Change search
ReferencesLink to record
Permanent link

Direct link
Comparing Access Control Security Policies: A Case Study Using SBVR
KTH, School of Information and Communication Technology (ICT).
2012 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Companies today are required more and more to interconnect their information systems with partners and suppliers in order to be competitive in a global marketplace. A problem of how to compare a security policy between two different companies when they need to agree upon a single security policy has been raised. Can a comparison of two access control policies made through Semantic of Business Vocabulary and Business Rules (SBVR) be more appropriate than the traditional way of intuitively comparing two information security policies?

In this research, a case study has been conducted along with the questionnaires as a data collection approach. In the case study, a calculation for a degree of policy statement similarity of Company A’s and Company B has been done. Both calculations were based on the questionnaire results of the Company A and Company B in form of SBVR and traditional policy statements separately.

This research has revealed that SBVR applied policy is more appropriate for comparing two company policies than a traditional written policy. By applying SBVR to the policy statements, Company A and Company B had their policy in the same structure, which is in the SBVR format. They could get a very clear similar part of the policy statements (70% calculated by the results of the second questionnaire in this case study) agreed by both companies.

Place, publisher, year, edition, pages
Trita-ICT-EX, 2012:278
Keyword [en]
SBVR, business vocabulary, business rules, access control, security policy, comparing
National Category
Engineering and Technology
URN: urn:nbn:se:kth:diva-108306OAI: diva2:579886
Educational program
Master of Science - Information and Communication Systems Security
Available from: 2012-12-20 Created: 2012-12-20 Last updated: 2012-12-20Bibliographically approved

Open Access in DiVA

fulltext(1150 kB)226 downloads
File information
File name FULLTEXT01.pdfFile size 1150 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
School of Information and Communication Technology (ICT)
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 226 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 87 hits
ReferencesLink to record
Permanent link

Direct link