Access Control Specification in UML

Security requirements have become an integral part of most modern soft¬ware systems. In order to produce secure systems, it is necessary to provide soft¬ware engineers with the appropriate systematic support. This chapter discusses a methodology to integrate the specification of access control policies into UML. The methodology, along with the graph-based formal semantics for the UML access control specification, allows to reason about the coherence of the access control spec¬ification. The chapter also presents a procedure to modify policy rules to guarantee the satisfaction of constraints, and shows how to generate access control requirements from UML diagrams. The main concepts in the UML access control specification are illustrated with an example access control model for distributed object systems.