RBAC/MAC security for UML

IFIP Advances in Information and Communication Technology

Volumn 144, Issue , 2004, Pages 189-204

  Doan, T ^a   Demurjian, S ^a   Ting, T C ^a   Phillips, C ^b  

^a UNIVERSITY OF CONNECTICUT   (United States)

^b UNITED STATES MILITARY ACADEMY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

GRAPHIC METHODS; SOFTWARE DESIGN; UNIFIED MODELING LANGUAGE;

MANDATORY ACCESS CONTROL; MUTUAL EXCLUSIONS; ROLE-BASED ACCESS CONTROL; SECURITY ASSURANCE; SECURITY REQUIREMENTS; SOFTWARE CONSTRUCTION; SYSTEM FUNCTIONALITY; SYSTEM REQUIREMENTS;

ACCESS CONTROL;

EID: 80053570407     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: 10.1007/1-4020-8128-6_13     Document Type: Conference Paper

References (20)

1. K. Alghathbar and D. Wijesekera. "AuthUML: A Three-phased Framework to model Secure Use Cases." Proc. of the 10th ACM Conf. on Computer and Communications Security, 2003.
2. K. Alghathbar and D. Wijesekera. "Consistent and Complete Access Control Policies in Use Cases." Proc. of UML 2003, San Francisco, CA, LNCS, 2003.
3. D. Bell and L. LaPadula. Secure Computer Systems: Mathematical Foundations Model. M74-244, Mitre Corp., Bedford, MA, 1975.
4. K. Biba. Integrity Considerations for Secure Computer Systems. TR-3153, Mitre Corp., Bedford, MA, 1977.
5. G. Booch, Object-Oriented Design With Applications. Benjamin/Cummings, 1991.
6. G. Booch, et al. The Unified Modeling Language User Guide. Addison-Wesley, 1999.
7. S. Demurjian and T.C. Ting. "Towards a Definitive Paradigm for Security in Object-Oriented Systems and Applications." Journal of Computer Security, 5(4), 1997.
8. S. Demurjian, et al. "A User Role-Based Security Model for a Distributed Environment." Research Advances in Database and Information Systems Security, J. Therrien (ed.), Kluwer, 2001.
9. P. Epstein and R. Sandhu. "Towards A UML Based Approach to Role Engineering." Proc. of the 4th ACM Wksp. on RBAC, 1999.
10. D. F. Ferraiolo, et al. "Proposed NIST standard for role-based access control." ACM TOIS. 4(3), Aug. 2001.
11. I. Jacobson, et al. Object-Oriented Software Engineering: A Use Case Driven Approach. Addison-Wesley, 1992.
12. J. Jurjens. "UMLsec: Extending UML for Secure Systems Development." Proc. of UML 2002, Dresden, LNCS, 2002.
13. T. Lodderstedt, D. Basin and J. Doser. "SecureUML: A UML-Based Modeling Language for Model-Driven Security." Proc. of UML 2002, Dresden, LNCS, 2002.
14. OMG. OMG-Unified Modeling Language, v.1.5. UML Resource Page, March 2003 (www.omg.org/uml/).
15. S. Osborn, et al. "Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies." ACM TOIS. 3 (2), May 2000.
16. C. Phillips, et al. "Safety and Liveness for an RBAC/MAC Security Model." Data and Applications Security: Developments and Directions III, E. Gudes and S. Shenoi (eds.), Kluwer, 2004.
17. I. Ray, et al. "Using Parameterized UML to Specify and Compose Access Control Models."Proc. of the 6th IFIP Working Conf. on Integrity & Internal Control in Info. Systems, Switzerland, 2003.
18. J. Rumbaugh, et al. Object-Oriented Modeling and Design. Prentice-Hall, 1991.
19. M. Shin and G. Ahn. "UML-Based Representation of Role-Based Access Control." Proc. of the IEEE 9th Intl. Wksp. on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2000.
20. T.C. Ting. "A User-Role Based Data Security Approach." Database Security: Status and Prospects, C. Landwehr (ed.), North-Holland, 1988.