Abstract
Nowadays many organizations experience security incidents due to unauthorized access to information. To reduce the risk of such incidents, security policies are often employed to regulate access to information. Such policies, however, are often too restrictive, and users do not have the rights necessary to perform assigned duties. As a consequence, access control mechanisms are perceived by users as a barrier and thus bypassed, making the system insecure. In this paper, we draw a bridge between the social concept of conviviality and access control. Conviviality has been introduced as a social science concept for ambient intelligence and multi-agent systems to highlight soft qualitative requirements like user-friendliness of systems. To bridge the gap between conviviality and security, we propose a methodological framework for updating and adapting access control policies based on conviviality recommendations. Our methodology integrates and extends existing techniques to assist system designers in the derivation of access control policies from socio-technical requirements of the system, while taking into account the conviviality of the system. We illustrate our framework using the Ambient Assisted Living use case from the HotCity of Luxembourg.
Similar content being viewed by others
Notes
Note that the terms “cycle” and “coalition” represent two distinct realities. Keeping the terms different is consistent to the domains they belong to: a coalition describes a set of agents and comes from agents domains and game theory, while cycle is a graph-theoretical term. The dependence relations among agents participating to a coalition can be analyzed in terms of coalitions, not cycles—which would not mean anything. Furthermore, we count the cycles in the graph; counting coalitions would be inexact, as such a term does not exist in graph theory. Nonetheless, there exists a relation between two terms: cycles identified in a dependence network are considered as coalitions.
Note that a dependency dep in DN can be seen as a particular case of dependency dyndep in DDN.
Note that OR decomposition may lead to alternative sets of resources that may be needed to achieve a goal. For the sake of simplicity, we do not address this issue here and refer to [47] for detail.
References
Ackerman M (1999) Usability and security. In: Proceedings of the network and distributed system security symposium. The Internet Society
Asnar Y, Li T, Massacci F, Paci F (2011) Computer aided threat identification. In: Proceedings of 13th IEEE conference on commerce and enterprise computing, pp. 145–152. IEEE
Basin D, Doser J, Lodderstedt T (2006) Model driven security: from uml models to access control infrastructures. ACM Trans Softw Eng Methodol 15(1):39–91
Baxter G, Sommerville I (2011) Socio-technical systems: from design methods to systems engineering. Interact Comput 23(1):4–17
Bertino E, Squicciarini AC, Martino L, Paci F (2006) An adaptive access control model for web services. Int J Web Serv Res 3(3):27–60
Boehm B, Egyed A (1998) Software requirements negotiation: some lessons learned. In: Proceedings of the 20th international conference on software engineering. IEEE, pp. 503–506
Boella G, Sauro L, van der Torre LWN (2004) Social viewpoints on multiagent systems. In: AAMAS. IEEE Computer Society, pp. 1358–1359
Boella G, van der Torre L, Villata S (2009) Four ways to change coalitions: agents, dependencies, norms and internal dynamics. In: Proceedings of the 2nd multi-agent logics, languages, and organisations federated workshops, CEUR Workshop Proceedings, vol. 494. CEUR-WS.org
Bonzon E, Lagasquie-Schiex MC, Lang J (2009) Dependencies between players in boolean games. Int J Approx Reason 50(6):899–914
Braz C, Seffah A, M’Raihi D (2007) Designing a trade-off between usability and security: a metrics based-model. In: Baranauskas C, Palanque P, Abascal J, Diniz Junqueira Barbosa S (eds) Human–computer interaction—INTERACT 2007, LNCS 4663. Springer, Berlin, pp. 114–126
Bresciani P, Giorgini P, Giunchiglia F, Mylopoulos J, Perini A (2004) TROPOS: An agent-oriented software development methodology. Auton Agent Multi Agent Syst 8(3):203–236
Bryl V, Massacci F, Mylopoulos J, Zannone N (2006) Designing security requirements models through planning. In: Proceedings of 18th international conference on advanced information systems engineering, LNCS 4001. Springer, Berlin, pp. 33–47
Bryl V, Giorgini P, Mylopoulos J (2009) Designing socio-technical systems: from stakeholder goals to social networks. Requir Eng 14(1):47–70
Caire P (2010) New tools for conviviality: masks, norms, ontology, requirements and measures. Ph.D. thesis, Luxembourg University, Luxembourg
Caire P, van der Torre L (2009) Convivial ambient technologies: requirements, ontology and design. Comput J 53(8):1229–1256
Caire P, van der Torre L (2009) A conviviality measure for early requirement phase of multiagent system design. In: Normative multiagent systems, no. 09121 in Dagstuhl seminar proceedings. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany
Caire P, van der Torre L (2009) Temporal dependence networks for the design of convivial multiagent systems. In: Proceedings of the 8th international joint conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp. 1317–1318
Caire P, Villata S, Boella G, van der Torre L (2008) Conviviality masks in multiagent systems. In: Proceedings of the 7th international joint conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp. 1265–1268
Caire P, Villata S, Boella G, van der Torre L (2008) Conviviality masks in multiagent systems. In: Proceedings of the 7th international joint conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp. 1265–1268
Caire P, Alcade B, van der Torre L, Sombattheera C (2011) Conviviality measures. In: Proceedings of the 10th international joint conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp. 895–902
Caire P, Bikakis A, Efthymiou V (2012) Conviviality by design. In: Proceedings of symposium on social computing—social cognition—social networks and multiagent systems
Castelfranchi C (2003) The micro-macro constitution of power. Protosociology 18:208–269
Cormen TH, Leiserson CE, Rivest RL, Stein C (2001) Introduction to algorithms. 2nd edn. The MIT Press, Cambridge, MA
Crook R, Ince D, Nuseibeh B (2003) Modelling access policies using roles in requirements engineering. Inf Softw Technol 45(14):979–991
Damen S, Zannone N (2013) Privacy implications of privacy settings and tagging in facebook. In: Proceedings of the 10th VLDB workshop on secure data management. Springer, Berlin
Damianou N, Dulay N, Lupu E, Sloman M (2001) The ponder policy specification language. In: Proceedings of the international workshop on policies for distributed systems and networks, LNCS 1995. Springer, Berlin, pp. 18–38
Dardenne A, van Lamsweerde A, Fickas S (1993) Goal-directed requirements acquisition. In: Proceedings of the 6th international workshop on software specification and design. Elsevier, Amsterdam, pp. 3–50
Efthymiou V, Caire P (2012) Diagram analysis report: use cases for conviviality and privacy in ambient intelligent systems. University of Luxembourg, SnT, Luxembourg
Elahi G, Yu ESK (2009) Modeling and analysis of security trade-offs—a goal oriented approach. Data Knowl Eng 68(7):579–598
Elahi G, Yu ESK, Zannone N (2010) A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requir Eng 15(1):41–62
Emerson R (1962) Power-dependence relations. Am Sociol Rev 27:31–41
eXtensible Access Control Markup Language (XACML) (2012) Version 3.0. OASIS Standard, OASIS. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf
Flechais I, Sasse MA, Hailes SMV (2003) Bringing security home: a process for developing secure and usable systems. In: Proceedings of the 2003 workshop on new security paradigms. ACM, pp. 49–57
Flechais I, Mascolo C, Sasse MA (2007) Integrating security and usability into the requirements and design process. Int J Electron Secur Digit Forensic 1(1):12–26
Frankl PG, Weyuker EJ (2000) Testing software to detect and reduce risk. J Syst Softw 53(3):275–286
Fuxman A, Liu L, Mylopoulos J, Roveri M, Traverso P (2004) Specifying and analyzing early requirements in Tropos. Requir Eng 9(2):132–150
Giorgini P, Massacci F, Mylopoulos J, Zannone N (2005) Modeling security requirements through ownership, permission and delegation. In: Proceedings of the 13th IEEE international conference on requirements engineering. IEEE Computer Society, pp. 167–176
Giorgini P, Massacci F, Mylopoulos J, Zannone N (2006) Requirements engineering for trust management: model, methodology, and reasoning. Int J Inf Secur 5(4):257–274
Gutmann P, Grigg I (2005) Security usability. Secur Priv IEEE 3(4):56–58
Healthcare Information Technology Standards Panel (HITSP) (2008) Emergency responder electronic health record interoperability specification (IS04), Version 2.0
Illich I (1974) Tools for conviviality. Marion Boyars Publishers, London
Jureta IJ, Mylopoulos J, Faulkner S, Schobbens PY (2007) Core ontology for requirements engineering. Technical report, Information Management Research Unit, University of Namur
Kazman R, Klein M, Barbacci M, Longstaff T, Lipson H, Carriere J (1998) The architecture tradeoff analysis method. In: Proceedings of the 4th IEEE international conference on engineering of complex computer systems. IEEE Computer Society, pp. 68–78
Koller D, Milch B (2003) Multi-agent influence diagrams for representing and solving games. Games Econ Behav 45(1):181–221
Liu L, Yu ESK, Mylopoulos J (2003) Security and privacy requirements analysis within a social setting. In: Proceedings of 11th IEEE international requirements engineering conference. IEEE Computer Society, pp. 151–161
Lymberopoulos L, Lupu E, Sloman M (2003) An adaptive policy-based framework for network services management. J Netw Syst Manag 11:277–303
Massacci F, Zannone N (2008) A model-driven approach for the specification and analysis of access control policies. In: Proceedings of OTM confederated international conferences, LNCS 5332. Springer, Berlin, pp. 1087–1103
Massacci F, Mylopoulos J, Zannone N (2006) Hierarchical hippocratic databases with minimal disclosure for virtual organizations. VLDB J 15(4):370–387
Massacci F, Mylopoulos J, Zannone N (2007) Computer-aided support for secure tropos. Autom Softw Eng 14(3):341–364
Massacci F, Mylopoulos J, Zannone N (2007) An ontology for secure socio-technical systems. In: Rittgen P (ed) Handbook of ontologies for business interaction. IDEA Group, USA, pp. 188–207
Massacci F, Mylopoulos J, Zannone N (2009) Minimal disclosure in hierarchical hippocratic databases with delegation. In: Proceedings of 10th European symposium on research in computer security, LNCS 3679. Springer, Berlin, pp. 438–454
Massacci F, Mylopoulos J, Zannone N (2010) Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Ras ZW, Tsay LS (eds) Advances in intelligent information systems, studies in computational intelligence, vol. 265. Springer, Berlin, pp. 147–174
Montali M, Torroni P, Zannone N, Mello P, Bryl V (2011) Engineering and verifying agent-oriented requirements augmented by business constraints with B-Tropos. Auton Agent Multi Agent Syst 23(2):193–223
Morin B, Mouelhi T, Fleurey F, Le Traon Y, Barais O, Jézéquel JM (2010) Security-driven model-based dynamic adaptation. In: Proceedings of the IEEE/ACM international conference on automated software engineering. ACM, pp. 205–214
NeOn: NeOn Toolkit. http://neon-toolkit.org/
Ray I (2005) Applying semantic knowledge to real-time update of access control policies. IEEE Trans Knowl Data Eng 17(6):844–858
Ray I, France R, Li N, Georg G (2004) An aspect-based approach to modeling access control concerns. Inf Softw Technol 46:575–587
Rinderle-Ma S, Reichert M (2007) A formal framework for adaptive access control models. J Data Semant IX, 82–112
Ruscio DD, Muccini H, Pierantonio A, Pelliccione P (2006) Towards weaving software architecture models. In: Proceedings of international workshop on model-based development of computer-based systems and model-based methodologies for pervasive and embedded software. IEEE Computer Society, pp. 103–112
Ryutov T, Zhou L, Neuman C et al (2005) Adaptive trust negotiation and access control. In: Proceedings of the 10th ACM symposium on access control models and technologies. ACM, pp. 139–146
Saltzer J, Schroeder M (1975) The protection of information in computer systems. Proc IEEE 63(9):1278–1308
Sasse MA, Flechais I (2005) Usable security: Why do we need it? how do we get it? In: Faith Cranor L, Garfinkel S (eds) Security and usability: designing secure systems that people can use. O’Reilly, Sebastopol, CA, pp. 13–30
Sauro L (2006) Formalizing admissibility criteria in coalition formation among goal directed agents. Ph.D. thesis, University of Turin, Italy
Sauro L (2006) Qualitative criteria of admissibility for enforced agreements. CMOT 12(2–3):147–168
Sauro L, Villata S (2013) Dependency in cooperative boolean games. J Log Comp 23:425–444
Schneier B (2004) Secrets and lies: digital security in a networked world. Wiley, New York
Sharman R, Kishore R, Ramesh R (2006) Ontologies: a handbook of principles, concepts and applications in information systems (integrated series in information systems). Springer, Secaucus, NJ
Sichman JS (1998) DEPINT: Dependence-based coalition formation in an open multi-agent scenario. J Artif Soc Soc Simul 1(2):1998
Sichman JS, Conte R (2002) Multi-agent dependence by dependence graphs. In: Proceedings of the 1st international joint conference on autonomous agents and multiagent systems. ACM, pp. 483–490
Sichman JS, Demazeau Y (2001) On social reasoning in multi-agent systems. Revista Iberoamericana de Inteligencia Artificial 13:68–84
Sinclair S, Smith SW (2010) What’s wrong with access control in the real world?. IEEE Secur Priv 8:74–77
Yee KP (2004) Aligning security and usability. Secur Priv IEEE 2(5):48–55
Yu E (1995) Modelling strategic relationships for process reengineering. Ph.D. thesis, University of Toronto, Canada
Acknowledgment
This work has been partially funded by the Dutch national program COMMIT under the THeCS project, by NWO through the PriCE project, and by the National Research Fund, Luxembourg, CoPAInS project (code:CO11/IS/1239572).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
El Kateb, D., Zannone, N., Moawad, A. et al. Conviviality-driven access control policy. Requirements Eng 20, 363–382 (2015). https://doi.org/10.1007/s00766-014-0204-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00766-014-0204-0