Abstract
To guarantee the security of computer systems, it is necessary to define security permissions to restrict the access to the systems’ resources. These permissions enforce certain restrictions based on the workflows the system is designed for. It is not always easy to see if workflows and the design of the security permissions for the system fit together. We present research towards a tool which supports embedding security permissions in UML models and model-based security analysis by providing consistency checks. It also offers an automated analysis of underlying mechanisms for managing security-critical permissions using Prolog resp. automated theorem provers for first-order logic.
Chapter PDF
Similar content being viewed by others
References
Best, B., Jürjens, J., Nuseibeh, B.: Model-based security engineering of distributed information systems using UMLsec. In: 29th Int. Conf. on Softw. Engineering (ICSE), pp. 581–590. ACM Press, New York (2007)
Jürjens, J., Schreck, J., Bartmann, P.: Model-based security analysis for mobile communications. In: 30th Int. Conf. on Softw. Engineering (ICSE), ACM Press, New York (2008)
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)
Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: 27th Int. Conf. on Softw. Engineering (ICSE), pp. 322–331. IEEE, Los Alamitos (2005)
UMLsec tool, 2001-07, http://coputing-research.open.ac.uk/jj/umlsectool
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jürjens, J., Schreck, J., Yu, Y. (2008). Automated Analysis of Permission-Based Security Using UMLsec. In: Fiadeiro, J.L., Inverardi, P. (eds) Fundamental Approaches to Software Engineering. FASE 2008. Lecture Notes in Computer Science, vol 4961. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78743-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-540-78743-3_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78742-6
Online ISBN: 978-3-540-78743-3
eBook Packages: Computer ScienceComputer Science (R0)