企业安全开发与管理的组织驱动方法

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI:10.1109/SSIRI.2011.25

Lirong Dai, Yan Bai

{"title":"企业安全开发与管理的组织驱动方法","authors":"Lirong Dai, Yan Bai","doi":"10.1109/SSIRI.2011.25","DOIUrl":null,"url":null,"abstract":"Enterprises security is a complex problem. Pure technology-driven development methods are not sufficient to solve a broad range of enterprise security issues. This paper analyzes the complexity of enterprise security and proposes an organization-driven approach for the problem. The approach combines a set of Unified Modeling Language-based approaches to bridge the gap between enterprise security architecture models and security application development models. It allows an enterprise to coordinate security resources from an enterprise point of view, and develop security applications systematically and efficiently. A comprehensive case study is conducted to illustrate the approach. The study shows through the refinement of enterprise security goals, both software goals and software requirements for a security application can be obtained. In particular, a security application is built to support the specification and automated verification of separation of duty access policies using the Object Constraint Language and formal method Alloy.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"An Organization-Driven Approach for Enterprise Security Development and Management\",\"authors\":\"Lirong Dai, Yan Bai\",\"doi\":\"10.1109/SSIRI.2011.25\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Enterprises security is a complex problem. Pure technology-driven development methods are not sufficient to solve a broad range of enterprise security issues. This paper analyzes the complexity of enterprise security and proposes an organization-driven approach for the problem. The approach combines a set of Unified Modeling Language-based approaches to bridge the gap between enterprise security architecture models and security application development models. It allows an enterprise to coordinate security resources from an enterprise point of view, and develop security applications systematically and efficiently. A comprehensive case study is conducted to illustrate the approach. The study shows through the refinement of enterprise security goals, both software goals and software requirements for a security application can be obtained. In particular, a security application is built to support the specification and automated verification of separation of duty access policies using the Object Constraint Language and formal method Alloy.\",\"PeriodicalId\":224250,\"journal\":{\"name\":\"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement\",\"volume\":\"45 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SSIRI.2011.25\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSIRI.2011.25","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

企业安全是一个复杂的问题。纯技术驱动的开发方法不足以解决广泛的企业安全问题。本文分析了企业安全的复杂性，提出了一种组织驱动的方法。该方法结合了一组基于统一建模语言的方法，以弥合企业安全体系结构模型和安全应用程序开发模型之间的差距。它允许企业从企业的角度协调安全资源，系统、高效地开发安全应用程序。通过一个全面的案例研究来说明该方法。研究表明，通过细化企业安全目标，可以获得安全应用程序的软件目标和软件需求。特别地，构建了一个安全应用程序，以支持使用对象约束语言和形式方法Alloy的职责分离访问策略的规范和自动验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Organization-Driven Approach for Enterprise Security Development and Management

Enterprises security is a complex problem. Pure technology-driven development methods are not sufficient to solve a broad range of enterprise security issues. This paper analyzes the complexity of enterprise security and proposes an organization-driven approach for the problem. The approach combines a set of Unified Modeling Language-based approaches to bridge the gap between enterprise security architecture models and security application development models. It allows an enterprise to coordinate security resources from an enterprise point of view, and develop security applications systematically and efficiently. A comprehensive case study is conducted to illustrate the approach. The study shows through the refinement of enterprise security goals, both software goals and software requirements for a security application can be obtained. In particular, a security application is built to support the specification and automated verification of separation of duty access policies using the Object Constraint Language and formal method Alloy.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement

自引率

0.00%

发文量