Skip to main content
SpringerLink
Log in

Conviviality-driven access control policy

  • Original Article
  • Published:
Requirements Engineering Aims and scope Submit manuscript

Abstract

Nowadays many organizations experience security incidents due to unauthorized access to information. To reduce the risk of such incidents, security policies are often employed to regulate access to information. Such policies, however, are often too restrictive, and users do not have the rights necessary to perform assigned duties. As a consequence, access control mechanisms are perceived by users as a barrier and thus bypassed, making the system insecure. In this paper, we draw a bridge between the social concept of conviviality and access control. Conviviality has been introduced as a social science concept for ambient intelligence and multi-agent systems to highlight soft qualitative requirements like user-friendliness of systems. To bridge the gap between conviviality and security, we propose a methodological framework for updating and adapting access control policies based on conviviality recommendations. Our methodology integrates and extends existing techniques to assist system designers in the derivation of access control policies from socio-technical requirements of the system, while taking into account the conviviality of the system. We illustrate our framework using the Ambient Assisted Living use case from the HotCity of Luxembourg.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. Note that the terms “cycle” and “coalition” represent two distinct realities. Keeping the terms different is consistent to the domains they belong to: a coalition describes a set of agents and comes from agents domains and game theory, while cycle is a graph-theoretical term. The dependence relations among agents participating to a coalition can be analyzed in terms of coalitions, not cycles—which would not mean anything. Furthermore, we count the cycles in the graph; counting coalitions would be inexact, as such a term does not exist in graph theory. Nonetheless, there exists a relation between two terms: cycles identified in a dependence network are considered as coalitions.

  2. Note that a dependency dep in DN can be seen as a particular case of dependency dyndep in DDN.

  3. Note that OR decomposition may lead to alternative sets of resources that may be needed to achieve a goal. For the sake of simplicity, we do not address this issue here and refer to [47] for detail.

  4. http://www.kevoree.org

References

  1. Ackerman M (1999) Usability and security. In: Proceedings of the network and distributed system security symposium. The Internet Society

  2. Asnar Y, Li T, Massacci F, Paci F (2011) Computer aided threat identification. In: Proceedings of 13th IEEE conference on commerce and enterprise computing, pp. 145–152. IEEE

  3. Basin D, Doser J, Lodderstedt T (2006) Model driven security: from uml models to access control infrastructures. ACM Trans Softw Eng Methodol 15(1):39–91

    Article  Google Scholar 

  4. Baxter G, Sommerville I (2011) Socio-technical systems: from design methods to systems engineering. Interact Comput 23(1):4–17

    Article  Google Scholar 

  5. Bertino E, Squicciarini AC, Martino L, Paci F (2006) An adaptive access control model for web services. Int J Web Serv Res 3(3):27–60

    Article  Google Scholar 

  6. Boehm B, Egyed A (1998) Software requirements negotiation: some lessons learned. In: Proceedings of the 20th international conference on software engineering. IEEE, pp. 503–506

  7. Boella G, Sauro L, van der Torre LWN (2004) Social viewpoints on multiagent systems. In: AAMAS. IEEE Computer Society, pp. 1358–1359

  8. Boella G, van der Torre L, Villata S (2009) Four ways to change coalitions: agents, dependencies, norms and internal dynamics. In: Proceedings of the 2nd multi-agent logics, languages, and organisations federated workshops, CEUR Workshop Proceedings, vol. 494. CEUR-WS.org

  9. Bonzon E, Lagasquie-Schiex MC, Lang J (2009) Dependencies between players in boolean games. Int J Approx Reason 50(6):899–914

    Article  MathSciNet  MATH  Google Scholar 

  10. Braz C, Seffah A, M’Raihi D (2007) Designing a trade-off between usability and security: a metrics based-model. In: Baranauskas C, Palanque P, Abascal J, Diniz Junqueira Barbosa S (eds) Human–computer interaction—INTERACT 2007, LNCS 4663. Springer, Berlin, pp. 114–126

  11. Bresciani P, Giorgini P, Giunchiglia F, Mylopoulos J, Perini A (2004) TROPOS: An agent-oriented software development methodology. Auton Agent Multi Agent Syst 8(3):203–236

