Secure Access of Products in a Process Environment

Shih-Chien CHOU  Chia-Wei LAI  

IEICE TRANSACTIONS on Information and Systems   Vol.E88-D   No.2   pp.197-203
Publication Date: 2005/02/01
Online ISSN: 
DOI: 10.1093/ietisy/e88-d.2.197
Print ISSN: 0916-8532
Type of Manuscript: PAPER
Category: Software Engineering
software process,  process-centered software engineering environment (PSEE),  access control,  access control list,  security,  

Full Text: PDF>>
Buy this Article

Process-centered software engineering environments (PSEEs) facilitate controlling software processes. Many issues related to PSEEs such as process evolution support have been addressed. We identify an unsolved issue, which is preventing information leakage when the process is being enacted. We developed a model called PsACL for the prevention. This paper proposes PsACL, which offers the following features: (a) controlling both read and write access of software products, (b) preventing indirect information leakage, (c) managing role associations, (d) managing role hierarchies, (e) enforcing static and simple dynamic separation-of-duty constraints, (f) allowing declassification of products, and (g) allowing access control information exchange among software processes.