For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Secure Access of Products in a Process Environment
Shih-Chien CHOU Chia-Wei LAI
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2005/02/01
Print ISSN: 0916-8532
Type of Manuscript: PAPER
Category: Software Engineering
software process, process-centered software engineering environment (PSEE), access control, access control list, security,
Full Text: PDF>>
Process-centered software engineering environments (PSEEs) facilitate controlling software processes. Many issues related to PSEEs such as process evolution support have been addressed. We identify an unsolved issue, which is preventing information leakage when the process is being enacted. We developed a model called PsACL for the prevention. This paper proposes PsACL, which offers the following features: (a) controlling both read and write access of software products, (b) preventing indirect information leakage, (c) managing role associations, (d) managing role hierarchies, (e) enforcing static and simple dynamic separation-of-duty constraints, (f) allowing declassification of products, and (g) allowing access control information exchange among software processes.