{"title":"A Comparative Analysis of Access Control Policy Modeling Approaches","authors":"K. Kumari, T. Chithralekha","doi":"10.4018/jsse.2012100104","DOIUrl":null,"url":null,"abstract":"Access control policies (ACPs) characterize the high-level rules according to which the access control of a system is regulated. Generally they are defined separately from the functional requirements (FRs) of an application and added to the system as an afterthought after being built. But, many problems arose during the integration of ACPs and FRs. Hence, over the past years, researchers have suggested for the modifying the design phase to include an earlier focus on access control issues through various modeling techniques. This paper reviews the important approaches in ACP modeling and makes a comparative analysis of the advantages and limitations of those techniques especially in addressing complex ACPs. Based on the comparative analysis, this paper presents directions for further work needed in handling the intricate nature of today’s ACPs.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"108 1","pages":"65-83"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/jsse.2012100104","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
Access control policies (ACPs) characterize the high-level rules according to which the access control of a system is regulated. Generally they are defined separately from the functional requirements (FRs) of an application and added to the system as an afterthought after being built. But, many problems arose during the integration of ACPs and FRs. Hence, over the past years, researchers have suggested for the modifying the design phase to include an earlier focus on access control issues through various modeling techniques. This paper reviews the important approaches in ACP modeling and makes a comparative analysis of the advantages and limitations of those techniques especially in addressing complex ACPs. Based on the comparative analysis, this paper presents directions for further work needed in handling the intricate nature of today’s ACPs.
访问控制策略(Access control policy, acp)描述了对系统的访问控制进行调节的高级规则。通常,它们是与应用程序的功能需求(FRs)分开定义的,并在构建之后作为事后考虑添加到系统中。但是,在acp和fr的集成过程中出现了许多问题。因此,在过去的几年中,研究人员建议修改设计阶段,通过各种建模技术将早期的重点放在访问控制问题上。本文综述了ACP建模的主要方法,并对这些方法的优缺点进行了比较分析,特别是在处理复杂ACP时。在比较分析的基础上,本文提出了处理当今 acp复杂性质所需进一步工作的方向。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
