• Publications
  • Influence
Security Requirements Engineering: A Framework for Representation and Analysis
TLDR
This paper presents a framework for security requirements elicitation and analysis. Expand
  • 420
  • 23
  • PDF
Policy Conflict Analysis in Distributed System Management
TLDR
We analyze the types of overlap that may occur between policies, and show that this analysis corresponds to several familiar types of policy conflict. Expand
  • 203
  • 12
A goal-based approach to policy refinement
TLDR
This work presents an approach by which a formal representation of a system, based on the event calculus, can be used in conjunction with abductive reasoning techniques to derive the sequence of operations that will allow a given system to achieve a desired goal. Expand
  • 192
  • 10
  • PDF
The role-based access control system of a European bank: a case study and discussion
TLDR
A case study of a role-based access control system of a major European Bank. Expand
  • 169
  • 6
  • PDF
A framework for organisational control principles
  • A. Schaad, J. Moffett
  • Computer Science
  • 18th Annual Computer Security Applications…
  • 9 December 2002
TLDR
This paper presents a framework in which organisational control principles can be formally expressed and analysed using the Alloy specification language and its constraint analysis tools. Expand
  • 79
  • 6
  • PDF
Policies Hierarchies for Distributed Systems Management
TLDR
The paper explores the refinement of general high-level policies into a number of more specific policies to form a policy hierarchy in which each policy in the hierarchy represents, to its maker, his plans to meet his objectives. Expand
  • 283
  • 5
  • PDF
A framework for security requirements engineering
TLDR
This paper presents a framework for security requirements elicitation and analysis, based upon the construction of a context for the system and satisfaction arguments for the security of the system. Expand
  • 170
  • 5
  • PDF
Observations on the role life-cycle in the context of enterprise security management
TLDR
We propose a life-cycle model that is based on an iterative-incremental process similar to those found in software development, based on our experiences and observations in enterprise security management. Expand
  • 106
  • 5
  • PDF
Control principles and role hierarchies
  • J. Moffett
  • Political Science, Computer Science
  • RBAC '98
  • 1 October 1998
TLDR
This paper examines the relationship between the inheritance properties of role hierarchies and control principles which are used in many large organisations: separation of duties; delegation; and supervision and review. Expand
  • 97
  • 5
The uses of role hierarchies in access control
TLDR
We use the concept of authority state, i.e., the set of fixed and variable policies and rules in the system which influence the Reference Monitor's access decisions. Expand
  • 82
  • 5
  • PDF