Enforcing a security pattern in stakeholder goal models

Yijun Yu, Haruhiko Kaiya, Hironori Washizaki, Yingfei Xiong, Zhenjiang Hu, Nobukazu Yoshioka
2008 Proceedings of the 4th ACM workshop on Quality of protection - QoP '08  
Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and
more » ... iven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements.
doi:10.1145/1456362.1456366 dblp:conf/ccs/YuKWXHY08 fatcat:5tzijfeidbg5llabpho3thishu