SecureUML: A UML-Based Modeling Language for Model-Driven Security

  • Torsten Lodderstedt
  • David Basin
  • Jürgen Doser
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2460)


We present a modeling language for the model-driven development of secure, distributed systems based on the Unified Modeling Language (UML). Our approach is based on role-based access control with additional support for specifying authorization constraints. We show how UML can be used to specify information related to access control in the overall design of an application and how this information can be used to automatically generate complete access control infrastructures. Our approach can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    BEA Systems, Inc. Programming WebLogic Enterprise JavaBeans, 2002.
  2. [2]
    A. D. Brucker and B. Wolff. A Proposal for a Formal OCLS emantics in Isabelle/HOL. In C. Munoz, S. Tahar, and V Carreno, editors, TPHOLs 2002, LNCS. Springer-Verlag, 2002.Google Scholar
  3. [3]
    P. Epstein and R. Sandhu. Towards a UML based approach to role engineering. In Proceedings of the fourth ACM workshop on Role-based access control, pages 135–143. ACM Press, 1999.Google Scholar
  4. [4]
    D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3):224–274, 2001.CrossRefGoogle Scholar
  5. [5]
    Interactive Objects Software GmbH. ArcStylerExtensibility Guide, 2002.
  6. [6]
    T. Jaeger. On the increasing importance of constraints. In Proceedings of the fourth ACM workshop on Role-based access control, pages 33–42. ACM Press, 1999.Google Scholar
  7. [7]
    J. Jürjens. Towards development of secure systems using UMLsec. In H. Hussmann, editor, Fundamental Approaches to Software Engineering, 4th International Conference, Proceedings, LNCS, pages 187–200. Springer, 2001.CrossRefGoogle Scholar
  8. [8]
    Koch, A. Uhl, and D. Weise. Model Driven Architecture. Technical report, Interactive Objects Software GmbH, 2002. http://cgi. omg. org/ cgi-bin /doc?ormsc/ 02-01-04.pdf.
  9. [9]
    Object Management Group. OMG Unified Modeling Language Specification, Version 1.4, 2001.
  10. [10]
    R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):3–7, 1996.Google Scholar
  11. [11]
    Sun Microsystems, Inc. Enterprise JavaBeans Specification, Version 2.0, 2001.

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Torsten Lodderstedt
    • 1
  • David Basin
    • 1
  • Jürgen Doser
    • 1
  1. 1.Institute for Computer ScienceUniversity of FreiburgGermany

Personalised recommendations