Articulating and enforcing authorisation policies with UML and OCL

SESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications

Volumn , Issue , 2005, Pages

  Sohr, Karsten ^a   Ahn, Gail Joon ^b   Migge, Lars ^a  

^a UNIVERSITY OF BREMEN   (Germany)

^b University of North Carolina at Charlotte   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; NETWORK SECURITY;

ACCESS CONTROL POLICIES; ENGINEERING TECHNIQUES; HIGHER-LEVEL SECURITY; MODEL DRIVEN APPROACH; MODEL METHOD; SECURITY REQUIREMENTS; SECURITY-CRITICAL; UML SPECIFICATIONS;

APPLICATION PROGRAMS;

EID: 85085846560     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1083200.1083215     Document Type: Conference Paper

References (15)

1. G.-J. Ahn, The RCL 2000 language for specifying role-based authorization constraints, Ph.D. thesis, George Mason University, Fairfax, Virginia, 1999.
2. G.-J. Ahn and M.E. Shin, Role-Based Authorization Constraints Specification Using Object Constraint Language, Proc. of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, IEEE, 2001, pp. 157-162.
3. American National Standards Institute Inc., Role Based Access Control, 2004, ANSI-INCITS 359-2004.
4. D.F. Ferraiolo, D.R. Kuhn, and R. Chandramouli, Role-based access control, Artec House, Boston, 2003.
5. T. Jaeger and J.E. Tidswell, Practical safety in flexible access control models, ACM TISSEC 4 (2001), no. 2, 158-190.
6. L. Migge, Specification and Enforcement of Role-based Security Policies, 2005, Master Thesis, Universität Bremen.
7. I. Ray, N. Li, R. France, and D.-K. Kim, Using UML to visualize role-based access control constraints, Proc. of the 9th ACM symposium on Access control models and technologies, ACM Press New York, USA, 2004, pp. 115-124.
8. M. Richters, A Precise Approach to Validating UML Models and OCL Constraints, Ph.D. thesis, Universität Bremen, Fachbereich Mathematik und Informatik, Logos Verlag, Berlin, BISS Monographs, No. 14, 2002.
9. J. Rumbaugh, I. Jacobson, and G. Booch, The Unified Modeling Language Reference Manual, Second Edition, Object Technology Series, Addison Wesley Longman, Reading, Mass., 2004.
10. R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, Role-based access control models, Computer 29 (1996), no. 2, 38-47.
11. R. Simon and M. Zurko, Separation of duty in role-based environments, 10th IEEE Computer Security Foundations Workshop (CSFW '97), June 1997, pp. 183-194.
12. K. Sohr, M. Drouineaud, and G.-J. Ahn, Formal Specification of Role-based Security Policies for Clinical Information Systems, Santa Fe, New Mexico, Proc. of the 20th ACM Symposium on Applied Computing, 2005, To appear.
13. J. Warmer and A. Kleppe, The Object Constraint Language: Getting your models ready for MDA, Addison-Wesley, Reading/MA, 2003.
14. J. Warmer, A. Kleppe, and W. Bast, The MDA explained - the model driven architecture: Practice and promise, Addison-Wesley, Reading/MA, 2003.
15. P. Ziemann and M. Gogolla, An OCL Extension for Formulating Temporal Constraints, Research Report 1/03, Universität Bremen, 2003.