Lianshan Sun,Gang Huang

DOI: https://doi.org/10.1016/j.sysarc.2010.11.001

IF: 5.836

2011-01-01

Journal of Systems Architecture

Abstract:Access control is a common concern in most software applications. In component-based systems, although developers can implement access control requirements (ACRs) by simply declaring role-based access control configurations (ACCs) of components, it is still difficult for them to define and evolve ACCs accurately implementing ACRs due to the gap between the complex high-level ACRs and the voluminous ACCs enforced by underlying middleware platforms, and the ad hoc mistakes of human. This paper introduces and clarifies the concept of accuracy of ACCs relative to ACRs, and presents a set of metrics and algorithms which can be used to automatically evaluate and improve accuracy of ACCs by evaluating and reconfiguring the software architecture with ACCs. We apply our achievements in a composed e-shop application.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

Bo Wang,Wei Zhang,Haiyan Zhao,Zhi Jin,Hong Mei

DOI: https://doi.org/10.1109/RE.2009.15

2009-01-01

Abstract:In the research of software reuse, feature models have been widely adopted to organize the requirements of a set of applications in a software domain. However, there still lacks an effective approach to minimizing analysts’ participation in feature models’ construction. In this paper, we propose a use case based semi-automatic approach to the construction of feature models. The basic idea of this approach is to first construct a set of feature models for individual applications(called application feature models, AFMs) in a software domain, then adjust, and merge the set of AFMs to form a feature model for this domain (called a domain feature model, DFM). The main characteristic of this approach is that it provides a set of rules and algorithms to make the construction of AFMs (from use cases) and the construction of DFMs (by merging a set of AFMs) be carried out automatically. A running example is used to illustrate the main characteristic and the feasibility of this approach.

Jason Crampton,Charles Morisset

DOI: https://doi.org/10.48550/arXiv.1204.2342

2014-07-31

Abstract:There have been many proposals for access control models and authorization policy languages, which are used to inform the design of access control systems. Most, if not all, of these proposals impose restrictions on the implementation of access control systems, thereby limiting the type of authorization requests that can be processed or the structure of the authorization policies that can be specified. In this paper, we develop a formal characterization of the features of an access control model that imposes few restrictions of this nature. Our characterization is intended to be a generic framework for access control, from which we may derive access control models and reason about the properties of those models. In this paper, we consider the properties of monotonicity and completeness, the first being particularly important for attribute-based access control systems. XACML, an XML-based language and architecture for attribute-based access control, is neither monotonic nor complete. Using our framework, we define attribute-based access control models, in the style of XACML, that are, respectively, monotonic and complete.

Cryptography and Security,Logic in Computer Science

Wei Zhang,Hong Mei,Haiyan Zhao

DOI: https://doi.org/10.1109/RE.2005.6

2005-01-01

Abstract:There are many researches on requirements dependencies. However, most of them limit their views to the requirements phase of software development, few focus on the roles of requirements dependencies in the solution space of software. This paper presents a feature-oriented approach to modeling requirements dependencies. A feature is a set of tight-related requirements from user/customer-views. The featureorientation provides a modular way to organize requirements and a proper granularity to analyze requirements dependencies. In this approach, we care about not only static feature dependencies (i.e. refinements and constraints), but also feature dependencies at the specification level (namely influences) and, furthermore, dynamic feature dependencies (namely interactions). Moreover, we also explore the underlying connections between these four kinds of feature dependency. By this way, this approach gives a more complete view of how requirements dependencies influence the whole process of software development.

Lirong Dai,Kendra Cooper

DOI: https://doi.org/10.1109/SNPD-SAWN.2005.54

2005-01-01

Abstract:The problem of effectively designing and analyzing software system to meet its nonfunctional requirements such as performance, security, and adaptability is critical to the system's success. The significant benefits of such work include detecting and removing defects earlier, reducing development time and cost while improving the quality. The formal design analysis framework (FDAF) is an aspect-oriented approach that supports the design and analysis of non-functional requirements for distributed, real-time systems. In the FDAF, nonfunctional requirements are defined as reusable aspects in the repository and the conventional UML has been extended to support the design of these aspects. FDAF supports the automated translation of extended, aspect-oriented UML designs into existing formal notations, leveraging an extensive body of formal methods work. In this paper, the design and analysis of response time performance aspect is described. An example system, the ATM/banking system has been used to illustrate this process.

H Mei,W Zhang,F Gu

DOI: https://doi.org/10.1109/cmpsac.2003.1245350

2003-01-01

Abstract:Getting a proper set of reusable requirements is an important milestone for successful software product line (SPL) practice. But modeling SPL requirements is usually more complex and difficult than modeling requirements for individual applications because it often involves systematically exploring commonality and variation across a set of applications. This paper presents a feature-oriented approach to modeling and reusing SPL requirements. A framework of the feature model is first proposed from five aspects, namely, basic structure, variation representation mechanism, variation binding time, variation constraint mechanism and quality feature analysis. Then, a customization-based reusing method is suggested, and a feature-oriented domain modeling method (FODM) is presented, including a concrete form of the feature model and a modeling process for it. At the end, a case study of a real domain is used to validate the feature model framework and demonstrate FODM.

