A pattern-based technique for developing UML models of access control systems

Proceedings - International Computer Software and Applications Conference

Volumn 1, Issue , 2006, Pages 317-324

  Kim, Dae Kyoo ^a   Gokhale, Priya ^a  

^a Oakland University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPOSITION ALGORITHM; MANDATORY ACCESS CONTROL (MAC);

ACCESS CONTROL; ALGORITHMS; MATHEMATICAL MODELS; SYSTEMS ANALYSIS;

MARKUP LANGUAGES;

EID: 34247543966     PISSN: 07303157     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/COMPSAC.2006.14     Document Type: Conference Paper

References (23)

1. G. Ahn and R. Sandhu. The RSL99 Language for Role-Based Separation of Duty Constraints. In Proceedings of ACM Workshop on Role-Based Access Control, pages 43-54, 1999.
2. T. Doan, S. Demurjian, T.C. Ting, and A. Ketterl. MAC and UML for Secure Software Design. In Proceedings of 2nd ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code, Washington D.C., 2004.
3. Z. Dwaikat and F. Parisi-Presicce. From Misuse Cases to Collaboration Diagrams in UML. In Proceedings of 3rd International Workshop on Critical Systems Development with UML, October 2004.
4. D.F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and Systems Security, 4(3), August 2001.
5. R. France, I. Ray, G. Georg, and S. Ghosh. An Aspect-Oriented Approach to Design Modeling. IEE Proceedings - Software, Special Issue on Early Aspects: Aspect Oriented Requirements Engineering and Architecture Design, 151(4):173-185, August 2004.
6. E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, 1995.
7. M.H. Harrison, W.L. Ruzzo, and J.D. Ullman. Protection in Operating Systems. Communications of the ACM, 19(8):461-471, August 1976.
8. J. Jurjens. UMLsec: Extending UML for Secure Systems Development. In Proceedings of the 5th International Conference on the Unified Modeling Language, pages 412-425, Dresden, Germany, 2002.
9. D. Kim. A Meta-Modeling Approach to Specifying Patterns. PhD thesis, Colorado State University, Fort Collins, CO, 2004.
10. D. Kim. Evaluation of Pattern Conformance. Technical Report CSE-05-TR-0501, CSE Department, Oakland University, Rochester, MI, March 2005.
11. D. Kim, R. France, S. Ghosh, and E. Song. A Role-Based Metamodeling Approach to Specifying Design Patterns. In Proceedings of the 27th IEEE Annual International Computer Software and Applications Conference (COMPSAC), pages 452-457, Dallas, USA, 2003. IEEE Computer Society Press.
12. D. Kim, I. Ray, R. France, and N. Li. Modeling Role-Based Access Control Using Parameterized UML Models. In Proceedings of Fundamental Approaches to Software Engineering, Barcelona, Spain, 2004.
13. T. Lodderstedt, D. A. Basin, and J. Doser. SecureUML: A UML-Based Modeling Language for Model-Driven Security. In Proceedings of the 5th International Conference on the Unified Modeling Language, pages 426-441, Dresden, Germany, 2002.
14. T. Mens, K. Czarnecki, and P. Van Gorp. A Taxonomy of Model Transformations. In Online Proceedings of the Dagstuhl Seminar 04101 on Language Engineering for Model-Driven Software Development, Schloss Dagstuhl, Wadern, Germany, 2004.
15. M. Nyanchama and S. Osborn. The Role Graph Model and Conflict of Interest. ACM Transactions on Information Systems Security, 2:3-33, 1999.
16. S. Osborn and Y. Guo. Modelling Users in Role-Based Access Control. In Proceedings of the 5th ACM Workshop on Role-Based Access Control, pages 31-37, Berlin, Germany, July 2000.
17. T. Priebe, E.B. Fernandez, J.I. Mehlau, and G. Pernul. A Pattern System for Access Control. In Proceedings of 18th Annual IFIP WG 11.3 Working Conference on Data and Application Security, Sitges, Spain, 2004.
18. I. Ray, N. Li, D. Kim, and R. France. Using Parameterized UML to Specify and Compose Access Control Models. In Proceedings of the 6th IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems (IICIS), Lausanne, Switzerland, 2003.
19. R. Sandhu and P. Samarati. Access Control: Principles and Practice. IEEE Communications, 32(9):40-48, September 1994.
20. G. Sindre and A. Opdahl. Eliciting Security Requirements by Misuse Cases. In IEEE TOOLS-37, pages 120-131. IEEE CS Press, 2000.
21. The Object Management Group (OMG). Unified Modeling Language: Superstructure. Version 2.0 Formal/05-07-04, OMG, http://www.omg.org, August 2005.
22. J. E. Tidswell and T. Jaeger. An Access Control Model for Simplifying Constraint Expression. In Proceedings of the 7th ACM conference on Computer and communications security, pages 154-163, Athens, Greese, November 2000.
23. J. Warmer and A. Kleppe. The Object Constraint Language Second Edition: Getting Your Models Ready for MDA. Addison Wesley, 2003.