Modeling Role-Based Access Control Using Parameterized UML Models
نویسندگان
چکیده
Organizations use Role-Based Access Control (RBAC) to protect computer-based resources from unauthorized access. There has been considerable work on formally specifying RBAC policies but there is still a need for RBAC policy specification techniques that can be integrated into software design methods. This paper describes a method for incorporating specifications of RBAC policies into UML design models. Reusable RBAC policies are specified as patterns and are expressed using UML template diagrams. Incorporating RBAC policies into an application specific model involves instantiating the patterns and composing the instantiations with the model. The method also includes a technique for specifying patterns of RBAC violations. Developers can use the patterns to identify policy violations in their models. The method is illustrated using a small banking application.
منابع مشابه
Using Parameterized UML to Specify and Compose Access Control Models
Abstract: Situations can arise in which organizations have to merge policies that are based on different access control frameworks, such as Role Based Access Control (RBAC) and Mandatory Access Control (MAC). Integrating policies requires addressing the following question: How will the integration impact access to protected resources? In particular, one needs to determine that the integration d...
متن کاملSecure State UML: Modeling and Testing Security Concerns of Software Systems Using UML State Machines
In this research we present a technique by using which, extended UML models can be converted to standard UML models so that existing MBT techniques can be applied directly on these models. Existing Model Based Testing (MBT) Techniques cannot be directly applied to extended UML models due to the difference of modeling notation and new model elements. Verification of these models is also very imp...
متن کاملSecure State UML: Modeling and Testing Security Concerns of Software Systems Using UML State Machines S. Batool and S. Asghar Institute of Information Technology, University of Arid and Agriculture Rawalpindi, Pakistan
In this research we present a technique by using which, extended UML models can be converted to standard UML models so that existing MBT techniques can be applied directly on these models. Existing Model Based Testing (MBT) Techniques cannot be directly applied to extended UML models due to the difference of modeling notation and new model elements. Verification of these models is also very imp...
متن کاملModeling Secure Architectural Connector with UML 2.0
Security is one of the most important quality attributes in software architecture. Previous modeling approaches provide insufficient support for an in-depth treatment of security. They lack the ability to model important security concepts. Also they are based on formal syntaxes such as using ADLs. This paper presents a more comprehensive treatment of an important security aspect, access control...
متن کاملUML/OCL based Design and Analysis of Role-Based Access Control Policies
Access control plays an important part in IT systems these days. Specifically Role-Based Access Control (RBAC) has been widely adopted in practice. One of the major challenges within the introduction of RBAC into an organization is the policy definition. Modeling technologies provide support by allowing to design and to validate a policy. In this work we apply a UML and OCL based domain-specifi...
متن کامل