Incorporating access and flow control policies in requirements engineering

Posted on:2005-06-03

Degree:Ph.D

Type:Dissertation

University:George Mason University

Candidate:Alghathbar, Khaled S

Full Text:PDF

GTID:1458390008498482

Subject:Computer Science

Abstract/Summary:

Access and flow control policies have not been well integrated into functional specifications throughout the software development life cycle. Access and flow control policies, and security in general, are generally considered to be non-functional requirements that are difficult to express, analyze, and test. Ignoring non-functional requirements during the early development process results in low-quality, inconsistent software, dissatisfied stakeholders, and extra time and cost to re-engineer. Therefore, integrating security with other functional requirements as early as possible during the software life cycle improves the security of the software and reduces the cost of maintenance.; The main focus of this dissertation is to incorporate both access and flow control policies with other functional requirements during the requirements specification and analysis phases of the software development life cycle. I have developed a unified representation language and formal verification frameworks for both access and flow control policies. As the Unified Modeling Language (UML) is the de facto standard modeling language, I extended it with the necessary elements to represent access and flow control policies. This extension addresses what others have not addressed, such as the representation and modeling of dynamic access and flow control policies, negative authorizations, and inherited authorizations.; I developed AuthUML, a framework, based on logic programming, that analyzes access control requirements in the requirements phase to ensure that they are consistent, complete, and conflict-free. The framework is a customized version of Flexible Access Framework (FAF) of Jajodia et al. and it is suitable for UML-based requirements engineering. It analyzes access control policies at two different levels: Use Cases and conceptual operations.; For the analysis of information flow control policies, I developed FlowUML, a logic-based system that verifies the proper enforcement of information flow control policies the requirements specification phase of UML-based designs. FlowUML uses logic programming to verify the compliance of information flow control requirements with information flow polices.; Finally, because of the overlap of access and flow control policies, I integrated the analysis of both policies into one framework that reduces redundant process, provides more useful analysis information, and improves overall analysis in general.

Keywords/Search Tags:

Flow control policies, Requirements, Life cycle, Software, Framework

Related items

1	The Design And Analysis Of Software Requirements Management System
2	The Design And Research Of Life Cycle Evaluation Software Based On WEB
3	Telecom Crm Software Project The Requirements Management Research
4	The Design And Implementation Of Software Requirement Management System
5	The Design And Implementation Of Inner Mongolia Mobile Requirements Life Cycle System
6	The Appliance Of The Software Engineering Theory In The PC Security Project
7	A Conceptual Framework Of Trust Building: Analyzing Antecedents Of Initial Trust In Software Development Life Cycle
8	Design And Implementation Of Car Life Cycle Evaluation Platform
9	Research On The Operation And Maintenance Cost Control Of Communication Engineering Projects Under The View Of Full Life Cycle
10	Research And Application Of The Electric Power Material Management Based On Life-cycle Management