Model-Based Run-Time Checking of Security Permissions Using Guarded Objects

  • Jan Jürjens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5289)


In this paper we deal with the application of run-time checking to enforce requirements which, because of their nature, cannot be enforced statically. More specifically, it deals with the problem how to control access to objects within an object-oriented system at run-time in a way that enforces an overall security policy. It aims to improve on the ad-hoc (and often untrustworthy) way it is currently done in practice by automatically generating the run-time checks from a model-based specification of the system that captures the security policy. Concretely, the models are expressed in the UML security extension UMLsec, and the run-time checks that are generated for Java programs rely on GuardedObjects.


Access Control Security Policy Class Diagram Sequence Diagram Covert Channel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [GD04]
    Giambiagi, P., Dam, M.: On the secure implementation of security protocols. Sci. Comput. Program. 50(1-3), 73–99 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  2. [Gon99]
    Gong, L.: Inside Java 2 Platform Security – Architecture, API Design, and Implementation. Addison-Wesley, Reading (1999)Google Scholar
  3. [HR04]
    Havelund, K., Rosu, G.: An overview of the runtime verification tool Java PathExplorer. Formal Methods in System Design 24(2), 189–215 (2004)CrossRefzbMATHGoogle Scholar
  4. [JS08]
    Jürjens, J., Schreck, J.: Automated analysis of permission-based security using UMLsec. In: Fiadeiro, J.L., Inverardi, P. (eds.) FASE 2008. LNCS, vol. 4961. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. [Jür04]
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  6. [Jür05]
    Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: ICSE. IEEE, Los Alamitos (2005)Google Scholar
  7. [JY07]
    Jürjens, J., Yu, Y.: Tools for model-based security engineering: Models vs.code. In: 22nd IEEE/ACM Int.  Conf.  Autom.  Softw.  Eng. ACM, New York (2007)Google Scholar
  8. [KVK+04]
    Kim, M., Viswanathan, M., Kannan, S., Lee, I., Sokolsky, O.: Java-MaC: A run-time assurance approach for Java programs. Formal Methods in System Design 24(2), 129–155 (2004)CrossRefzbMATHGoogle Scholar
  9. [SS75]
    Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)CrossRefGoogle Scholar
  10. [SYSR06]
    Sasturkar, A., Yang, P., Stoller, S.D., Ramakrishnan, C.R.: Policy analysis for administrative Role Based Access Control. In: CSFW, pp. 124–138. IEEE, Los Alamitos (2006)Google Scholar
  11. [Too08]
    Security verification tool (2001-2008),

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jan Jürjens
    • 1
  1. 1.Computing DepartmentThe Open UniversityGB

Personalised recommendations