论文信息 - RBAC/MAC Security for UML

RBAC/MAC Security for UML

In software construction, analysis investigates system requirements and design captures system functionality. To facilitate analysis and design, one popular technique is the unified modeling language, UML. In UML, there are use-case diagrams for the interaction of users with system components, class diagrams for the static classes and relations among them, and sequence diagrams for the dynamic behavior of objects. However, analyzing and designing security requirements in UML is not directly supported. In this chapter, we incorporate role-based access control (RBAC) and mandatory access control (MAC) into UML use-case and class diagrams. In addition, we provide analysis across the UML diagrams, as actors, use cases and classes are defined, to support a degree of security assurance (with mutual exclusion), thereby realizing secure software design in UML. We briefly report on our RBAC/MAC enhancements into Borland’s UML tool Together Control Center.

[1] Ramaswamy Chandramouli,et al. The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[2] David A. Basin,et al. SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[3] T. C. Ting,et al. Safety and Liveness for an RBAC/MAC Security Model , 2003, DBSec.

[4] Jan Jürjens,et al. UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[5] Ravi S. Sandhu,et al. Towards a UML based approach to role engineering , 1999, RBAC '99.

[6] K J Biba,et al. Integrity Considerations for Secure Computer Systems , 1977 .

[7] Indrakshi Ray,et al. Using Parameterized UML to Specify and Compose Access Control Models , 2003, IICIS.

[8] Ravi S. Sandhu,et al. Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[9] Gail-Joon Ahn,et al. UML-based representation of role-based access control , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[10] Duminda Wijesekera,et al. Consistent and Complete Access Control Policies in Use Cases , 2003, UML.

[11] T. C. Ting,et al. Role-Based Security in a Distributed Resource Environment , 2000, DBSec.

[12] T. C. Ting,et al. Towards a Definitive Paradigm for Security in Object-Oriented Systems and Applications , 1997, Journal of computing and security.

[13] William E. Lorensen,et al. Object-Oriented Modeling and Design , 1991, TOOLS.

[14] Grady Booch,et al. Object-Oriented Design with Applications , 1990 .

[15] T. C. Ting. A User-Role Based Data Security Approach , 1988, Database Security.

[16] Ivar Jacobson,et al. Object-oriented software engineering - a use case driven approach , 1993, TOOLS.

[17] Duminda Wijesekera,et al. authUML: a three-phased framework to analyze access control specifications in use cases , 2003, FMSE '03.

[18] Ivar Jacobson,et al. The Unified Modeling Language User Guide , 1998, J. Database Manag..