{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,21]],"date-time":"2026-06-21T14:31:29Z","timestamp":1782052289614,"version":"3.54.5"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030812416","type":"print"},{"value":"9783030812423","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-81242-3_10","type":"book-chapter","created":{"date-parts":[[2021,7,14]],"date-time":"2021-07-14T03:04:02Z","timestamp":1626231842000},"page":"171-188","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Access Control Policy Generation from\u00a0User Stories Using Machine Learning"],"prefix":"10.1007","author":[{"given":"John","family":"Heaps","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ram","family":"Krishnan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yufei","family":"Huang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jianwei","family":"Niu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ravi","family":"Sandhu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,7,14]]},"reference":[{"key":"10_CR1","doi-asserted-by":"crossref","unstructured":"Alohaly, M., Takabi, H., Blanco, E.: A deep learning approach for extracting attributes of ABAC policies. In: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, pp. 137\u2013148 (2018)","DOI":"10.1145\/3205977.3205984"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Bartsch, S.: Practitioners\u2019 perspectives on security in agile development. In: 2011 Sixth International Conference on Availability, Reliability and Security, pp. 479\u2013484. IEEE (2011)","DOI":"10.1109\/ARES.2011.82"},{"issue":"6","key":"10_CR3","doi-asserted-by":"publisher","first-page":"497","DOI":"10.1109\/TDSC.2014.2298011","volume":"11","author":"L Ben Othmane","year":"2014","unstructured":"Ben Othmane, L., Angin, P., Weffers, H., Bhargava, B.: Extending the agile development process to develop acceptably secure software. IEEE Trans. Dependable Secure Comput. 11(6), 497\u2013509 (2014)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10_CR4","doi-asserted-by":"crossref","unstructured":"Beznosov, K., Kruchten, P.: Towards agile security assurance. In: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 47\u201354 (2004)","DOI":"10.1145\/1065907.1066034"},{"key":"10_CR5","doi-asserted-by":"crossref","unstructured":"Bostr\u00f6m, G., W\u00e4yrynen, J., Bod\u00e9n, M., Beznosov, K., Kruchten, P.: Extending XP practices to support security requirements engineering. In: Proceedings of the 2006 International Workshop on Software Engineering for Secure Systems, pp. 11\u201318 (2006)","DOI":"10.1145\/1137627.1137631"},{"key":"10_CR6","doi-asserted-by":"publisher","unstructured":"Dalpiaz, F.: Requirements data sets (user stories). Mendeley Data (2018). https:\/\/doi.org\/10.17632\/7zbk8zsd8y.1","DOI":"10.17632\/7zbk8zsd8y.1"},{"key":"10_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/978-3-319-77243-1_8","volume-title":"Requirements Engineering: Foundation for Software Quality","author":"F Dalpiaz","year":"2018","unstructured":"Dalpiaz, F., van der Schalk, I., Lucassen, G.: Pinpointing ambiguity and incompleteness in requirements engineering via information visualization and NLP. In: Kamsties, E., Horkoff, J., Dalpiaz, F. (eds.) REFSQ 2018. LNCS, vol. 10753, pp. 119\u2013135. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-77243-1_8"},{"key":"10_CR8","unstructured":"Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)"},{"issue":"8","key":"10_CR9","first-page":"28","volume":"9","author":"M Fowler","year":"2001","unstructured":"Fowler, M., Highsmith, J., et al.: The agile manifesto. Softw. Dev. 9(8), 28\u201335 (2001)","journal-title":"Softw. Dev."},{"key":"10_CR10","unstructured":"Karimi, L., Aldairi, M., Joshi, J., Abdelhakim, M.: An automatic attribute based access control policy extraction from access logs. arXiv preprint arXiv:2003.07270 (2020)"},{"issue":"3","key":"10_CR11","doi-asserted-by":"publisher","first-page":"383","DOI":"10.1007\/s00766-016-0250-x","volume":"21","author":"G Lucassen","year":"2016","unstructured":"Lucassen, G., Dalpiaz, F., van der Werf, J.M.E., Brinkkemper, S.: Improving agile requirements: the quality user story framework and tool. Requirements Eng. 21(3), 383\u2013403 (2016). https:\/\/doi.org\/10.1007\/s00766-016-0250-x","journal-title":"Requirements Eng."},{"issue":"3","key":"10_CR12","doi-asserted-by":"publisher","first-page":"339","DOI":"10.1007\/s00766-017-0270-1","volume":"22","author":"G Lucassen","year":"2017","unstructured":"Lucassen, G., Robeer, M., Dalpiaz, F., Van Der Werf, J.M.E., Brinkkemper, S.: Extracting conceptual models from user stories with visual narrator. Requirements Eng. 22(3), 339\u2013358 (2017). https:\/\/doi.org\/10.1007\/s00766-017-0270-1","journal-title":"Requirements Eng."},{"key":"10_CR13","first-page":"506","volume":"17","author":"M Narouei","year":"2020","unstructured":"Narouei, M., Takabi, H., Nielsen, R.D.: Automatic extraction of access control policies from natural language documents. IEEE Trans. Dependable Secure Comput. 17, 506\u2013517 (2020)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10_CR14","doi-asserted-by":"crossref","unstructured":"Oueslati, H., Rahman, M.M., ben Othmane, L.: Literature review of the challenges of developing secure software using the agile approach. In: 2015 10th International Conference on Availability, Reliability and Security, pp. 540\u2013547. IEEE (2015)","DOI":"10.1109\/ARES.2015.69"},{"key":"10_CR15","unstructured":"Pohl, C., Hof, H.J.: Secure scrum: development of secure software with scrum. arXiv preprint arXiv:1507.02992 (2015)"},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Settles, B.: Active learning. In: Synthesis Lectures on Artificial Intelligence and Machine Learning, vol. 6, no. 1, pp. 1\u2013114 (2012)","DOI":"10.1007\/978-3-031-01560-1_1"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Siponen, M., Baskerville, R., Kuivalainen, T.: Integrating security into agile development methods. In: Proceedings of the 38th Annual Hawaii International Conference on System Sciences, p. 185a. IEEE (2005)","DOI":"10.1109\/HICSS.2005.329"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"Slankas, J., Xiao, X., Williams, L., Xie, T.: Relation extraction for inferring access control rules from natural language artifacts. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 366\u2013375 (2014)","DOI":"10.1145\/2664243.2664280"},{"key":"10_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"311","DOI":"10.1007\/978-3-319-23781-7_25","volume-title":"Model and Data Engineering","author":"\u015a Sobieski","year":"2015","unstructured":"Sobieski, \u015a., Zieli\u0144ski, B.: User stories and parameterized role based access control. In: Bellatreche, L., Manolopoulos, Y. (eds.) MEDI 2015. LNCS, vol. 9344, pp. 311\u2013319. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-23781-7_25"},{"key":"10_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/978-3-540-27777-4_12","volume-title":"Extreme Programming and Agile Methods - XP\/Agile Universe 2004","author":"J W\u00e4yrynen","year":"2004","unstructured":"W\u00e4yrynen, J., Bod\u00e9n, M., Bostr\u00f6m, G.: Security engineering and eXtreme programming: an impossible marriage? In: Zannier, C., Erdogmus, H., Lindstrom, L. (eds.) XP\/Agile Universe 2004. LNCS, vol. 3134, pp. 117\u2013128. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-27777-4_12"},{"key":"10_CR21","unstructured":"Wolf, T., et al.: Transformers: state-of-the-art natural language processing. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, pp. 38\u201345 (2020)"},{"key":"10_CR22","doi-asserted-by":"crossref","unstructured":"Xiao, X., Paradkar, A., Thummalapenta, S., Xie, T.: Automated extraction of security policies from natural-language software documents. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, pp. 1\u201311 (2012)","DOI":"10.1145\/2393596.2393608"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXXV"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-81242-3_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,13]],"date-time":"2025-07-13T22:03:00Z","timestamp":1752444180000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-81242-3_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030812416","9783030812423"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-81242-3_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"14 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DBSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP Annual Conference on Data and Applications Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Calgary, AB","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canada","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 July 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 July 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"35","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dbsec2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/wpsites.ucalgary.ca\/dbsec2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"45","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}