SecTOOL – Supporting Requirements Engineering for Access Control

  • Steffen Kolarczyk
  • Manuel Koch
  • Klaus-Peter Löhr
  • Karl Pauls
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3995)


SecTOOL is a case tool for security engineering. It comes as an extension to traditional UML tools, taking into account access control requirements. In particular, it supports the developer in eliciting access control information from UML diagrams for the early phases, starting with requirements analysis and use case diagrams. Access control policies coded in VPL or XACML are generated from the diagrams; vice versa, textually coded policies can be visualized in UML diagrams. Design and usage of the tool are described, emphasizing its platform independence through XACML.


Access Control Class Diagram Sequence Diagram Access Control Policy Security Engineering 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alam, M., Breu, R., Breu, M.: Model–Driven Security for Web Services. In: Proceedings of the 8th Int. Multi-Topic Conference, pp. 498–505. IEEE, Los Alamitos (2004)Google Scholar
  2. 2.
    Basin, D., Doser, J., Lodderstedt, T.: Model–Driven Security: from UML Models to Access Control Infrastructures. Journal of ACM Transactions on Software Engineering and Methodology (2005)Google Scholar
  3. 3.
    Breu, R., Hafner, M., Weber, B., Alam, M., Breu, M.: Towards Model Driven Security of Inter-Organizational Workflows. In: Proceedings of the Workshops on Specification and Automated Processing of Security Requirements, pp. 255–267 (2004) Google Scholar
  4. 4.
    Brose, G.: Access Control Management in Distributed Object Systems. PhD thesis, Freie Universität Berlin (2001)Google Scholar
  5. 5.
    Brose, G.: Raccoon — An Infrastructure for Managing Access Control in CORBA. In: Proc. Int. Conference on Distributed Applications and Interoperable Systems (DAIS). Kluwer, Dordrecht (2001)Google Scholar
  6. 6.
    Brose, G.: Manageable Access Control for CORBA. Journal of Computer Security 4, 301–337 (2002)CrossRefGoogle Scholar
  7. 7.
    Brose, G., Koch, M., Löhr, K.-P.: Integrating Access Control Design into the Software Development Process. In: Proc. of 6th Int. Conference on Integrated Design and Process Technology (IDPT) (2002)Google Scholar
  8. 8.
    Fink, T., Koch, M., Oancea, C.: Specification and Enforcement of Access Control in Heterogeneous Distributed Applications. In: Jeckle, M., Zhang, L.-J. (eds.) ICWS-Europe 2003. LNCS, vol. 2853, pp. 88–100. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)MATHGoogle Scholar
  10. 10.
    Jürjens, J.: Towards Development of Secure Systems Using UMLsec. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, pp. 187–200. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Koch, M., Mancini, L.V., Parisi-Presicce, F.: Foundations for a Graph-Based Approach to the Specification of Access Control Policies. In: Honsell, F., Miculan, M. (eds.) FOSSACS 2001. LNCS, vol. 2030, p. 287. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 426. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Interactive Objects. Arcstyler (2005),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Steffen Kolarczyk
    • 1
  • Manuel Koch
    • 1
  • Klaus-Peter Löhr
    • 1
  • Karl Pauls
    • 1
  1. 1.Institut für InformatikFreie Universität BerlinBerlinGermany

Personalised recommendations