A light-weight static approach to analyzing UML behavioral properties

Identifying and resolving design problems in the early design phase can help ensure software quality and save costs. There are currently few tools for analyzing designs expressed using the Unified Modeling Language (UML). Tools such as OCLE and USE support analysis of static structural properties. These tools provide mechanisms for checking instance models against invariant properties expressed using the object constraint language (OCL). In this paper we propose an approach to analyzing behavioral properties of UML models that can utilize static analysis tools. The approach includes a technique for generating a class model of behavior from operation specifications expressed in a restricted form of OCL Behavioral properties are expressed as invariants defined in the class model of behavior. Static analysis tools such as USE and OCLE can be used to check object models describing series of snapshots. Most of the analysis can be automated. We illustrate our approach by analyzing static separation of duty and dynamic separation of duty properties of a hierarchical role-based access control model (HRBAC).

[1]  Mark Ryan,et al.  Evaluating Access Control Policies Through Model Checking , 2005, ISC.

[2]  Daniel Jackson,et al.  Alloy: a lightweight object modelling notation , 2002, TSEM.

[3]  David Harel,et al.  Executable object modeling with statecharts , 1996, Proceedings of IEEE 18th International Conference on Software Engineering.

[4]  David Harel,et al.  Executable object modeling with statecharts , 1997, Computer.

[5]  Dan Ioan Chiorean,et al.  Ensuring UML Models Consistency Using the OCL Environment , 2004, Electron. Notes Theor. Comput. Sci..

[6]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[7]  Martin Gogolla,et al.  Validating UML and OCL models in USE by automatic snapshot generation , 2005, Software & Systems Modeling.

[8]  Stephan Merz,et al.  Model Checking , 2000 .

[9]  Indrakshi Ray,et al.  Using Parameterized UML to Specify and Compose Access Control Models , 2003, IICIS.

[10]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[11]  Sixth IEEE International Conference On Engineering Of Complex Computer Systems , 2000, Proceedings Sixth IEEE International Conference on Engineering of Complex Computer Systems. ICECCS 2000.

[12]  Trung Dinh-Trong A systematic approach to testing uml designs , 2007 .