Using UML to visualize role-based access control constraints

Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)

Volumn 9, Issue , 2004, Pages 115-124

  Ray, Indrakshi ^a   Li, Na ^a   France, Robert ^a   Kim, Dae Kyoo ^a  

^a Colorado State University   (United States)

Author keywords

Modeling; RBAC; UML

Indexed keywords

COMPUTER OPERATING SYSTEMS; CONSTRAINT THEORY; FORMAL LOGIC; HIGH LEVEL LANGUAGES; INFORMATION MANAGEMENT; MATHEMATICAL MODELS; PARAMETER ESTIMATION; PROBLEM SOLVING; PUBLIC POLICY;

MODELING; RBAC; UML; UNIFIED MODELING LANGUAGE;

SECURITY OF DATA;

EID: 4143147399     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/990036.990054     Document Type: Conference Paper

References (31)

1. G. Ahn and R. Sandhu. The RSL99 Language for Role-Based Separation of Duty Constraints. In Proceedings of ACM Workshop on Role-Based Access Control, pages 43-54, 1999.
2. G.J. Ahn and M. E. Shin. Role-based authorization constraints specification using object constraint language. In Proceedings of the 10th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE '01), pages 157-162, Cambridge, Massachusetts, June 2001.
3. S. Barker. Security Policy Specification in Logic. In Proceedings of the International Conference on Artificial Intelligence, pages 143-148, Las Vegas, NV, 2000.
4. S. Barker and A. Rosenthal. Flexible Security Policies in SQL. In Proceedings of the 15th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Niagara-on-the-Lake, Canada, 2001.
5. E. Bertino, P. Bonatti, and E. Ferrari. TRBAC: A Temporal Role-Based Access Control Model. In Proceedings of the 5th ACM Workshop on Role-Based Access Control, pages 21-30, Berlin, Germany, 2000.
6. R. Chandramouli. Application of XML Tools for Enterprise-Wide RBAC Implementation Tasks. In Proceedings of the 5th ACM workshop on Role-based Access Control, Berlin, Germany, July 2000.
7. F. Chen and R. Sandhu. Constraints for Role-Based Access Control. In Proceedings of the 1st ACM Workshop on Role-Based Access Control, Gaithersburg, MD, 1995.
8. N. Damianou and N. Dulay. The Ponder Policy Specification Language. In Proceedings of the Policy Workshop, Bristol, U.K., 2001.
9. P. Epstein and R. S. Sandhu. Towards a UML Based Approach to Role Engineering. In Proceedings of the 4th ACM Workshop on Role-Based Access Control, pages 145-152, 1999.
10. D.F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and Systems Security, 4(3), August 2001.
11. Geri Georg, Robert France, and Indrakshi Ray. An Aspect-Based Approach to Modeling Security Concerns. In Proceedings of the Workshop on Critical Systems Development with UML, Dresden, Germany, 2002.
12. R. Grimm and B. Bershad. Providing Policy-Neutral and Transparent Access Control in Extensible Systems. Technical Report UW-CSE-98-02-02, University of Washington, 1998.
13. R. J. Hayton, J. M. Bacon, and K. Moody. Access Control in Open Distributed Environment. In IEEE Symposium on Security and Privacy, pages 3-14, Oakland, CA, May 1998.
14. M. Hitchens and V. Varadarajan. Tower: A Language for Role-Based Access Control. In Proceedings of the Policy Workshop, Bristol, U.K., 2001.
15. J. A. Hoagland, R. Pandey, and K. N. Levitt. Security Policy Specification Using a Graphical Approach. Technical Report CSE-98-3, Computer Science Department, University of California Davis, July 1998.
16. S. Jajodia, P. Samarati, and V. S. Subrahmanian. A Logical Language for Expressing Authorizations. In IEEE Symposium on Security and Privacy, pages 31-42, Oakland, CA, May 1997.
17. J. Jurjens. UMLsec: Extending UML for Secure Systems Development. In Proceedings of the 5th International Conference on the Unified Modeling Language, pages 412-425, Dresden, Germany, October 2002.
18. Dae-Kyoo Kim, Robert France, Sudipto Ghosh, and Eunjee Song. Using Role-Based Modeling Language (RBML) as Precise Characterizations of Model Families. In Proceedings of the International Conference on Engineering Complex Computing Systems (ICECCS 2002), Greenbelt, MD, December 2002. ACM Press.
19. M. Koch, L. V. Mancini, and F. Parisi Presicce. A Graph Based Formalism for RBAC. ACM Transactions on Information and System Security, 5(3):323-365, 2002.
20. T. Lodderstedt, D. A. Basin, and J. Doser. SecureUML: A UML-Based Modeling Language for Model-Driven Security. In Proceedings of the 5th International Conference on the Unified Modeling Language, pages 426-441, Dresden, Germany, October 2002.
21. M. Nyanchama and S. Osborn. The Role Graph Model and Conflict of Interest. ACM Transactions on Information Systems Security, 2:3-33, 1999.
22. OASIS. XACML Language Proposal, Version 0.8. Technical report, Organization for the Advancement of Structured Information Standards, January 2002. Available electronically from http://www.oasis-open.org/committees/xacml.
23. R. Ortalo. A Flexible Method for Information Systems Security Policy Specification. In Proceedings of the 5th European Symposium on Research in Computer Security, Louvain-la-Neuve, Belgium, 1998. Springer-Verlag.
24. S. Osbom and Y. Guo. Modeling Users in Role-Based Access Control. In Proceedings of the 5th ACM Workshop on Role-Based Access Control, pages 31-37, Berlin, Germany, July 2000.
25. I. Ray, N. Li, D. Kim, and R. France. Using Parameterized UML to Specify and Compose Access Control Models. In Proceedings of the 6th IFIP TC-11 WG11.5 Working Conference on Integrity and Internal Control in Information Systems (IICIS), Lausanne, Switzerland, November 13-14 2003.
26. C. Ribeiro, A. Zuquete, and P. Ferreira. SPL: An Access Control Language for Security Policies with Complex Constraints. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, February 2001.
27. J. H. Saltzer and M. D. Schroeder. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9): 1278-1308, September 1975.
28. E. G. Sirer, R. Grimm, A. J. Gregory, N. R. Anderson, and B. N. Bershad. Improving the security, scalability, manageability and performance of system services for network computing. Technical Report UW-CSE-98-09-01, University of Washington, September 1998.
29. The Object Management Group (OMG). Unified Modeling Language: Superstructure. Version 2.0, Final Adopted Specification, OMG, http://www.omg.org, August 2003.
30. J. E. Tidswell and T. Jaeger. An Access Control Model for Simplifying Constraint Expression. In Proceedings of the 7th ACM conference on Computer and communications security, pages 154-163, Athens, Greece, November 2000.
31. J. Warmer and A. Kleppe. The Object Constraint Language, Second Edition. Addison-Wesley, 2003.