    Article  Google Scholar 

  12. Bryl V, Massacci F, Mylopoulos J, Zannone N (2006) Designing security requirements models through planning. In: Proceedings of 18th international conference on advanced information systems engineering, LNCS 4001. Springer, Berlin, pp. 33–47

  13. Bryl V, Giorgini P, Mylopoulos J (2009) Designing socio-technical systems: from stakeholder goals to social networks. Requir Eng 14(1):47–70

    Article  Google Scholar 

  14. Caire P (2010) New tools for conviviality: masks, norms, ontology, requirements and measures. Ph.D. thesis, Luxembourg University, Luxembourg

  15. Caire P, van der Torre L (2009) Convivial ambient technologies: requirements, ontology and design. Comput J 53(8):1229–1256

    Article  Google Scholar 

  16. Caire P, van der Torre L (2009) A conviviality measure for early requirement phase of multiagent system design. In: Normative multiagent systems, no. 09121 in Dagstuhl seminar proceedings. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany

  17. Caire P, van der Torre L (2009) Temporal dependence networks for the design of convivial multiagent systems. In: Proceedings of the 8th international joint conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp. 1317–1318

  18. Caire P, Villata S, Boella G, van der Torre L (2008) Conviviality masks in multiagent systems. In: Proceedings of the 7th international joint conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp. 1265–1268

  19. Caire P, Villata S, Boella G, van der Torre L (2008) Conviviality masks in multiagent systems. In: Proceedings of the 7th international joint conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp. 1265–1268

  20. Caire P, Alcade B, van der Torre L, Sombattheera C (2011) Conviviality measures. In: Proceedings of the 10th international joint conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp. 895–902

  21. Caire P, Bikakis A, Efthymiou V (2012) Conviviality by design. In: Proceedings of symposium on social computing—social cognition—social networks and multiagent systems

  22. Castelfranchi C (2003) The micro-macro constitution of power. Protosociology 18:208–269

    Google Scholar 

  23. Cormen TH, Leiserson CE, Rivest RL, Stein C (2001) Introduction to algorithms. 2nd edn. The MIT Press, Cambridge, MA

    MATH  Google Scholar 

  24. Crook R, Ince D, Nuseibeh B (2003) Modelling access policies using roles in requirements engineering. Inf Softw Technol 45(14):979–991

    Article  Google Scholar 

  25. Damen S, Zannone N (2013) Privacy implications of privacy settings and tagging in facebook. In: Proceedings of the 10th VLDB workshop on secure data management. Springer, Berlin

  26. Damianou N, Dulay N, Lupu E, Sloman M (2001) The ponder policy specification language. In: Proceedings of the international workshop on policies for distributed systems and networks, LNCS 1995. Springer, Berlin, pp. 18–38

  27. Dardenne A, van Lamsweerde A, Fickas S (1993) Goal-directed requirements acquisition. In: Proceedings of the 6th international workshop on software specification and design. Elsevier, Amsterdam, pp. 3–50

  28. Efthymiou V, Caire P (2012) Diagram analysis report: use cases for conviviality and privacy in ambient intelligent systems. University of Luxembourg, SnT, Luxembourg

    Google Scholar 

  29. Elahi G, Yu ESK (2009) Modeling and analysis of security trade-offs—a goal oriented approach. Data Knowl Eng 68(7):579–598

    Article  Google Scholar 

  30. Elahi G, Yu ESK, Zannone N (2010) A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requir Eng 15(1):41–62

    Article  Google Scholar 

  31. Emerson R (1962) Power-dependence relations. Am Sociol Rev 27:31–41

    Article  Google Scholar 

  32. eXtensible Access Control Markup Language (XACML) (2012) Version 3.0. OASIS Standard, OASIS. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf

  33. Flechais I, Sasse MA, Hailes SMV (2003) Bringing security home: a process for developing secure and usable systems. In: Proceedings of the 2003 workshop on new security paradigms. ACM, pp. 49–57

  34. Flechais I, Mascolo C, Sasse MA (2007) Integrating security and usability into the requirements and design process. Int J Electron Secur Digit Forensic 1(1):12–26

