Modeling Dynamic Role-based Access Constraints using UML
نویسنده
چکیده
Systematic development of security sensitive software requires that there be a sufficiently expressive linguistic extension to modeling languages. We propose an extension to the Unified Modeling Language (UML) to satisfy this need. Our extensions are to the UML metamodel with a security policy constraint specification and enforcement module, business tasks and a history log for method calls. Using these extensions we show how dynamic access control requirements of an application can be modeled during the design phase.
منابع مشابه
Employing UML and OCL for designing and analysing role-based access control
Stringent security requirements of organizations like banks or hospitals frequently adopt role-based access control (RBAC) principles to represent and simplify their internal permission management. While representing a fundamental advanced RBAC concept enabling precise restrictions on access rights, authorization constraints increase the complexity of the resulting security policies so that too...
متن کاملEmploying UML and OCL for Designing and Analyzing Role-Based Access Control
Stringent security requirements of organizations like banks or hospitals frequently adopt role-based access control (RBAC) principles to represent and simplify their internal permission management. While representing a fundamental advanced RBAC concept enabling precise restrictions on access rights, authorization constraints increase the complexity of the resulting security policies so that too...
متن کاملReconstructing a formal security model
Role-based access control (RBAC) is a flexible approach to access control, which has generated great interest in the security community. The principal motivation behind RBAC is to simplify the complexity of administrative tasks. Several formal models of RBAC have been introduced. However, there are a few works specifying RBAC in a way which system developers or software engineers can easily und...
متن کاملSecureUML: A UML-Based Modeling Language for Model-Driven Security
We present a modeling language for the model-driven development of secure, distributed systems based on the Unified Modeling Language (UML). Our approach is based on role-based access control with additional support for specifying authorization constraints. We show how UML can be used to specify information related to access control in the overall design of an application and how this informati...
متن کاملSecure State UML: Modeling and Testing Security Concerns of Software Systems Using UML State Machines
In this research we present a technique by using which, extended UML models can be converted to standard UML models so that existing MBT techniques can be applied directly on these models. Existing Model Based Testing (MBT) Techniques cannot be directly applied to extended UML models due to the difference of modeling notation and new model elements. Verification of these models is also very imp...
متن کامل