Skip to main content
SpringerLink
Log in

Extending the UML Standards to Model Tree-Structured Data and Their Access Control Requirements

  • Conference paper
  • First Online:
Security Standardisation Research (SSR 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10074))

Included in the following conference series:

Abstract

Secure data sharing between computational systems is a necessity to many workflows across domains such as healthcare informatics, law enforcement and national security. While there exist many approaches towards securing data for the purpose of dissemination, the vast majority follows the traditional thought of security engineering that occurs as the last step of the overall software engineering process. In this paper we extend the Unified Modeling Language (UML) standard to: (1) modeling tree-structured data and associated schemas and (2) information security via role-based, lattice-based, and discretionary access control; both push it towards the forefront of the software development life-cycle. Tree structured data and associated schemas are dominant in information modeling and exchange formats including: the eXtensible Markup Language (XML), JavaScript Object Notation (JSON), etc. New UML artifacts for tree-structured data and schemas would allow the modeling of generalized information solutions from which XML, JSON, RDF, etc., could be generated; this is akin to generating different object-oriented programming language code from UML class diagrams. This UML extension also allows security experts to model and define information security requirements at the schema level as well, before code is written. The end-result is the assurance of information security for the purpose of sharing across computational systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. HITECH act enforcement interim final rule (2014). http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html

  2. UML ISO standard. Object Management Group (2014). http://www.omg.org/spec/UML/

  3. Annas, G.J.: HIPAA regulations—a new era of medical-record privacy? N. Engl. J. Med. 348, 1486–1490 (2003)

    Article  Google Scholar 

  4. Baumer, D., Earp, J.B., Payton, F.C.: Privacy of medical records: IT implications of HIPAA, pp. 137–152 (2006)

    Google Scholar 

  5. Bernauer, M., Kappel, G., Kramler, G.: Representing XML schema in UML–A comparison of approaches, pp. 767–769 (2004)

    Google Scholar 

  6. Bernauer, M., Kappel, G., Kramler, G.: Representing XML schema in UML-an UML profile for XML schema (2003)

    Google Scholar 

  7. Boudreau, T., Glick, J., Greene, S., Spurlin, V., Woehr, J.J.: NetBeans: The Definitive Guide. O’Reilly Media Inc., Sebastopol (2002)

    Google Scholar 

  8. Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible markup language (XML) (1998)

    Google Scholar 

  9. Crockford, D.: JSON: the fat-free alternative to XML (2006)

    Google Scholar 

  10. Damiani, E., Capitani, De, di Vimercati, S., Paraboschi, S., Samarati, P.: Design and implementation of an access control processor for XML documents. Comput. Netw. 33, 59–75 (2000)

    Article  Google Scholar 

  11. Damiani, E., Fansi, M., Gabillon, A., Marrara, S.: A general approach to securely querying XML. Comput. Stand. Interfaces 30, 379–389 (2008)

    Article  Google Scholar 

  12. Dolin, R.H., Alschuler, L., Boyer, S., Beebe, C., Behlen, F.M., Biron, P.V., Shvo, A.S.: HL7 clinical document architecture, release 2. J. Am. Med. Inform. Assoc. 13, 30–39 (2006)

    Article  Google Scholar 

  13. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inform. Syst. Secur. 4, 224–274 (2001)

    Article  Google Scholar 

  14. Ferranti, J.M., Musser, R.C., Kawamoto, K., Hammond, W.: The clinical document architecture and the continuity of care record: A critical analysis. J. Am. Med. Inform. Assoc. 13, 245–252 (2006)

    Article  Google Scholar 

  15. Fowler, M.: UML distilled: a brief guide to the standard object modeling language. Addison-Wesley Professional, Boston (2004)

    Google Scholar 

  16. Guideline, M.: Model minimum uniform crash criteria. 811, 631 (2012)

    Google Scholar 

  17. Klyne, G., Carroll, J.J., McBride, B.: Resource description framework (RDF): Concepts and abstract syntax. 10 (2004)

    Google Scholar 

  18. Lee, M., Kim, H., Kim, J., Lee, J.: StarUML 5.0 developer guide’ (2005)

    Google Scholar 

  19. McGuinness, D.L., Van Harmelen, F.: OWL web ontology language overview. 10, 10 (2004)

    Google Scholar 

  20. Merkow, M.: cXML: a new taxonomy for E-commerce (1999)

    Google Scholar 

  21. Moore, B., Dean, D., Gerber, A., Wagenknecht, G., Vanderheyden, P.: Eclipse development. 379 (2004)

    Google Scholar 

  22. OFX, Open Financial Exchange Specification

    Google Scholar 

  23. Ogle, J.H., Alluri, P., Sarasua, W.: MMUCC and MIRE: the role of segmentation in safety analysis (2011)

    Google Scholar 

  24. Pavlich-Mariscal, J., Michel, L., Demurjian, S.: Enhancing UML to model custom security aspects (2007)

    Google Scholar 

  25. Pavlich-Mariscal, Jaime A., Michel, Laurent, Demurjian, Steven A.: A formal enforcement framework for role-based access control using aspect-oriented programming. In: Briand, Lionel C., Williams, Clay (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 537–552. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  26. Pavlich-Mariscal, J.A., Demurjian, S.A., Michel, L.D.: A framework for security assurance of access control enforcement code. Comput. Secur. 29, 770–784 (2010)

    Article  Google Scholar 

  27. Poernomo, I.: The meta-object facility typed, pp. 1845–1849 (2006)

    Google Scholar 

  28. Ramirez, A., Vanpeperstraete, P., Rueckert, A., Odutola, K., Bennett, J., Tolke, L., van der Wulp, M.: ArgoUML user manual: a tutorial and reference description (2003)

    Google Scholar 

  29. Randolph, N., Gardner, D., Anderson, C., Minutillo, M.: Professional Visual Studio 2010. Wiley, Hoboken (2010)

    Google Scholar 

  30. Sandhu, R.S.: Lattice-based access control models. Computer 26, 9–19 (1993)

    Article  Google Scholar 

  31. Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32, 40–48 (1994)

    Article  Google Scholar 

  32. Warmer, J.B., Kleppe, A.G.: The object constraint language: Precise modeling with uml (addison-wesley object technology series) (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Loki Labs Inc, Baltimore, USA

    Alberto De la Rosa Algarín

  2. Department of Computer Science and Engineering, University of Connecticut, Storrs, USA

    Steven A. Demurjian

Authors
  1. Alberto De la Rosa Algarín
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steven A. Demurjian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alberto De la Rosa Algarín .

Editor information

Editors and Affiliations

  1. Computer Security Division, NIST, Gaithersburg, Maryland, USA

    Lidong Chen

  2. Cisco Systems Inc., San Jose, USA

    David McGrew

  3. University of London, Egham, United Kingdom

    Chris Mitchell

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

De la Rosa Algarín, A., Demurjian, S.A. (2016). Extending the UML Standards to Model Tree-Structured Data and Their Access Control Requirements. In: Chen, L., McGrew, D., Mitchell, C. (eds) Security Standardisation Research. SSR 2016. Lecture Notes in Computer Science(), vol 10074. Springer, Cham. https://doi.org/10.1007/978-3-319-49100-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49100-4_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49099-1

  • Online ISBN: 978-3-319-49100-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation