A Model-Driven Security Requirements Approach to Deduce Security Policies Based on OrBAC

  • Denisse Muñante Arzapalo
  • Vanea ChiprianovEmail author
  • Laurent Gallon
  • Philippe Aniorté
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8957)


Attacks on unsecured systems result in important loses. Many of the causes are related to non-conformance of system architecture and implementation to the requirements. To reduce these conformity problems, Model Driven Engineering proposes using modelling languages for defining requirements and architecture and model transformations between them. We therefore introduce a modelling language extension/ profile for defining system requirements with basic security requirement concepts. We also formalize the model transformation between this profile and a security formal verification method. We exemplify our approach on a medical case study.


Model-driven security Model transformation Requirements engineering OrBAC i* framework 


  1. 1.
    Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, New York (2001)Google Scholar
  2. 2.
    Kleppe, A., Warmer, J., Bast, W.: MDA Explained-the Model Driven Architecture: Practice and Promise. Addison-Wesley, Boston (2003) Google Scholar
  3. 3.
    Miége, A.: Definition of a formal framework for specifying security policies. The Or-BAC model and extensions, Ph.D. Thesis (2005)Google Scholar
  4. 4.
    Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  5. 5.
    Cuppens, F., Miège, A.: Modelling contexts in the Or-BAC model. In: 19th Annual Computer Security Applications Conference, December 2003Google Scholar
  6. 6.
    Cuppens, F., Cuppens-Boulahia, N., Miège, A.: Inheritance hierarchies in the Or-BAC model and application in a network environment. In: Second Foundations of Computer Security Workshop (FCS 2004) (2004)Google Scholar
  7. 7.
    Ben Ghorbel, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Managing delegation in access control models. In: 15th International Conference on Advanced Computing and Communication (ADCOM 2007), Inde (2007)Google Scholar
  8. 8.
    Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data Knowl. Eng. 71(1), 127–147 (2012)CrossRefGoogle Scholar
  9. 9.
    Autrel, F., Cuppens, F., Cuppens-Boulahia, N., Coma, C.: MotOrBAC 2: a security policy tool. In: Third Joint Conference on Security in Networks Architectures and Security of Information Systems (SARSSI) (2008)Google Scholar
  10. 10.
    Muñante, D., Gallon, L., Aniorté, P.: An approach based on Model-driven Engineering to define Security Policies using the access control model OrBAC. In: The Eight International Workshop on Frontiers in Availability, Reliability and Security (FARES) (2013)Google Scholar
  11. 11.
    Muñante, D., Gallon, L., Aniorté, P.: MoDELO: a MOdel-Driven sEcurity poLicy approach based on Orbac. In: 8ème Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d’Information (SARSII) (2013)Google Scholar
  12. 12.
    Muñante, D., Chiprianov, V., Gallon, L., Aniorté, P.: A review of security requirements engineering methods with respect to risk analysis and model-driven engineering. In: Teufel, S., Min, T.A., You, I., Weippl, E. (eds.) CD-ARES 2014. LNCS, vol. 8708, pp. 79–93. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  13. 13.
    Lin, L., Nuseibeh, B., Ince, D., Jackson, M.: Using abuse frames to bound the scope of security problems. In: Proceedings of the 12th IEEE International Conference on Requirements Engineering (RE 2004), pp. 354–355. IEEE Computer Society (2004)Google Scholar
  14. 14.
    Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. J. 10(1), 34–44 (2005)CrossRefGoogle Scholar
  15. 15.
    Sindre, G.: Mal-activity diagrams for capturing attacks on business processes. In: Heymans, P., Sawyer, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  16. 16.
    van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, pp. 148–157, 23–28 May 2004Google Scholar
  17. 17.
    Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)CrossRefGoogle Scholar
  18. 18.
    Elahi, G., Yu, E.: A goal oriented approach for modeling and analyzing security trade-offs. University of Toronto. Technical report (2007)Google Scholar
  19. 19.
    Anton, A.I., Earp, J.B.: Strategies for developing policies and requirements for secure electronic commerce systems. North Carolina State University. Technical report (2000)Google Scholar
  20. 20.
    Braber, F., Hogganvik, I., Lund, M.S., Stolen, K., Vraalsen, F.: Model-based security analysis in seven steps-a guided tour to the CORAS method. BT Technol. J. 25(1), 101–117 (2007)CrossRefGoogle Scholar
  21. 21.
    Asnar, Y., Giorgini, Y.P., Massacci, F., Zannone, N.: From trust to dependability through risk analysis. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp. 19–26. IEEE Computer Society (2007)Google Scholar
  22. 22.
    Mayer, N., Rifaut, A., Dubois, E.: Towards a risk-based security requirements engineering framework. In: Proceedings of the 11th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ 2005), in Conjunction with the 17th Conference on Advanced Information Systems Engineering (CAiSE 2005) (2005)Google Scholar
  23. 23.
    Massacci, F., Zannone, N.: A model-driven approach for the specification and analysis of access control policies. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1087–1103. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  24. 24.
    Ledru, Y., Richier, J., Idani, A., Labiadh, M.: From KAOS to RBAC: a case study in designing access control rules from a requirements analysis. In: 6ème Conf. sur la Sécurité des Architectures Réseaux et des Systèmes d’Information (SARSSI 2011) (2011)Google Scholar
  25. 25.
    Mouratidis, H., Jürjens, J., Fox, J.: Towards a comprehensive framework for secure systems development. In: Martinez, F.H., Pohl, K. (eds.) CAiSE 2006. LNCS, vol. 4001, pp. 48–62. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  26. 26.
    Graa, M., Cuppens-Boulahia, N., Autrel, F., Azkia, H., Cuppens, F., Coatrieux, G., Cavalli, A., Mammar, A.: Using requirements engineering in an automatic security policy derivation process. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 155–172. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  27. 27.
    Hatebur, D., Heisel, M., Jürjens, J., Schmidt, H.: Systematic development of UMLsec design models based on security requirements. In: Giannakopoulou, D., Orejas, F. (eds.) FASE 2011. LNCS, vol. 6603, pp. 232–246. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  28. 28.
    Yu, E.: Modelling strategic relationships for process reengineering. Ph.D. thesis, University of Toronto (1995)Google Scholar
  29. 29.
    Elahi, G., Yu, E., Zannone, N.: A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requir. Eng. 15(1), 41–62 (2010)CrossRefGoogle Scholar
  30. 30.
    Sandhu, J.R., Coyne, E.J., Feinstein, H.J., Youman, C.E.: Role-based access control models. IEEE Comput. 29, 38–47 (1996)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Denisse Muñante Arzapalo
    • 1
  • Vanea Chiprianov
    • 1
  • Laurent Gallon
    • 1
  • Philippe Aniorté
    • 1
  1. 1.LIUPPAUniversité de Pau et des Pays de l’AdourPauFrance

Personalised recommendations