Skip to main content
SpringerLink
Log in

Consistent and Complete Access Control Policies in Use Cases

  • Conference paper
«UML» 2003 - The Unified Modeling Language. Modeling Languages and Applications (UML 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2863))

Included in the following conference series:

Abstract

Security requirements of a software product need to receive attention throughout its development life cycle. This paper proposes several design artifacts that specify the details of access control policies formally and precisely in the requirement and analysis phases. The work is based on extending the use cases in Unified Modeling Language, with access control schemas and tables. In addition, we propose a methodology to resolve several issues such as consistency and completeness of access control specifications that are not totally resolved before.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alghathbar, K., Wijesekera, D.: Modeling Dynamic Role-based Access Constraints using UML. In: Proceedings of the International Conference on Software Engineering Research & Applications (ICSERA 2003), San Francisco, USA, June 25–27 (2003)

    Google Scholar 

  2. Alghathbar, K., Wijesekera, D.: AuthUML: A Three-phased Framework to model Secure Use Cases. Submitted to the Workshop on Formal Methods in Security Engineering. Washington, DC, USA, October 30 (2003)

    Google Scholar 

  3. Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-x: A javabased system for XML data protection. In: IFIP Workshop on Database Security, pp. 15–26 (2000)

    Google Scholar 

  4. Booch, G., Rumbaugh, J., Jacobson, I.: The Unified Modeling Language User Guide. Addison-Wesley, Reading (1999)

    Google Scholar 

  5. Brose, G., Koch, M., Löhr, K.-P.: Integrating Access Control Design into the Software Development Process. In: Proceedings of the sixth biennial world conference on the Integrated Design and Process Technology (IDPT), Pasadena, CA (June 2002)

    Google Scholar 

  6. Chadwick, D., Otenko, A.: The PERMIS X.509 Role Based Privilege Management Infrastructure. In: The Proceedings of the 7th Acm Symposium On Access Control Models And Technologies (SACMAT 2002), Montrerey, California, USA, June 3-4 (2002)

    Google Scholar 

  7. Clark, D.D., Wilson, D.R.: A Comparison of Commercial and Military Computer Security Policies. In: IEEE Symposium on Security and Privacy (1987)

    Google Scholar 

  8. Devanbu, P.T., Stubblebine, S.: Software engineering for security:A roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, ACM Press, New York (2000)

    Google Scholar 

  9. Fernandez, E.B., Hawkins, J.C.: Determining role rights from use cases. In: The Procs. 2nd. ACM Workshop on Role-Based Access Control, November 1997, pp. 121–125 (1997)

    Google Scholar 

  10. Fernandez-Medina, E., Martinez, A., Medina, C., Piattini, M.: Integrating Multilevel Security in the Database Design Process. In: The Proceedings of the 6th biennial world conference on the Integrated Design and Process Technology, Pasadena, CA (June 2002)

    Google Scholar 

  11. Firesmith, D., Henderson-Sellers, B., Graham, I.: OPEN Modeling Language (OML) Reference Manual. SIGS Books (1997)

    Google Scholar 

  12. Fowler, M., Scott, K.: UML Distilled: A Brief Guide to the Standard Object Modeling Language, 2nd edn. Addison-Wesley, Reading (1999)

    Google Scholar 

  13. Jacobson, I., Christerson, M., Jonson, P., Overgaad, G.: Object-Oriented Software Engineering: A Use Case Driven Approval. Addison-Wesley, Reading (1992)

    Google Scholar 

  14. Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. on Database Systems 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  15. Nuseibeh, B., Easterbrook, S.: Requirements engineering: A roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, ACM Press, New York (2000)

    Google Scholar 

  16. Object Management Group. OMG Unified Modeling Language Specification, Version 1.4 (2001), http://www.omg.org/technology/documents/formal/uml.htm

  17. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 3–7 (1996)

    Google Scholar 

  18. Sendall, S., Strohmeier, A.: From Use Cases to System Operation Specifications. In: The Proceeding of the Unified Modeling Language Conference 2000 (2000)

    Google Scholar 

  19. Simon, R., Zurko, M.: Separation of duty in role-based environments. In: The Proceedings of the 10th Computer Security Foundations Workshop, Rockport, Massachusetts (June 1997)

    Google Scholar 

  20. Warmer, J., Kleppe, A.: The Object Constraint Language: Precise Modeling with UML. Addison Wesley, Reading (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Secure Information Systems,  

    Duminda Wijesekera

  2. George Mason University, USA

    Khaled Alghathbar & Duminda Wijesekera

  3. King Saud University, Saudi Arabia

    Khaled Alghathbar

Authors
  1. Khaled Alghathbar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Duminda Wijesekera
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Informatics, University of Edinburgh,  

    Perdita Stevens

  2. Computing Department - InfoLab21, Lancaster University, LA1 4WA, Lancaster, UK

    Jon Whittle

  3. IBM Rational, P.O. Box 9027, CO 80301-9027, Boulder, USA

    Grady Booch

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alghathbar, K., Wijesekera, D. (2003). Consistent and Complete Access Control Policies in Use Cases. In: Stevens, P., Whittle, J., Booch, G. (eds) «UML» 2003 - The Unified Modeling Language. Modeling Languages and Applications. UML 2003. Lecture Notes in Computer Science, vol 2863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45221-8_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-45221-8_32

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20243-1

  • Online ISBN: 978-3-540-45221-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation