A Model Transformation Semantics and Analysis Methodology for SecureUML

  • Achim D. Brucker
  • Jürgen Doser
  • Burkhart Wolff
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4199)


SecureUML is a security modeling language for formalizing access control requirements in a declarative way. It is equipped with a uml notation in terms of a uml profile, and can be combined with arbitrary design modeling languages. We present a semantics for SecureUML in terms of a model transformation to standard uml/ocl. The transformation scheme is used as part of an implementation of a tool chain ranging from front-end visual modeling tools over code-generators to the interactive theorem proving environment hol-ocl. The methodological consequences for an analysis of the generated ocl formulae are discussed.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Basin, D., Doser, J., Lodderstedt, T.: Model driven security: from UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15(1) (2006)Google Scholar
  2. 2.
    Brucker, A.D., Doser, J., Wolff, B.: A model transformation semantics and analysis methodology for SecureUML. Tech. Rep. 524, ETH Zürich (2006)Google Scholar
  3. 3.
    Brucker, A.D., Wolff, B.: A verification approach for applied system security. Int. Journal on Software Tools for Technology 7(3), 233–247 (2005)CrossRefGoogle Scholar
  4. 4.
    Brucker, A.D., Wolff, B.: The HOL-OCL book. Tech. Rep. 525, ETH Zürich (2006)Google Scholar
  5. 5.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Infor. and System Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  6. 6.
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Koch, M., Parisi-Presicce, F.: Access control policy specification in UML. In: Critical Systems Development with UML, pp. 63–78 (2001), TUM-I0208Google Scholar
  8. 8.
    Liskov, B.H., Wing, J.M.: A behavioral notion of subtyping. ACM Trans. Progr. Lang. and Systems 16(6), 1811–1841 (1994)CrossRefGoogle Scholar
  9. 9.
    Mantel, H.: Information flow control and applications – bridging a gap. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 153–172. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL— A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  11. 11.
    UML 2.0 OCL specification (2003), Available as ptc/2003-10-14Google Scholar
  12. 12.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Achim D. Brucker
    • 1
  • Jürgen Doser
    • 1
  • Burkhart Wolff
    • 1
  1. 1.Information Securityeth ZurichZurichSwitzerland

Personalised recommendations