Assurance Management Framework (AMF)

An empirical methodology that ensures security models are fully realized and employed in real systems.
Specurity Aspects
Name
Description
Represents a role based access control model to avoid defined conflicts in their specification.
Specification Elements
Name
Description
Describes a user in the system
Describes for a combination of operations and objects which roles and/or users may perform actions on them.
Describes an the active session of the system, e.g., the active roles and permissions in the system.
Describes roles for users in a system.
Describes static conflicting permissions.
Describes dynamic conflicting permissions, i.e., permissions that must not be applied in the same session for the same user.
Describes static conflicting roles for user, i.e., a user must not be assigned both conflicting roles.
Describes dynamic conflicting roles for user, i.e., a user must not be assigned both conflicting roles in the same session to the same user.
Describes static conflicting users that must not have specified permissions and roles.
Describes dynamic conflicting users that must not have specified permissions and roles in a defined session.

  • Security Aspects

    • RBAC

      Represents a role based access control model to avoid defined conflicts in their specification.
      Specification Elements:
      User
      Role
      Permission
      Session
      DCP
      DCR
      DCU
      SCP
      SCR
      SCU
      Threats:
      Spoofing
      Tampering with Data
      Information Disclosure
      Elevation of Privileges

    Specification Elements

    • User

      Describes a user in the system
      Applies to:
      Entity

    • Permission

      Describes for a combination of operations and objects which roles and/or users may perform actions on them.
      Applies to:
      Data
      Activity
      InformationFlow
      InformationFlow

    • Session

      Describes an the active session of the system, e.g., the active roles and permissions in the system.
      Applies to:
      State

    • Role

      Describes roles for users in a system.
      Applies to:
      Entity

    • SCP

      Describes static conflicting permissions.
      Applies to:
      Data
      Activity

    • DCP

      Describes dynamic conflicting permissions, i.e., permissions that must not be applied in the same session for the same user.
      Applies to:
      Data
      Activity

    • SCR

      Describes static conflicting roles for user, i.e., a user must not be assigned both conflicting roles.
      Applies to:
      Entity

    • DCR

      Describes dynamic conflicting roles for user, i.e., a user must not be assigned both conflicting roles in the same session to the same user.
      Applies to:
      Entity

    • SCU

      Describes static conflicting users that must not have specified permissions and roles.
      Applies to:
      Data
      Activity

    • DCU

      Describes dynamic conflicting users that must not have specified permissions and roles in a defined session.
      Applies to:
      Data
      Activity