Model-Based Run-Time Checking of Security Permissions Using Guarded Objects
In this paper we deal with the application of run-time checking to enforce requirements which, because of their nature, cannot be enforced statically. More specifically, it deals with the problem how to control access to objects within an object-oriented system at run-time in a way that enforces an overall security policy. It aims to improve on the ad-hoc (and often untrustworthy) way it is currently done in practice by automatically generating the run-time checks from a model-based specification of the system that captures the security policy. Concretely, the models are expressed in the UML security extension UMLsec, and the run-time checks that are generated for Java programs rely on GuardedObjects.
KeywordsAccess Control Security Policy Class Diagram Sequence Diagram Covert Channel
- [Gon99]Gong, L.: Inside Java 2 Platform Security – Architecture, API Design, and Implementation. Addison-Wesley, Reading (1999)Google Scholar
- [Jür05]Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: ICSE. IEEE, Los Alamitos (2005)Google Scholar
- [JY07]Jürjens, J., Yu, Y.: Tools for model-based security engineering: Models vs.code. In: 22nd IEEE/ACM Int. Conf. Autom. Softw. Eng. ACM, New York (2007)Google Scholar
- [SYSR06]Sasturkar, A., Yang, P., Stoller, S.D., Ramakrishnan, C.R.: Policy analysis for administrative Role Based Access Control. In: CSFW, pp. 124–138. IEEE, Los Alamitos (2006)Google Scholar
- [Too08]Security verification tool (2001-2008), http://computing-research.open.ac.uk/jj/umlsectool