Skip to main content
SpringerLink
Log in

SecureUML: A UML-Based Modeling Language for Model-Driven Security

  • Conference paper
  • First Online:
≪UML≫ 2002 — The Unified Modeling Language (UML 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2460))

Included in the following conference series:

Abstract

We present a modeling language for the model-driven development of secure, distributed systems based on the Unified Modeling Language (UML). Our approach is based on role-based access control with additional support for specifying authorization constraints. We show how UML can be used to specify information related to access control in the overall design of an application and how this information can be used to automatically generate complete access control infrastructures. Our approach can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems.

This work has been supported by the German ”Bundesministerium für Wirtschaft und Technologie” under the reference number IT-MM-01MS107. The authors are responsible for the content of this publication.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. BEA Systems, Inc. Programming WebLogic Enterprise JavaBeans, 2002. http://e-docs.bea.com/wls/docs6l/pdf/ejb.pdf.

  2. A. D. Brucker and B. Wolff. A Proposal for a Formal OCLS emantics in Isabelle/HOL. In C. Munoz, S. Tahar, and V Carreno, editors, TPHOLs 2002, LNCS. Springer-Verlag, 2002.

    Google Scholar 

  3. P. Epstein and R. Sandhu. Towards a UML based approach to role engineering. In Proceedings of the fourth ACM workshop on Role-based access control, pages 135–143. ACM Press, 1999.

    Google Scholar 

  4. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3):224–274, 2001.

    Article  Google Scholar 

  5. Interactive Objects Software GmbH. ArcStylerExtensibility Guide, 2002. http://www.io-software.com/as-support/docu/extensibility-guide.pdf.

  6. T. Jaeger. On the increasing importance of constraints. In Proceedings of the fourth ACM workshop on Role-based access control, pages 33–42. ACM Press, 1999.

    Google Scholar 

  7. J. Jürjens. Towards development of secure systems using UMLsec. In H. Hussmann, editor, Fundamental Approaches to Software Engineering, 4th International Conference, Proceedings, LNCS, pages 187–200. Springer, 2001.

    Chapter  Google Scholar 

  8. Koch, A. Uhl, and D. Weise. Model Driven Architecture. Technical report, Interactive Objects Software GmbH, 2002. http://cgi. omg. org/ cgi-bin /doc?ormsc/ 02-01-04.pdf.

  9. Object Management Group. OMG Unified Modeling Language Specification, Version 1.4, 2001. http://www.omg.org/technology/documents/formal/uml.htm.

  10. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):3–7, 1996.

    Google Scholar 

  11. Sun Microsystems, Inc. Enterprise JavaBeans Specification, Version 2.0, 2001. http://java.sun.com/ejb/docs.html.

Download references

Author information

Authors and Affiliations

  1. Institute for Computer Science, University of Freiburg, Germany

    Torsten Lodderstedt, David Basin & Jürgen Doser

Authors
  1. Torsten Lodderstedt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Basin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jürgen Doser
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Irisa - Univesité de Rennes 1, Campus de Beaulieu, 35042, Rennes cedex, France

    Jean-Marc Jézéquel

  2. Fakultät Informatik, Technische Universität Dresden, Mommsenstr. 13, 01062, Dresden, Germany

    Heinrich Hussmann

  3. IBM United Kingdom Ltd, Sunbury House, 79 Staines Road West Sunbury-on-Thames, TW16 7AN, Middlesex, UK

    Stephen Cook

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lodderstedt, T., Basin, D., Doser, J. (2002). SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, JM., Hussmann, H., Cook, S. (eds) ≪UML≫ 2002 — The Unified Modeling Language. UML 2002. Lecture Notes in Computer Science, vol 2460. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45800-X_33

Download citation

  • DOI: https://doi.org/10.1007/3-540-45800-X_33

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44254-7

  • Online ISBN: 978-3-540-45800-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation