English

"Shifting Access Control Left" using Asset and Goal Models

Cryptography and Security 2025-04-28 v1 Human-Computer Interaction

Abstract

Access control needs have broad design implications, but access control specifications may be elicited before, during, or after these needs are captured. Because access control knowledge is distributed, we need to make knowledge asymmetries more transparent, and use expertise already available to stakeholders. In this paper, we present a tool-supported technique identifying knowledge asymmetries around access control based on asset and goal models. Using simple and conventional modelling languages that complement different design techniques, we provide boundary objects to make access control transparent, thereby making knowledge about access control concerns more symmetric. We illustrate this technique using a case study example considering the suitability of a reusable software component in a new military air system.

Keywords

Cite

@article{arxiv.2504.17906,
  title  = {"Shifting Access Control Left" using Asset and Goal Models},
  author = {Shamal Faily},
  journal= {arXiv preprint arXiv:2504.17906},
  year   = {2025}
}

Comments

To appear in the NATO ICMCIS proceedings

R2 v1 2026-06-28T23:10:34.936Z