A model transformation semantics and analysis methodology for SecureUML

SecureUML is a security modeling language for formalizing access control requirements in a declarative way. It is equipped with a uml notation in terms of a uml profile, and can be combined with arbitrary design modeling languages. We present a semantics for SecureUML in terms of a model transformation to standard uml/ocl. The transformation scheme is used as part of an implementation of a tool chain ranging from front-end visual modeling tools over code-generators to the interactive theorem proving environment hol-ocl. The methodological consequences for an analysis of the generated ocl formulae are discussed.