Phillips, C



Torsten Lodderstedt, David Basin, and Jrgen Doser, SecureUML: A UML-based modeling language for model-driven security, Proceedings of the 5th International Conference on The Unified Modeling Language (2002) 426 - 441.

Summary:

The contribution in [] presents a methodology for modeling access control policies and their integration into a model-driven software development process. The proposed method uses the SecureUML modeling language for the model-driven development of secure systems, based on the Unified Modeling Language (UML). SecureUML is based on an extended model for role-based access control (RBAC). RBAC is a model for access control where users and their privileges are decoupled by roles.

The SecureUML meta model defines authorization constraints as a special kind of UML constraint and uses OCL as the expression language. It defines a vocabulary for annotating UML-based models with information relevant to access control. It is based on the model for RBAC with additional support for specifying authorization constraints. Its meta model is defined as an extension of the UML meta model. The concepts of RBAC are represented directly as meta model types. We introduce the new meta model types User, Role and Permission as well as relations between these types.

Why it is good:

SecureUML can be used in the context of a model-driven software development process to generate access control infrastructures.

Problems and limitations:

However, the meta-model of the SecureUML notation is limited to the access control concepts. The meta model is developed in a way that is not easily expandable to capture other security mechanisms in addition to access control. The usage scope of SecureUML is limited to incorporate the access control roles and conditions in the UML class diagrams to automatically generate required code for access control policy.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download