Xf Mi,T Min,Jx Dong

DOI: https://doi.org/10.1109/cscwd.2002.1047687

2003-01-01

Abstract:Feature is the fundamental design unit in modern solid modeling systems, and this makes a well defined feature interface a matter of concernment in the component based distributed modeling environment. This paper introduces a feature based modeling service framework and proposes an interface model of feature based modeling service toward such a modeling environment, including support of remote feature attachment and semantic maintenance. A prototype based feature interface definition strategy using procedural attaching and declarative validation mechanism is discussed and how the interface model tackles with the problems in distributed environment, such as locality transparently model reusing, is also explained.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

Lianshan Sun,Gang Huang,Yanchun Sun,Hui Song,Hong Mei

DOI: https://doi.org/10.1109/qsic.2008.4

2008-01-01

Abstract:Access control of sensitive resources is a widely used means to achieve information security. When building large-scale systems based on popular commercial component middleware, such as J2EE, a usual way to enforce access control is to define access control configurations for components in a declarative manner. These configurations can be interpreted by the J2EE security service to grant or deny access requests to components. However, it is difficult for the developers to define correct access control configurations according to complex and sometimes ambiguous real-world access control requirements. The difficulties come from mainly the complexity of configuring voluminous component methods in large-scale component based systems and some quality constraints on the configurations, for example, the completeness, consistency and performance overhead of configurations. In this paper, we propose a requirements model driven approach for automatic generation of J2EE access control configurations and demonstrate the approach in a J2EE blueprint application.

Kun Chen,Wei Zhang,Haiyan Zhao,Hong Mei

DOI: https://doi.org/10.1109/RE.2005.9

2005-01-01

Abstract:Feature models have been widely adopted in software reuse to organize the requirements of a set of similar applications in a software domain/product-line. However, in most feature-oriented methods, the construction of feature models heavily depends on the domain analysts驴 personal understanding, and the work of constructing feature models from the original requirements of sample applications is often tedious and ineffective. This paper proposes a semi-automatic approach to constructing feature models based on requirements clustering, which automates the activities of feature identification, organization and variability modeling to a great extent. The underlying idea of this approach is to analyze the relationships between individual requirements and cluster tightrelated requirements into features. With the automatic support of this approach, good-quality feature models can be constructed in a more effective way. A case study is also provided to show the feasibility of this approach.

Kamrun Nahar,Asif Qumer Gill,Terry Roach

DOI: https://doi.org/10.1002/spy2.160

2021-03-23

Security and Privacy

Abstract:Abstract There is an increasing interest in embedding the security in the design of digital enterprise architecture (EA) modeling platform to secure the digital assets. Access control management (ACM) is one of the key aspects of a secure digital enterprise architecture modeling platform design. Typical enterprise architecture modeling approaches mainly focus on the modeling of business, information, and technology elements. This draws our attention to this important question: how to model ACM for a secure digital EA modeling platform to ensure secure access to digital assets? This article aims to address this important research question in collaboration with our industry partner and developed an ontology‐based ACM metamodel that can be used by enterprises to model their ACM for a particular situation. This research has been conducted using the well‐known action‐design research (ADR) method to develop and evaluate the ACM metamodel for the secure digital EA modeling platform.

Y. X. Feng,B. Zheng,J. R. Tan,Z. Wei

DOI: https://doi.org/10.1007/s00170-008-1381-0

IF: 3.563

2008-01-01

The International Journal of Advanced Manufacturing Technology

Abstract:Product customization has been recognized as an effective means to implement mass customization (MC). Aiming at the shortcomings of the current methods in information capturing and describing, the general requirement modeling method for product configuration in MC mode is proposed. The detailed definition of the general requirement concept is put forward from several angles, including the time dimension, space dimension, feature dimension, etc., and the requirement information cell (RIC) method which fits the description of the general requirement information for the MC domain is also presented. Then, the formalized expressive framework of the RIC is given and the general requirement hierarchical model and correlative model of MC based on RIC is discussed. According to the application result, the formalized describing method of general requirement for MC has effectively supported the reuse of domain knowledge in the requirement modeling process for product configuration, as well as improved the standardization and intelligence of requirement information expression. This method’s utility, flexibility, and reliability has been verified through its application to the development of practical products.

Ran Yang,Chuang Lin,Fujun Feng

DOI: https://doi.org/10.4304/jcp.4.6.510-518

2009-01-01

Journal of Computers

Abstract:Access control is one of the most important technologies to guarantee computer security. A new model with support for valid time and usage constraint is described based on full analysis of flaws in existing models. In the new model, authorization rules can express access control policies completely and access constraints are necessary conditions to prevent authorization abuse. To solve the problems in implementation of the model, a sound scheme for administration of authorizations is proposed and some access decision algorithms are developed.

