Enforcing a Security Pattern in Stakeholder Goal Models
Yijun Yu, Haruhiko Kaiya, Hironori Washizaki, Yingfei Xiong, Zhenjiang Hu, and
In Proc. of the 2008 ACM workshop on Quality of protection
(QoP'08), pp. 9-13, Alexandria, Virginia, USA, Oct. 2008.
Patterns are useful knowledge about recurring problems and
solutions. Detecting a security problem using patterns in
requirements models may lead to its early solution.
In order to facilitate early detection and resolution of security
problems, in this paper, we formally describe a role-based
access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our
goal-oriented modeling tool the formally described pattern
using model-driven queries and transformations. Applied to
a number of requirements models published in literature, the
tool automates the detection and resolution of the security
pattern in several goal-oriented stakeholder requirements.