Enhancing UML to Model Custom Security Aspects
نویسندگان
چکیده
Despite its widespread usage, the Unified Modeling Language (UML) specification still lacks formal, explicit, support for access control. This paper proposes an approach to model security as a separate concern by augmenting UML with separate and new diagrams for role-based, discretionary, and mandatory access controls; collectively, these diagrams provide visual access-control aspects. Individually, each of these diagrams contain a set of security features that augment UML with security capabilities. The intent is to provide designers with a broad set of security features, where they can select only the features needed by their application, merge them into UML, and utilize the custom result to model security aspects. This paper presents a set of features extracted from role-based, discretionary, and mandatory access control, demonstrates their composition into a customizable security model in UML (including a formal basis), and illustrates the approach via a university application.
منابع مشابه
Aspect Oriented UML to ECORE Model Transformation
With the emerging concept of model transformation, information can be extracted from one or more source models to produce the target models. The conversion of these models can be done automatically with specific transformation languages. This conversion requires mapping between both models with the help of dynamic hash tables. Hash tables store reference links between the elements of the source...
متن کاملQuantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملModeling security requirements for context aware system using UML
Modeling in general is “an abstract representation of a specification, design or system from a particular point of view”. System modeling is ”a technique to express, visualise, analyse and transform the architecture of a system”. The Unified Modeling Language (UML) is “a language for specifying, visualising, constructing, and documenting the artefacts of a software-intensive system as well as f...
متن کاملModel-to-model Transformation Approach for Systematic Integration of Security Aspects into Uml 2.0 Design Models
Model-to-Model Transformation Approach for Systematic Integration of Security Aspects into UML 2.0 Design Models
متن کاملPerformance analysis of security aspects by weaving scenarios extracted from UML models
Aspect-Oriented Modeling (AOM) allows software designers to describe features that address pervasive concerns separately as aspects, and to systematically incorporate the features into a UML design model using model composition techniques. The goal of this paper is to analyze the performance effects of different security features that may be represented as aspect models. This is part of a large...
متن کامل