Hailong Li,Jinxiang Dong,Min Tang,Zaixing He

DOI: https://doi.org/10.1117/12.217458

1995-01-01

Abstract:The design information provided by feature based modeling facilitates bridging the gap between engineering design and manufacturing. This paper, based on the feature modeling system ZD_MCADII, introduces the function requirements and general architecture of a modern CAD system, and proposes a scheme of combining geometric modeling with feature modeling, and combining feature based design with feature recognition. It also offers an approach of implementing feature edition and feature library based on spatial constraints.

Gang Liu,Lu Fang,Quan Wang,Xiaoqian Qi,Juan Cui,Jiayu Liu

DOI: https://doi.org/10.1007/978-3-030-15093-8_4

2018-01-01

Abstract:In information systems where there are a large number of different resources and the resource attributes change frequently, the security, reliability and dynamics of access permissions should be guaranteed. The changing raises security concerns related to authorization, and access control, but existing access control models are difficult to meet practical requirements. In this paper, a resource and attribute based access control model named RA-BAC was proposed. The model bases on attribute-based access control (ABAC) and links access control policy with resource, and redefines the access control rules. Besides, we compare RA-BAC and ABAC from the perspective of theory and simulation experiment respectively to show the advantage of RA-BAC model. We give a detailed analysis combining with instances to show the practicability of the RA-BAC model. RA-BAC solves the problems of policy conflict and policy library expansion in the ABAC model when there are too many resources and the attributes of resources are changed frequently in the system. Using RA-BAC model in system can makes permission query efficient and reduce workload of the system administrator of managing the policy library.

DY Liu,H Mei

DOI: https://doi.org/10.3321/j.issn:0479-8023.2004.03.007

2004-01-01

Abstract:Requirements engineering and software architecting are two key activities in software life cycle. Researchers have paid much attention to the mapping and transformation from requirements to software architecture, but there's still lack of effective solutions. In this paper, we analyze the inadequacy of traditional mapping solutions for this challenge (such as solutions adopted in structured method and OO method), and further propose a feature-oriented mapping approach. The rationale and guidelines for this approach are presented, and the approach is illustrated by an example of bank account and transaction (BAT) system.

Yi Liu,Zhiyi Ma,Weizhong Shao

DOI: https://doi.org/10.1109/apsec.2010.21

2010-01-01

Abstract:Model Driven Development views application development as a continuous transformation of models of the target system. However, non-functional requirements, which are important for building user-satisfied software systems and have impacts on the software design, are not sufficiently considered in current MDD methods. This paper proposes an approach to modeling non-functional requirements, analyzing their impacts to the design and making a complement to the original design models for the MDD methods. First, existing UML models of the application’s functional properties are taken as an input of the NFR modeling process, and with a NFR repository, the NFRs are refined and operationalized. Then based on the analysis result, modeling constructs are created to implement them, and the original UML models are reversely augmented by the result of NFR modeling. In particular, a metamodel is proposed to model the new constructs and facilitate the integration process. With this approach, we can finally get an integrated design model considering both functional requirements and non-functional requirements. The feasibility of the proposed approach is illustrated with an example of the design of a simplified credit card system.

张伟,梅宏

2003-01-01

Journal of Software

Abstract:The feature model has been widely adopted as a domain requirements capturing model by most of the current domain engineering methods. But these methods lack a well formatted framework for the feature models which they use. This has led to the redundancy and confusion in feature model representation between different domain engineering methods, and has made domain analysts difficult to built feature models effectively in practice. In this paper, a uniform framework of feature model is presented from the aspects of basic structure, variability representation and constraint mechanism, and variability binding time. A concrete form of this abstract framework is also given based on the different type of features existing in requirements (service, use case, function, and behavior characteristic), and the relationship among them. Then, combining with a real software domain, the modeling process of the feature model is discussed systematically. This approach will be beneficial to successful domain modeling practices.

Michael Stieghahn,Thomas Engel

DOI: https://doi.org/10.48550/arXiv.1006.4555

2010-06-23

Cryptography and Security

Abstract:Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for example confidentiality or secrecy, are often defined in the eXtensible Access Control Markup Language that promotes interoperability between different systems. In this paper, we show the necessity of incorporating the requirements of legislation into access control. Based on the work flow in a banking scenario we describe a variety of available contextual information and their interrelations. Different from other access control systems our main focus is on law-compliant cross-border data access. By including legislation directly into access decisions, this lawfulness can be ensured. We also describe our information model to demonstrate how these policies can be implemented into an existing network and how the components and contextual information interrelate. Finally, we outline an event flow for a request made from a remote user exemplifying how such a system decides about access.