Browsing by Author "He, Qingfeng"
Now showing 1 - 12 of 12
- Results Per Page
- Sort Options
- A framework for privacy-enhanced access control analysis in requirements engineering(North Carolina State University. Dept. of Computer Science, 2004) He, Qingfeng; Anton, Ana I.
- A privacy protection comparison of popular web browsers(North Carolina State University. Dept. of Computer Science, 2002) He, Qingfeng; Anton, Ana I.
- A privacy-aware database interface(North Carolina State University. Dept. of Computer Science, 2002) Haygood, Hal; He, Qingfeng; Smith, Shane; Snare, Jodi
- Deriving access control policies from requirements specifications and database designs(North Carolina State University. Dept. of Computer Science, 2004) He, Qingfeng; Anton, Ana I.
- Integrating access control policy specification into the software development process(North Carolina State University. Dept. of Computer Science, 2005) He, Qingfeng; Anton, Ana I.
- Privacy enforcement with an extended role-based access control model(North Carolina State University. Dept. of Computer Science, 2003) He, Qingfeng
- Requirements-Based Access Control Analysis and Policy Specification(2005-08-15) He, Qingfeng; Ting Yu, Committee Member; Laurie Williams, Committee Member; Julie Earp, Committee Member; Annie I. Anton, Committee ChairAccess control is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) define how access is managed and the high-level rules of who can access what information under certain conditions. Traditionally, access control policies have been specified in an ad-hoc manner, leaving systems vulnerable to security breaches. ACP specification is often isolated from requirements analysis, resulting in policies that are not in compliance with system requirements. This dissertation introduces the Requirements-based Access Control Analysis and Policy Specification (ReCAPS) method for deriving access control policies from various sources, including software requirements specifications (SRS), software designs, and high-level security/privacy policies. The ReCAPS method is essentially an analysis method supported by a set of heuristics and a software tool: the Security and Privacy Requirements Analysis Tool (SPRAT). The method was developed in two formative case studies and validated in two summative case studies. All four case studies involved operational systems, and ReCAPS evolved as a result of the lessons learned from applying the method to these case studies. Further validation of the method was performed via an empirical study to evaluate the usefulness and effectiveness of the approach. Results from these evaluations indicate that the process and heuristics provided by the ReCAPS method are useful for specifying database-level and application-level ACPs. Additionally, ReCAPS integrates policy specification into software development, thus providing a basic framework for ensuring compliance between different levels of policies, system requirements and software design. The method also improves the quality of requirements specifications and system designs by clarifying ambiguities and resolving conflicts across these artifacts.
- Requirements-based access control analysis and policy specification (RECAPS)(North Carolina State University. Dept. of Computer Science, 2005) He, Qingfeng; Anton, Ana I.
- Security and privacy requirements analysis tool software requirements specification version 2.00(North Carolina State University. Dept. of Computer Science, 2004) Jain, Neha; Anton, Ana I.; Stufflebeam, William; He, Qingfeng
- Specifying privacy policies with P3P and EPAL: Lessons learned(North Carolina State University. Dept. of Computer Science, 2004) Stufflebeam, William; Anton, Ana I.; He, Qingfeng; Jain, Neha
- The complexity underlying jetblue.s privacy policy violations(North Carolina State University. Dept. of Computer Science, 2003) Anton, Ana I.; He, Qingfeng
- The use of goals to extract privacy and security requirements from policy statements(North Carolina State University. Dept. of Computer Science, 2003) Anton, Ana I.; Bolchini, David; He, Qingfeng