    Article  Google Scholar 

  35. Frankl PG, Weyuker EJ (2000) Testing software to detect and reduce risk. J Syst Softw 53(3):275–286

    Article  Google Scholar 

  36. Fuxman A, Liu L, Mylopoulos J, Roveri M, Traverso P (2004) Specifying and analyzing early requirements in Tropos. Requir Eng 9(2):132–150

    Article  Google Scholar 

  37. Giorgini P, Massacci F, Mylopoulos J, Zannone N (2005) Modeling security requirements through ownership, permission and delegation. In: Proceedings of the 13th IEEE international conference on requirements engineering. IEEE Computer Society, pp. 167–176

  38. Giorgini P, Massacci F, Mylopoulos J, Zannone N (2006) Requirements engineering for trust management: model, methodology, and reasoning. Int J Inf Secur 5(4):257–274

    Article  Google Scholar 

  39. Gutmann P, Grigg I (2005) Security usability. Secur Priv IEEE 3(4):56–58

    Article  Google Scholar 

  40. Healthcare Information Technology Standards Panel (HITSP) (2008) Emergency responder electronic health record interoperability specification (IS04), Version 2.0

  41. Illich I (1974) Tools for conviviality. Marion Boyars Publishers, London

    Google Scholar 

  42. Jureta IJ, Mylopoulos J, Faulkner S, Schobbens PY (2007) Core ontology for requirements engineering. Technical report, Information Management Research Unit, University of Namur

  43. Kazman R, Klein M, Barbacci M, Longstaff T, Lipson H, Carriere J (1998) The architecture tradeoff analysis method. In: Proceedings of the 4th IEEE international conference on engineering of complex computer systems. IEEE Computer Society, pp. 68–78

  44. Koller D, Milch B (2003) Multi-agent influence diagrams for representing and solving games. Games Econ Behav 45(1):181–221

    Article  MathSciNet  MATH  Google Scholar 

  45. Liu L, Yu ESK, Mylopoulos J (2003) Security and privacy requirements analysis within a social setting. In: Proceedings of 11th IEEE international requirements engineering conference. IEEE Computer Society, pp. 151–161

  46. Lymberopoulos L, Lupu E, Sloman M (2003) An adaptive policy-based framework for network services management. J Netw Syst Manag 11:277–303

    Article  Google Scholar 

  47. Massacci F, Zannone N (2008) A model-driven approach for the specification and analysis of access control policies. In: Proceedings of OTM confederated international conferences, LNCS 5332. Springer, Berlin, pp. 1087–1103

  48. Massacci F, Mylopoulos J, Zannone N (2006) Hierarchical hippocratic databases with minimal disclosure for virtual organizations. VLDB J 15(4):370–387

    Article  Google Scholar 

  49. Massacci F, Mylopoulos J, Zannone N (2007) Computer-aided support for secure tropos. Autom Softw Eng 14(3):341–364

    Article  Google Scholar 

  50. Massacci F, Mylopoulos J, Zannone N (2007) An ontology for secure socio-technical systems. In: Rittgen P (ed) Handbook of ontologies for business interaction. IDEA Group, USA, pp. 188–207

  51. Massacci F, Mylopoulos J, Zannone N (2009) Minimal disclosure in hierarchical hippocratic databases with delegation. In: Proceedings of 10th European symposium on research in computer security, LNCS 3679. Springer, Berlin, pp. 438–454

  52. Massacci F, Mylopoulos J, Zannone N (2010) Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Ras ZW, Tsay LS (eds) Advances in intelligent information systems, studies in computational intelligence, vol. 265. Springer, Berlin, pp. 147–174

  53. Montali M, Torroni P, Zannone N, Mello P, Bryl V (2011) Engineering and verifying agent-oriented requirements augmented by business constraints with B-Tropos. Auton Agent Multi Agent Syst 23(2):193–223

    Article  Google Scholar 

  54. Morin B, Mouelhi T, Fleurey F, Le Traon Y, Barais O, Jézéquel JM (2010) Security-driven model-based dynamic adaptation. In: Proceedings of the IEEE/ACM international conference on automated software engineering. ACM, pp. 205–214

  55. NeOn: NeOn Toolkit. http://neon-toolkit.org/

  56. Ray I (2005) Applying semantic knowledge to real-time update of access control policies. IEEE Trans Knowl Data Eng 17(6):844–858

