{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,24]],"date-time":"2025-10-24T16:27:20Z","timestamp":1761323240380,"version":"3.30.2"},"reference-count":32,"publisher":"Elsevier BV","issue":"14","license":[{"start":{"date-parts":[[2003,11,1]],"date-time":"2003-11-01T00:00:00Z","timestamp":1067644800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information and Software Technology"],"published-print":{"date-parts":[[2003,11]]},"DOI":"10.1016\/s0950-5849(03)00097-1","type":"journal-article","created":{"date-parts":[[2003,7,22]],"date-time":"2003-07-22T21:18:59Z","timestamp":1058908739000},"page":"979-991","source":"Crossref","is-referenced-by-count":37,"title":["Modelling access policies using roles in requirements engineering"],"prefix":"10.1016","volume":"45","author":[{"given":"Robert","family":"Crook","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Darrel","family":"Ince","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bashar","family":"Nuseibeh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"year":"2001","series-title":"Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems","author":"Ant\u00f3n","key":"10.1016\/S0950-5849(03)00097-1_BIB1"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB2","doi-asserted-by":"crossref","unstructured":"E. Bertino, P.A. Bonatti, E. Ferrari, TRBAC: a temporal role-based access control model, Proceedings of the 5th ACM Workship on Role-based Access Control, July 2000, pp. 21\u201330.","DOI":"10.1145\/344287.344298"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB3","series-title":"Secure Computer Systems: a Mathematical Model","volume":"vol. II","author":"Bell","year":"1973"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB4","doi-asserted-by":"crossref","unstructured":"J. Bacon, M. Lloyd, K. Moody, Translating Role-based Access Control within Context, Proceedings of International Workshop Policies for Distributed Systems and Networks (Policy 2001), Bristol, January 2001, LNCS, Springer-Verlag, pp. 107\u2013119.","DOI":"10.1007\/3-540-44569-2_7"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB5","doi-asserted-by":"crossref","unstructured":"E. Barka, R. Sandhu, A framework for role based delegation model, Proceedings of 23rd National Information Systems Security Conference, Baltimore, October 16\u201319 2000, pp. 101\u2013114.","DOI":"10.1109\/ACSAC.2000.898870"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB6","doi-asserted-by":"crossref","unstructured":"M.J. Covington, W. Long, S. Srinivasan, A.K. Dev, M. Ahamad, G.D. Abowd, Securing context-aware applications using environment roles, Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, May 2001, pp. 10\u201320.","DOI":"10.1145\/373256.373258"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB7","first-page":"184","article-title":"A comparison of commercial and military computer security policies","author":"Clark","year":"1987","journal-title":"Proceedings of the IEEE Symposium on Security and Privacy"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB8","unstructured":"Department of Defense Trusted Computer System Evaluation Criteria Dod 5200-28-Std, 1985."},{"key":"10.1016\/S0950-5849(03)00097-1_BIB9","doi-asserted-by":"crossref","unstructured":"C.K. Georgiadis, I. Mavridis, G. Pangalos, R.K. Thomas, Flexible team-based access control using contexts, Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, May 2001, pp. 21\u201327.","DOI":"10.1145\/373256.373259"},{"year":"1985","series-title":"Understanding Organizations","author":"Handy","key":"10.1016\/S0950-5849(03)00097-1_BIB10"},{"year":"1992","series-title":"Structure in Fives: Designing effective organisations","author":"Mintzberg","key":"10.1016\/S0950-5849(03)00097-1_BIB11"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB12","doi-asserted-by":"crossref","unstructured":"J.D. Moffett, Control principles and role hierarchies, Proceedings of the 3rd ACM Symposium on Access Control Models and Technologies, October 1998, pp. 63\u201369.","DOI":"10.1145\/286884.286900"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB13","first-page":"129","article-title":"Modeling mandatory access control in role-based security systems","author":"Nyanchama","year":"1995"},{"issue":"2","key":"10.1016\/S0950-5849(03)00097-1_BIB14","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/2.485845","article-title":"Role-based access control models","volume":"29","author":"Sandhu","year":"1996","journal-title":"IEEE Computer"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB15","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1145\/344287.344301","article-title":"The NIST model for role-based access control: towards a unified standard","volume":"26\u201327","author":"Sandhu","year":"2000","journal-title":"Proceedings of the 5th ACN Workshop on Role-Based Access Control (RBAC-00), Berlin Germany, July"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB16","doi-asserted-by":"crossref","unstructured":"R. Sandhu, Q. Munawer, How to do discretionary access control using roles, Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, October 1998, pp. 47\u201354.","DOI":"10.1145\/286884.286893"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB17","doi-asserted-by":"crossref","unstructured":"R.K. Thomas, Team-based access control a primitive for applying role-based access controls in collaborative environments, Proceedings of the 2nd ACM Workshop on Role-Based Access Control, Fairfax, USA, 1997.","DOI":"10.1145\/266741.266748"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB18","doi-asserted-by":"crossref","unstructured":"W. Yao, K. Moody, J. Bacon, A Model of OASIS role-based access control and its support for active security, SACMAT'01, Chantilly Virginia, USA, 2001.","DOI":"10.1145\/373256.373294"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB19","series-title":"Goal-Directed Requirements Acquisition","volume":"vol. 20","author":"Dardenne","year":"1993"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB20","doi-asserted-by":"crossref","unstructured":"S. Jajodia, P. Samarati, V.S. Sabrahmanian, A logical language for expressing authorisations, Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland CA, May 1997, pp. 31\u201342.","DOI":"10.1109\/SECPRI.1997.601312"},{"year":"2001","series-title":"Ponder A Language for specifying Management and Security Policies for Distributed Systems","author":"Damianou","key":"10.1016\/S0950-5849(03)00097-1_BIB21"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB22","unstructured":"E. Lupu, A Role-Based Framework for Distributed Management Systems, PhD Thesis, Imperial College of Science Technology and Medicine, Department of Computing, 1998."},{"key":"10.1016\/S0950-5849(03)00097-1_BIB23","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1109\/CSFW.1994.315946","article-title":"Conceptual foundations for a Model of Task-Based Authorizations","volume":"7","author":"Thomas","year":"1994","journal-title":"IEEE proceedings on Computer Security Foundations Workshop VII, CSFW"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB24","unstructured":"BS799-1: Information Security Management\u2014Part 1: Code of Practice for Information Security, British Standards Institution, London, 1999."},{"key":"10.1016\/S0950-5849(03)00097-1_BIB25","unstructured":"E. Yu, L. Liu, Modelling Trust in the i* Strategic Actors Framework, Proceedings of the 3rd Workshop on Deception, Fraud and Trust in Agent Societies, Barcelona, Spain, 2000."},{"key":"10.1016\/S0950-5849(03)00097-1_BIB26","series-title":"Proceedings of CaiSE'93, 5th International Conferene on Advanced Information Systems Engineering, Paris, France","first-page":"234","article-title":"Dealing with security requirements during the development of information systems","author":"Chung","year":"1993"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB27","unstructured":"P.-J. Fontaine, Goal Oriented Elaboration of Security Requirements, Project Dissertation, Universit\u00e9 Catholique de Louvain, Belgium, 2001."},{"year":"2001","series-title":"Translating Role-Based Access Control within Context","author":"Bacon","key":"10.1016\/S0950-5849(03)00097-1_BIB28"},{"key":"10.1016\/S0950-5849(03)00097-1_BIB29","unstructured":"A. Ant\u00f3n, Goal Identification and Refinement in the Specification of Software-Based Information Systems, PhD Thesis, Georgia Institute of Technology, June 1997."},{"key":"10.1016\/S0950-5849(03)00097-1_BIB30","unstructured":"R. Crook, D. Ince, B. Nuseibeh, Towards an Analytical Role Modelling Framework for Security Requirements, Proceedings of 8th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ-02), Essen, Germany, September 9\u201310, 2002."},{"key":"10.1016\/S0950-5849(03)00097-1_BIB31","unstructured":"E. Yu, A Framework for Organizational Modeling, PhD Thesis, Department of Computer Science, University of Toronto, 1995."},{"key":"10.1016\/S0950-5849(03)00097-1_BIB32","unstructured":"N.C. Damianou, A Policy Framework for Management of Distributed Systems, PhD Thesis, Chapter 2, Imperial College of Science, Technology and Medicine, Department of Computing, London, 2002."}],"container-title":["Information and Software Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0950584903000971?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0950584903000971?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2024,12,13]],"date-time":"2024-12-13T07:35:12Z","timestamp":1734075312000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0950584903000971"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003,11]]},"references-count":32,"journal-issue":{"issue":"14","published-print":{"date-parts":[[2003,11]]}},"alternative-id":["S0950584903000971"],"URL":"https:\/\/doi.org\/10.1016\/s0950-5849(03)00097-1","relation":{},"ISSN":["0950-5849"],"issn-type":[{"type":"print","value":"0950-5849"}],"subject":[],"published":{"date-parts":[[2003,11]]}}}