SecureUML: A UML-Based Modeling Language for Model-Driven Security
نویسندگان
چکیده
We present a modeling language for the model-driven development of secure, distributed systems based on the Unified Modeling Language (UML). Our approach is based on role-based access control with additional support for specifying authorization constraints. We show how UML can be used to specify information related to access control in the overall design of an application and how this information can be used to automatically generate complete access control infrastructures. Our approach can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems.
منابع مشابه
Towards Model Transformation between SecureUML and UMLsec for Role-based Access Control
Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. Recently different authors have proposed a number of modelling languages (e.g., abuse cases, misuse cases, secure i*, secure Tropos, and KAOS extensions to security) that f...
متن کاملAspect Oriented UML to ECORE Model Transformation
With the emerging concept of model transformation, information can be extracted from one or more source models to produce the target models. The conversion of these models can be done automatically with specific transformation languages. This conversion requires mapping between both models with the help of dynamic hash tables. Hash tables store reference links between the elements of the source...
متن کاملMetamodel-based UML Notations for Domain-specific Languages
We present a metamodel-based approach for specifying uml notations for domain-specific modeling languages. Traditionally, domain specific languages are either defined by uml profiles or using metamodels. We provide a generic integration of these two methods supporting arbitrary uml profiles and metamodels. Our approach provides a bidirectional mapping between the uml notation and the metamodel ...
متن کاملFrom Access Control Policies to an Aspect-Based Infrastructure: A Metamodel-Based Approach
Security is among the most successful applications of aspectoriented concepts. In particular, in role-based access control, aspects capture access conditions in a quite modular way. The question we address in this paper is how can aspects be generated from access control policies under a validated process? We present a metamodel-based transformation from SecureUML, a rolebased access control la...
متن کاملComparing Quality of Security Models: A Case Study
System security is an important artefact. However security is typically considered only at an implementation stage nowadays in industry. This makes it difficult to communicate security solutions to the stakeholders earlier and raises the system development cost, especially if security implementation errors are detected. In this paper we compare the quality of two security models, which propose ...
متن کامل