{"title":"An Organization-Driven Approach for Enterprise Security Development and Management","authors":"Lirong Dai, Yan Bai","doi":"10.1109/SSIRI.2011.25","DOIUrl":null,"url":null,"abstract":"Enterprises security is a complex problem. Pure technology-driven development methods are not sufficient to solve a broad range of enterprise security issues. This paper analyzes the complexity of enterprise security and proposes an organization-driven approach for the problem. The approach combines a set of Unified Modeling Language-based approaches to bridge the gap between enterprise security architecture models and security application development models. It allows an enterprise to coordinate security resources from an enterprise point of view, and develop security applications systematically and efficiently. A comprehensive case study is conducted to illustrate the approach. The study shows through the refinement of enterprise security goals, both software goals and software requirements for a security application can be obtained. In particular, a security application is built to support the specification and automated verification of separation of duty access policies using the Object Constraint Language and formal method Alloy.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSIRI.2011.25","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Enterprises security is a complex problem. Pure technology-driven development methods are not sufficient to solve a broad range of enterprise security issues. This paper analyzes the complexity of enterprise security and proposes an organization-driven approach for the problem. The approach combines a set of Unified Modeling Language-based approaches to bridge the gap between enterprise security architecture models and security application development models. It allows an enterprise to coordinate security resources from an enterprise point of view, and develop security applications systematically and efficiently. A comprehensive case study is conducted to illustrate the approach. The study shows through the refinement of enterprise security goals, both software goals and software requirements for a security application can be obtained. In particular, a security application is built to support the specification and automated verification of separation of duty access policies using the Object Constraint Language and formal method Alloy.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
