of policies, system requirements and software design. The method also improves the quality of 
requirements specifications and system designs by clarifying ambiguities and resolving conflicts 
across these artifacts.",
	contents = "List of Figures.......................................................................................................................................x 
List of Tables......................................................................................................................................xii 
List of Abbreviations........................................................................................................................xiv 
Glossary.............................................................................................................................................xvii 
Chapter 1    Introduction....................................................................................................................1 
1.1    Research Context..........................................................................................................................2 
1.2    Data Security and Privacy: A Healthcare Scenario.....................................................................3 
1.3    Access Control Analysis and Policy Specification......................................................................5 
1.4    Motivation of This Work and Problem Statement.......................................................................7 
1.5    Overview of This Work..............................................................................................................10 
1.6    Research Methodology and Classification.................................................................................11 
1.7    Overview of Remaining Chapters..............................................................................................16 
Chapter 2    Background and Related Work..................................................................................17 
2.1    Requirements Engineering (RE)................................................................................................17 
2.1.1    Classification of Requirements Engineering Research Efforts...............................18 
2.1.2    Goal-Based Requirements Analysis.........................................................................20 
2.1.3    Scenario-Based Requirements Analysis...................................................................24 
2.1.4    From Requirements Analysis to Software Design...................................................25 
2.2    Security Requirements Engineering...........................................................................................26 
2.2.1    Security and Privacy Requirements Analysis..........................................................27 
2.2.2    Access Control Analysis in Requirements Engineering..........................................28 
2.3    Access Control in Security.........................................................................................................31 
2.3.1    Access Control..........................................................................................................32 
2.3.2    Access Control Policies............................................................................................33 
2.3.3    Elements of Access Control Policies........................................................................33 
2.3.4    Current Research Efforts on Access Control Policy Specifications.......................35 
2.3.5    Role Engineering......................................................................................................36 
2.4    Security and Privacy Policy Analysis and Specification...........................................................37 
2.4.1    Policy Specification Languages...............................................................................37
2.4.2    Security Policy Analysis...........................................................................................41 
2.4.3    Privacy Policy Analysis............................................................................................44 
2.5    Summary.....................................................................................................................................46 
Chapter 3    Formative Case Studies...............................................................................................48 
3.1    Security and Privacy Requirements Analysis Tool (SPRAT)...................................................49 
3.1.1    Methodology and Case Study Artifacts....................................................................50 
3.1.2    Lessons Learned.......................................................................................................52 
3.1.3    Results.......................................................................................................................61 
3.2    Transnational Digital Government (TDG).................................................................................62 
3.2.1    Methodology and Case Study Artifacts....................................................................63 
3.2.2    Lessons Learned.......................................................................................................64 
3.2.3    Results.......................................................................................................................69 
3.3    Summary.....................................................................................................................................70 
Chapter 4    Requirements-based Access Control Analysis and Policy Specification...............72 
4.1    Overview of ReCAPS.................................................................................................................73 
4.1.1    An ICOM Model of ReCAPS....................................................................................73 
4.1.2    Assumptions..............................................................................................................75 
4.1.3    Design Principles......................................................................................................75 
4.1.4    Activities....................................................................................................................76 
4.2    Analysis Process and Heuristics.................................................................................................78 
4.2.1    Preparation...............................................................................................................79 
4.2.2    Access Control Rule Identification & Specification................................................80 
4.2.2.1    Identifying Objects.................................................................................................84 
4.2.2.2    Identifying Subjects and Actions...........................................................................86 
4.2.2.3    Identifying Conditions............................................................................................92 
4.2.2.4    Identifying Obligations.........................................................................................102 
4.2.2.5    Summary...............................................................................................................104 
4.2.3    Access Control Rules Refinement...........................................................................104 
4.2.3.1    Identifying and Removing Redundancies............................................................105 
4.2.3.2    Identifying and Resolving Conflicts....................................................................107 
4.2.4    Grouping AC Rules into ACPs...............................................................................109 
4.2.5    Summary..................................................................................................................112 
4.3    Tool Support.............................................................................................................................113 
4.3.1    Overview.................................................................................................................113
4.3.2    ACP Specification Module.....................................................................................116 
4.3.3    Design and Implementation....................................................................................123 
4.4    Summary...................................................................................................................................124 
Chapter 5    Validation....................................................................................................................125 
5.1    Surry Arts Council (SAC) Web Enhancement........................................................................127 
5.1.1    Methodology and Case Study Artifacts..................................................................128 
5.1.2    Lessons Learned.....................................................................................................129 
5.1.3    Summary and Discussion.......................................................................................134 
5.2    NCSU College of Management Event Registration System...................................................136 
5.2.1    Methodology and Case Study Artifacts..................................................................137 
5.2.2    Lessons Learned.....................................................................................................139 
5.2.3    Summary and Discussion.......................................................................................147 
5.3    An Empirical Evaluation of ReCAPS......................................................................................149 
5.3.1    Experimental Method.............................................................................................150 
5.3.2    Results.....................................................................................................................157 
5.3.2.1    Quality of Access Control Policies......................................................................160 
5.3.2.2    Improvements to Source Documents...................................................................165 
5.3.2.3    Time Effort............................................................................................................166 
5.3.3    Summary and Discussion.......................................................................................168 
5.4    Summary...................................................................................................................................171 
Chapter 6 Conclusions....................................................................................................................173 
6.1    Chapter Synopsis......................................................................................................................174 
6.2    Summary of Contributions.......................................................................................................175 
6.3    Current Limitations and Plans for Future Work......................................................................178 
6.4    Conclusions...............................................................................................................................181 
Appendix A    Summary of ReCAPS Analysis Activities............................................................182 
Appendix B    Summary of ReCAPS Heuristics..........................................................................183 
Appendix C    Evolution of the ReCAPS Method........................................................................188 
C.1    ReCAPS Method Summary Version 1 (Pre-SPRAT).............................................................188 
C.2    ReCAPS Method Summary Version 2 (Pre-TDG).................................................................189 
C.3    ReCAPS Method Summary Version 3 (Pre-SAC).................................................................194 
C.4    ReCAPS Method Summary Version 4 (Pre-ERS)..................................................................202
Appendix D    Experimental Instrumentation for Empirical Study..........................................203 
D.1    NCSU Informed Consent Form for Research.........................................................................203 
D.2    ReCAPS Group Assignment Description and Worksheets....................................................205 
D.3    Control Group Assignment Description and Worksheets......................................................216 
Bibliography.....................................................................................................................................224",
}