Abstract
We present a modeling language for the model-driven development of secure, distributed systems based on the Unified Modeling Language (UML). Our approach is based on role-based access control with additional support for specifying authorization constraints. We show how UML can be used to specify information related to access control in the overall design of an application and how this information can be used to automatically generate complete access control infrastructures. Our approach can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems.
This work has been supported by the German ”Bundesministerium für Wirtschaft und Technologie” under the reference number IT-MM-01MS107. The authors are responsible for the content of this publication.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
BEA Systems, Inc. Programming WebLogic Enterprise JavaBeans, 2002. http://e-docs.bea.com/wls/docs6l/pdf/ejb.pdf.
A. D. Brucker and B. Wolff. A Proposal for a Formal OCLS emantics in Isabelle/HOL. In C. Munoz, S. Tahar, and V Carreno, editors, TPHOLs 2002, LNCS. Springer-Verlag, 2002.
P. Epstein and R. Sandhu. Towards a UML based approach to role engineering. In Proceedings of the fourth ACM workshop on Role-based access control, pages 135–143. ACM Press, 1999.
D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3):224–274, 2001.
Interactive Objects Software GmbH. ArcStylerExtensibility Guide, 2002. http://www.io-software.com/as-support/docu/extensibility-guide.pdf.
T. Jaeger. On the increasing importance of constraints. In Proceedings of the fourth ACM workshop on Role-based access control, pages 33–42. ACM Press, 1999.
J. Jürjens. Towards development of secure systems using UMLsec. In H. Hussmann, editor, Fundamental Approaches to Software Engineering, 4th International Conference, Proceedings, LNCS, pages 187–200. Springer, 2001.
Koch, A. Uhl, and D. Weise. Model Driven Architecture. Technical report, Interactive Objects Software GmbH, 2002. http://cgi. omg. org/ cgi-bin /doc?ormsc/ 02-01-04.pdf.
Object Management Group. OMG Unified Modeling Language Specification, Version 1.4, 2001. http://www.omg.org/technology/documents/formal/uml.htm.
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):3–7, 1996.
Sun Microsystems, Inc. Enterprise JavaBeans Specification, Version 2.0, 2001. http://java.sun.com/ejb/docs.html.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lodderstedt, T., Basin, D., Doser, J. (2002). SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, JM., Hussmann, H., Cook, S. (eds) ≪UML≫ 2002 — The Unified Modeling Language. UML 2002. Lecture Notes in Computer Science, vol 2460. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45800-X_33
Download citation
DOI: https://doi.org/10.1007/3-540-45800-X_33
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44254-7
Online ISBN: 978-3-540-45800-5
eBook Packages: Springer Book Archive