Kafalı, Özgur and Singh, Munindar P. and Williams, Laurie (2016) Nane: Identifying misuse cases using temporal norm enactments. In: 2016 IEEE 24th International Requirements Engineering Conference (RE). IEEE, pp. 136-145. ISBN 978-1-5090-4122-0. E-ISBN 978-1-5090-4121-3. (doi:10.1109/RE.2016.34) (KAR id:65869)
PDF
Author's Accepted Manuscript
Language: English |
|
Download this file (PDF/288kB) |
|
Request a format suitable for use with assistive technology e.g. a screenreader | |
Official URL: http://dx.doi.org/10.1109/RE.2016.34 |
Abstract
Recent data breaches in domains such as healthcare where confidentiality of data is crucial indicate that breaches often originate from misuses, not only from vulnerabilities in the technical (software or hardware) architecture. Current requirements engineering (RE) approaches determine what access control mechanisms are needed to protect sensitive resources (assets). However, current RE approaches inadequately characterize how a user is expected to interact with others in relation to the relevant assets. Consequently, a requirements analyst cannot readily identify misuses by legitimate users. We adopt social norms as a natural, formal means of characterizing user interactions whereby potential misuses map to norm violations. Our research goal is to help analysts identify misuse cases by formal reasoning about norm enactments. We propose Nane, a formal framework for identifying such misuse cases using a semiautomated process. We demonstrate how Nane enables monitoring of potential misuses on a healthcare scenario.
Item Type: | Book section |
---|---|
DOI/Identification number: | 10.1109/RE.2016.34 |
Uncontrolled keywords: | authorization; monitoring; hospitals; calculus; software; cognition |
Subjects: | Q Science > Q Science (General) > Q335 Artificial intelligence |
Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
Depositing User: | Ozgur Kafali |
Date Deposited: | 02 Feb 2018 16:43 UTC |
Last Modified: | 05 Nov 2024 11:04 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/65869 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):