    Article  Google Scholar 

  57. Ray I, France R, Li N, Georg G (2004) An aspect-based approach to modeling access control concerns. Inf Softw Technol 46:575–587

    Article  Google Scholar 

  58. Rinderle-Ma S, Reichert M (2007) A formal framework for adaptive access control models. J Data Semant IX, 82–112

  59. Ruscio DD, Muccini H, Pierantonio A, Pelliccione P (2006) Towards weaving software architecture models. In: Proceedings of international workshop on model-based development of computer-based systems and model-based methodologies for pervasive and embedded software. IEEE Computer Society, pp. 103–112

  60. Ryutov T, Zhou L, Neuman C et al (2005) Adaptive trust negotiation and access control. In: Proceedings of the 10th ACM symposium on access control models and technologies. ACM, pp. 139–146

  61. Saltzer J, Schroeder M (1975) The protection of information in computer systems. Proc IEEE 63(9):1278–1308

    Article  Google Scholar 

  62. Sasse MA, Flechais I (2005) Usable security: Why do we need it? how do we get it? In: Faith Cranor L, Garfinkel S (eds) Security and usability: designing secure systems that people can use. O’Reilly, Sebastopol, CA, pp. 13–30

  63. Sauro L (2006) Formalizing admissibility criteria in coalition formation among goal directed agents. Ph.D. thesis, University of Turin, Italy

  64. Sauro L (2006) Qualitative criteria of admissibility for enforced agreements. CMOT 12(2–3):147–168

    MATH  Google Scholar 

  65. Sauro L, Villata S (2013) Dependency in cooperative boolean games. J Log Comp 23:425–444

    Article  MathSciNet  MATH  Google Scholar 

  66. Schneier B (2004) Secrets and lies: digital security in a networked world. Wiley, New York

    Google Scholar 

  67. Sharman R, Kishore R, Ramesh R (2006) Ontologies: a handbook of principles, concepts and applications in information systems (integrated series in information systems). Springer, Secaucus, NJ

    Google Scholar 

  68. Sichman JS (1998) DEPINT: Dependence-based coalition formation in an open multi-agent scenario. J Artif Soc Soc Simul 1(2):1998

    Google Scholar 

  69. Sichman JS, Conte R (2002) Multi-agent dependence by dependence graphs. In: Proceedings of the 1st international joint conference on autonomous agents and multiagent systems. ACM, pp. 483–490

  70. Sichman JS, Demazeau Y (2001) On social reasoning in multi-agent systems. Revista Iberoamericana de Inteligencia Artificial 13:68–84

    Google Scholar 

  71. Sinclair S, Smith SW (2010) What’s wrong with access control in the real world?. IEEE Secur Priv 8:74–77

    Article  Google Scholar 

  72. Yee KP (2004) Aligning security and usability. Secur Priv IEEE 2(5):48–55

    Article  Google Scholar 

  73. Yu E (1995) Modelling strategic relationships for process reengineering. Ph.D. thesis, University of Toronto, Canada

Download references

Acknowledgment

This work has been partially funded by the Dutch national program COMMIT under the THeCS project, by NWO through the PriCE project, and by the National Research Fund, Luxembourg, CoPAInS project (code:CO11/IS/1239572).

Author information

Authors and Affiliations

  1. Laboratory of Advanced Software SYstems (LASSY), Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg, Luxembourg City, Luxembourg

    Donia El Kateb & Yves Le Traon

  2. Security Group, Department of Mathematics and Computer Science, Eindhoven University of Technology, P.O. Box 513, 5600 MB, Eindhoven, The Netherlands

    Nicola Zannone

  3. Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg, Luxembourg City, Luxembourg

    Assaad Moawad, Patrice Caire, Grégory Nain & Tejeddine Mouelhi

Authors
  1. Donia El Kateb
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nicola Zannone
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Assaad Moawad
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Patrice Caire
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Grégory Nain
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Tejeddine Mouelhi
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Yves Le Traon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Donia El Kateb.

Rights and permissions

Reprints and permissions

About this article

Cite this article

El Kateb, D., Zannone, N., Moawad, A. et al. Conviviality-driven access control policy. Requirements Eng 20, 363–382 (2015). https://doi.org/10.1007/s00766-014-0204-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00766-014-0204-0

Keywords

Search

Navigation