Specification and Validation of Authorisation Constraints Using UML and OCL

  • Karsten Sohr
  • Gail-Joon Ahn
  • Martin Gogolla
  • Lars Migge
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3679)


Authorisation constraints can help the policy architect design and express higher-level security policies for organisations such as financial institutes or governmental agencies. Although the importance of constraints has been addressed in the literature, there does not exist a systematic way to validate and test authorisation constraints. In this paper, we attempt to specify non-temporal constraints and history-based constraints in Object Constraint Language (OCL) which is a constraint specification language of Unified Modeling Language (UML) and describe how we can facilitate the USE tool to validate and test such policies. We also discuss the issues of identification of conflicting constraints and missing constraints.


Security Policy Object Constraint Language Policy Designer Access Control Policy Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ahn, G.-J.: The RCL 2000 language for specifying role-based authorization constraints, Ph.D. thesis, George Mason University, Fairfax, Virginia (1999)Google Scholar
  2. 2.
    Ahn, G.-J., Shin, M.E.: Role-Based Authorization Constraints Specification Using Object Constraint Language. In: Proc. of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, pp. 157–162. IEEE, Los Alamitos (2001)Google Scholar
  3. 3.
    American National Standards Institute Inc., Role Based Access Control, ANSI-INCITS 359-2004 (2004)Google Scholar
  4. 4.
    Anderson, R.: A security policy model for clinical information systems. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp. 30–43. IEEE Computer Society Press, CA (1996)Google Scholar
  5. 5.
    Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: Proceedings of the 1987 IEEE Symposium on Security and Privacy, pp. 184–194 (1987)Google Scholar
  6. 6.
    Crampton, J.: Specifying and enforcing constraints in role-based access control. In: Proc. of the 8th ACM Symposium on Access Control Models and Technologies, June 2–3, pp. 43–50. ACM Press, New York (2003)CrossRefGoogle Scholar
  7. 7.
    EU, Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Directive 95/46/EC (1995),
  8. 8.
    Ferraiolo, D., Gilbert, D., Lynch, N.: An examination of federal and commercial access control policy needs. In: Proc. of the NIST-NCSC Nat (U.S.) Comp. Security Conference, pp. 107–116 (1993)Google Scholar
  9. 9.
    Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-based access control, Artec House, Boston (2003)Google Scholar
  10. 10.
    Gligor, V.D., Gavrila, S.I., Ferraiolo, D.: On the formal definition of separation-of-duty policies and their composition. In: 1998 IEEE Symposium on Security and Privacy (SSP 1998), pp. 172–185. IEEE, Los Alamitos (May 1998)Google Scholar
  11. 11.
    Gogolla, M., Bohling, J., Richters, M.: Validation of UML and OCL models by automatic snapshot generation. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 265–279. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Gogolla, M., Richters, M.: Transformation rules for UML class diagrams. In: Bézivin, J., Muller, P.-A. (eds.) UML 1998. LNCS, vol. 1618, pp. 92–106. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  13. 13.
    Jaeger, T., Tidswell, J.E.: Practical safety in flexible access control models. ACM TISSEC 4(2), 158–190 (2001)CrossRefGoogle Scholar
  14. 14.
    Koch, M., Mancini, L.V., Parisi-Presicce, F.: A Graph Based Formalism for RBAC. ACM Transactions on Information and System Security (TISSEC) 5(3), 332–365 (2002)CrossRefGoogle Scholar
  15. 15.
    Koch, M., Parisi-Presicce, F.: Visual specifications of policies and their verification. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 278–293. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Mossakowski, T., Drouineaud, M., Sohr, K.: A temporal-logic extension of role-based access control covering dynamic separation of duties. In: Proc. of TIME-ICTL 2003, Cairns, Queensland, Australia, July 8–10 (2003)Google Scholar
  17. 17.
    Nash, M.J., Poland, K.R.: Some conundrums concerning separation of duty. In: Proc. IEEE Symposium on Research in Security and Privacy, pp. 201–207 (1990)Google Scholar
  18. 18.
    Ray, I., Li, N., France, R., Kim, D.-K.: Using UML to visualize role-based access control constraints. In: Proc. of the 9th ACM symposium on Access control models and technologies, pp. 115–124. ACM Press, New York (2004)CrossRefGoogle Scholar
  19. 19.
    Richters, M.: A Precise Approach to Validating UML Models and OCL Constraints, Ph.D. thesis, Universität Bremen, Fachbereich Mathematik und Informatik, Logos Verlag, Berlin, BISS Monographs, No. 14 (2002)Google Scholar
  20. 20.
    Richters, M., Gogolla, M.: Validating UML models and OCL constraints. In: Evans, A., Kent, S., Selic, B. (eds.) UML 2000. LNCS, vol. 1939, pp. 265–277. Springer, Heidelberg (2000)Google Scholar
  21. 21.
    Rumbaugh, J., Jacobson, I., Booch, G.: The Unified Modeling Language Reference Manual, 2nd edn. Object Technology Series. Addison Wesley, Reading (2004)Google Scholar
  22. 22.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  23. 23.
    Simon, R., Zurko, M.: Separation of duty in role-based environments. In: 10th IEEE Computer Security Foundations Workshop (CSFW 1997), pp. 183–194 (June 1997)Google Scholar
  24. 24.
    Sohr, K., Drouineaud, M., Ahn, G.-J.: Formal Specification of Role-based Security Policies for Clinical Information Systems, Santa Fe, New Mexico. In: Proc. of the 20th ACM Symposium on Applied Computing (2005) (to appear)Google Scholar
  25. 25.
    Warmer, J., Kleppe, A.: The Object Constraint Language: Getting your models ready for MDA. Addison-Wesley, Reading (2003)Google Scholar
  26. 26.
    Ziemann, P., Gogolla, M.: An OCL Extension for Formulating Temporal Constraints, Research Report 1/03, Universität Bremen (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Karsten Sohr
    • 1
  • Gail-Joon Ahn
    • 2
  • Martin Gogolla
    • 1
  • Lars Migge
    • 1
  1. 1.Department of Mathematics and Computer ScienceUniversität BremenBremenGermany
  2. 2.Department of Software and Information SystemsUniversity of North Carolina at CharlotteCharlotteUSA

Personalised recommendations