A Model-Driven Security Requirements Approach to Deduce Security Policies Based on OrBAC

2015 ◽  
pp. 150-169
Author(s):  
Denisse Muñante Arzapalo ◽  
Vanea Chiprianov ◽  
Laurent Gallon ◽  
Philippe Aniorté
Keyword(s):  
Security Requirements ◽  
Security Policies ◽  
Model Driven

scholarly journals A Method for Model-Driven Information Flow Security

2012 ◽  
pp. 199-229 ◽  
Author(s):  
Fredrik Seehusen ◽  
Ketil Stølen
Keyword(s):  
Software Development ◽  
Information Flow ◽  
System Architecture ◽  
Security Requirements ◽  
State Machines ◽  
Flow Properties ◽  
Information Flow Security ◽  
Software Developer ◽  
Model Driven ◽  
Secure Information

We present a method for software development in which information flow security is taken into consideration from start to finish. Initially, the user of the method (i.e., a software developer) specifies the system architecture and selects a set of security requirements (in the form of secure information flow properties) that the system must adhere to. The user then specifies each component of the system architecture using UML inspired state machines, and refines/transforms these (abstract) state machines into concrete state machines. It is shown that if the abstract specification adheres to the security requirements, then so does the concrete one provided that certain conditions are satisfied.

Policy Technologies for Security Management in Coalition Networks

2011 ◽  
pp. 750-776
Author(s):  
Seraphin B. Calo ◽  
Clare-Marie Karat ◽  
John Karat ◽  
Jorge Lobo ◽  
Robert Craven ◽  
...  
Keyword(s):  
Military Personnel ◽  
Security Management ◽  
Security Requirements ◽  
Security Policies ◽  
Technical Expertise ◽  
Policy Management ◽  
Level Control ◽  
Concrete System ◽  
Human In The Loop ◽  
High Level

The goal of policy-based security management is to enable military personnel to specify security requirements in terms of simple, intuitive goals. These goals are translated into the concrete system settings in a way that the system behaves in a consistent and desirable way. This technology minimizes the technical expertise required by military personnel and automates security management while allowing a high level control by the human in the loop. This chapter describes a framework for managing security policies, and an overview of two prototypes that simplify different aspects of policy management in the context of coalition operations.

An MDA Compliant Approach for Designing Secure Data Warehouses

2009 ◽  
pp. 495-503
Author(s):  
Rodolfo Villarroel ◽  
Eduardo Fernández-Medina ◽  
Juan Trujillo ◽  
Mario Piattini
Keyword(s):  
Real World ◽  
Conceptual Modeling ◽  
Security Requirements ◽  
Data Warehouses ◽  
Model Driven ◽  
Secure Data ◽  
Security Information ◽  
Target Platform ◽  
Compliant Approach ◽  
User Security

This chapter presents an approach for designing secure Data Warehouses (DWs) that accomplish the conceptual modeling of secure DWs independently from the target platform where the DW has to be implemented, because our complete approach follows the Model Driven Architecture (MDA) and the Model Driven Security (MDS). In most of real world DW projects, the security aspects are issues that usually rely on the DBMS administrators. We argue that the design of these security aspects should be considered together with the conceptual modeling of DWs from the early stages of a DW project, and being able to attach user security information to the basic structures of a Multidimensional (MD) model. In this way, we would be able to generate this information in a semi or automatic way into a target platform and the final DW will better suits the user security requirements.

An MDA Compliant Approach for Designing Secure Data Warehouses

2011 ◽  
pp. 261-272
Author(s):  
Villarroel Rodolfo ◽  
Fernández-Medina Eduardo ◽  
Trujillo Juan ◽  
Piattini Mario
Keyword(s):  
Real World ◽  
Conceptual Modeling ◽  
Security Requirements ◽  
Data Warehouses ◽  
Model Driven ◽  
Secure Data ◽  
Security Information ◽  
Target Platform ◽  
Compliant Approach ◽  
User Security

This chapter presents an approach for designing secure Data Warehouses (DWs) that accomplish the conceptual modeling of secure DWs independently from the target platform where the DW has to be implemented, because our complete approach follows the Model Driven Architecture (MDA) and the Model Driven Security (MDS). In most of real world DW projects, the security aspects are issues that usually rely on the DBMS administrators. We argue that the design of these security aspects should be considered together with the conceptual modeling of DWs from the early stages of a DW project, and being able to attach user security information to the basic structures of a Multidimensional (MD) model. In this way, we would be able to generate this information in a semi or automatic way into a target platform and the final DW will better suits the user security requirements.

scholarly journals Industrial control systems: The biggest cyber threat

2020 ◽  
Vol 4 (1) ◽  
pp. 044-046
Author(s):  
Beretas Christos P
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Security Policy ◽  
Security Requirements ◽  
Security Policies ◽  
Western World ◽  
Control Analysis ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Cyber Threats

Industrial control systems (ICS) are critical, as in these systems, cyber threats have the potential to affect, disorganize, change their mode of operation, act as an information extraction vehicle, and ultimately turn against itself. Creating risks to the system itself, infrastructure, downtime, leakage of sensitive data, and even loss of human life. Industrial control systems (ICS) are vital to the operation of all the modern automated infrastructure in the western world, such as power plant and power stations. Industrial control systems (ICS) differ from the traditional information systems and infrastructures of organizations and companies, a standard cyber security strategy cannot be implemented but part of it adapting to the real facts and needs of each country, legislation and infrastructure. These systems require continuous operation, reliability and rapid recovery when attacked electronically with automated control, isolation and attack management processes. Incorrect settings and lack of strategic planning can lead to unprotected operation of critical installations, as they do not meet the cyber security requirements. Industrial control systems (ICS) require special protection in their networks, as they should be considered vulnerable in all their areas, they need protection from cyber attacks against ICS, SCADA servers, workstations, PLC automations, etc. Security policies to be implemented should provide protection against cyber threats, and systems recovery without affecting the operation and reliability of operating processes. Security policies such as security assessment, smart reporting, vulnerability and threat simulation, integrity control analysis, apply security policy to shared systems, intrusion detection and prevention, and finally firewall with integrated antivirus and sandbox services should be considered essential entities.

E-Health Project Implementation

2010 ◽  
pp. 281-286
Author(s):  
Konstantinos Siassiakos ◽  
Athina Lazakidou
Keyword(s):  
Security Requirements ◽  
Security Policies ◽  
Enterprise Management ◽  
Security Measures ◽  
Ethical Challenges ◽  
Privacy And Security ◽  
Health Project ◽  
Enterprise Level ◽  
The Right ◽  
And Control

Privacy includes the right of individuals and organizations to determine for themselves when, how and to what extent information about them is communicated to others. The growing need of managing large amounts of medical data raises important legal and ethical challenges. E-Health systems must be capable of adhering to clearly defined security policies based upon legal requirements, regulations and standards while catering for dynamic healthcare and professional needs. Such security policies, incorporating enterprise level principles of privacy, integrity and availability, coupled with appropriate audit and control processes, must be able to be clearly defined by enterprise management with the understanding that such policy will be reliably and continuously enforced. This chapter addresses the issue of identifying and fulfilling security requirements for critical applications in the e-health domain. In this chapter the authors describe the main privacy and security measures that may be taken by the implementation of e-health projects.

Sign in / Sign up

Export Citation Format

Share Document