Abstract
Security requirements of a software product need to receive attention throughout its development life cycle. This paper proposes several design artifacts that specify the details of access control policies formally and precisely in the requirement and analysis phases. The work is based on extending the use cases in Unified Modeling Language, with access control schemas and tables. In addition, we propose a methodology to resolve several issues such as consistency and completeness of access control specifications that are not totally resolved before.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alghathbar, K., Wijesekera, D.: Modeling Dynamic Role-based Access Constraints using UML. In: Proceedings of the International Conference on Software Engineering Research & Applications (ICSERA 2003), San Francisco, USA, June 25–27 (2003)
Alghathbar, K., Wijesekera, D.: AuthUML: A Three-phased Framework to model Secure Use Cases. Submitted to the Workshop on Formal Methods in Security Engineering. Washington, DC, USA, October 30 (2003)
Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-x: A javabased system for XML data protection. In: IFIP Workshop on Database Security, pp. 15–26 (2000)
Booch, G., Rumbaugh, J., Jacobson, I.: The Unified Modeling Language User Guide. Addison-Wesley, Reading (1999)
Brose, G., Koch, M., Löhr, K.-P.: Integrating Access Control Design into the Software Development Process. In: Proceedings of the sixth biennial world conference on the Integrated Design and Process Technology (IDPT), Pasadena, CA (June 2002)
Chadwick, D., Otenko, A.: The PERMIS X.509 Role Based Privilege Management Infrastructure. In: The Proceedings of the 7th Acm Symposium On Access Control Models And Technologies (SACMAT 2002), Montrerey, California, USA, June 3-4 (2002)
Clark, D.D., Wilson, D.R.: A Comparison of Commercial and Military Computer Security Policies. In: IEEE Symposium on Security and Privacy (1987)
Devanbu, P.T., Stubblebine, S.: Software engineering for security:A roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, ACM Press, New York (2000)
Fernandez, E.B., Hawkins, J.C.: Determining role rights from use cases. In: The Procs. 2nd. ACM Workshop on Role-Based Access Control, November 1997, pp. 121–125 (1997)
Fernandez-Medina, E., Martinez, A., Medina, C., Piattini, M.: Integrating Multilevel Security in the Database Design Process. In: The Proceedings of the 6th biennial world conference on the Integrated Design and Process Technology, Pasadena, CA (June 2002)
Firesmith, D., Henderson-Sellers, B., Graham, I.: OPEN Modeling Language (OML) Reference Manual. SIGS Books (1997)
Fowler, M., Scott, K.: UML Distilled: A Brief Guide to the Standard Object Modeling Language, 2nd edn. Addison-Wesley, Reading (1999)
Jacobson, I., Christerson, M., Jonson, P., Overgaad, G.: Object-Oriented Software Engineering: A Use Case Driven Approval. Addison-Wesley, Reading (1992)
Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. on Database Systems 26(2), 214–260 (2001)
Nuseibeh, B., Easterbrook, S.: Requirements engineering: A roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, ACM Press, New York (2000)
Object Management Group. OMG Unified Modeling Language Specification, Version 1.4 (2001), http://www.omg.org/technology/documents/formal/uml.htm
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 3–7 (1996)
Sendall, S., Strohmeier, A.: From Use Cases to System Operation Specifications. In: The Proceeding of the Unified Modeling Language Conference 2000 (2000)
Simon, R., Zurko, M.: Separation of duty in role-based environments. In: The Proceedings of the 10th Computer Security Foundations Workshop, Rockport, Massachusetts (June 1997)
Warmer, J., Kleppe, A.: The Object Constraint Language: Precise Modeling with UML. Addison Wesley, Reading (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alghathbar, K., Wijesekera, D. (2003). Consistent and Complete Access Control Policies in Use Cases. In: Stevens, P., Whittle, J., Booch, G. (eds) «UML» 2003 - The Unified Modeling Language. Modeling Languages and Applications. UML 2003. Lecture Notes in Computer Science, vol 2863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45221-8_32
Download citation
DOI: https://doi.org/10.1007/978-3-540-45221-8_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20243-1
Online ISBN: 978-3-540-45221-8
eBook Packages: Springer Book Archive