Skip to main content

Nane: Identifying misuse cases using temporal norm enactments

Kafalı, Özgur and Singh, Munindar P. and Williams, Laurie (2016) Nane: Identifying misuse cases using temporal norm enactments. In: 2016 IEEE 24th International Requirements Engineering Conference (RE). IEEE, pp. 136-145. ISBN 978-1-5090-4122-0. E-ISBN 978-1-5090-4121-3. (doi:10.1109/RE.2016.34)

PDF - Author's Accepted Manuscript
Download (202kB) Preview
[img]
Preview
Official URL
http://dx.doi.org/10.1109/RE.2016.34

Abstract

Recent data breaches in domains such as healthcare where confidentiality of data is crucial indicate that breaches often originate from misuses, not only from vulnerabilities in the technical (software or hardware) architecture. Current requirements engineering (RE) approaches determine what access control mechanisms are needed to protect sensitive resources (assets). However, current RE approaches inadequately characterize how a user is expected to interact with others in relation to the relevant assets. Consequently, a requirements analyst cannot readily identify misuses by legitimate users. We adopt social norms as a natural, formal means of characterizing user interactions whereby potential misuses map to norm violations. Our research goal is to help analysts identify misuse cases by formal reasoning about norm enactments. We propose Nane, a formal framework for identifying such misuse cases using a semiautomated process. We demonstrate how Nane enables monitoring of potential misuses on a healthcare scenario.

Item Type: Book section
DOI/Identification number: 10.1109/RE.2016.34
Uncontrolled keywords: authorization; monitoring; hospitals; calculus; software; cognition
Subjects: Q Science > Q Science (General) > Q335 Artificial intelligence
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Ozgur Kafali
Date Deposited: 02 Feb 2018 16:43 UTC
Last Modified: 26 Sep 2019 10:34 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/65869 (The current URI for this page, for reference purposes)
  • Depositors only (login required):

Downloads

Downloads per month over past year