Conception approach of access control in heterogeneous information systems using UML

The development of the information systems should answer more and more to the problems of federated data sources and the problems with the heterogeneous distributed information systems. The assurance of data access security realized in the cooperative information systems with loose connection among local data sources is hard to achieve mainly for two reasons: the local data sources are heterogeneous (i.e. data, models, access security models, semantics, etc.) and the local autonomy of systems does not allow to create a global integrated security schema.The paper proposes to use one common set of access control concepts to support the access control management in security of heterogeneous information systems. The UML (Unified Modeling Language) concepts can be used to define and implement the most popular access control models, such as DAC, MAC or RBAC. Next, the concepts derived from different models can be joined to use one common approach comprehensible for each administrator of each cooperative information system in the federation.

[1]  Aneta Poniszewska-Maranda,et al.  Representation of Extended RBAC Model Using UML Language , 2005, SOFSEM.

[2]  Gail-Joon Ahn,et al.  The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[3]  Aneta Poniszewska-Maranda,et al.  Access Control Coherence of Information Systems Based on Security Constraints , 2006, SAFECOMP.

[4]  Danielle Boulanger,et al.  A Role-Based Model for Access Control in Database Federations , 2001, ICICS.

[5]  Anneke Kleppe,et al.  The object constraint language: precise modeling with UML , 1998 .

[6]  Ivar Jacobson,et al.  Unified Modeling Language User Guide, The (2nd Edition) (Addison-Wesley Object Technology Series) , 2005 .

[7]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[8]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[9]  Ivar Jacobson,et al.  The Unified Modeling Language User Guide , 1998, J. Database Manag..

[10]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[11]  Gail-Joon Ahn,et al.  The rcl 2000 language for specifying role-based authorization constraints , 2000 .

[12]  Aneta Poniszewska-Maranda,et al.  Role engineering: From design to evolution of security schemes , 2008, J. Syst. Softw..

[13]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[14]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.