Security Constraints in Access Control of Information System Using UML Language

Process of security administration in an information system is a complex task. Many security constraints should be expressed in order to define in the proper way the security policy. The security constraints can be classified into two groups. The first group represents the constraints classified by system application and the second group the constraints required by global security policy. The application developer can define the security constraints that should by associated to the application. On the other hand, the security administrator who knows well the global security policy can set up the constraints on the global level. The objective of this paper is to present and implement the security constraints of security schema in information system based on RBAC model. The security constraints can be described using the standard tool, like the UML language and in particular one of its part - the OCL language

[1]  Jos Warmer,et al.  The object constraint language , 1998 .

[2]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[3]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[4]  Gail-Joon Ahn,et al.  The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[5]  Aneta Poniszewska-Maranda,et al.  Verification of access control coherence in information system during modifications , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[6]  Aneta Poniszewska-Maranda,et al.  Role engineering of information system using extended RBAC model , 2005, 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05).

[7]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[8]  Gail-Joon Ahn,et al.  The rcl 2000 language for specifying role-based authorization constraints , 2000 .

[9]  D. Richard Kuhn,et al.  Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems , 1997, RBAC '97.

[10]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[11]  Aneta Poniszewska-Maranda,et al.  Representation of Extended RBAC Model Using UML Language , 2005, SOFSEM.

[12]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.