Abstract
This chapter explores a secure software engineering approach that spans functional (object-oriented), collaborative (sharing), and information (Web modeling and exchange) concerns in support of role-based (RBAC), discretionary (DAC), and mandatory (MAC) access control. By extending UML with security diagrams for RBAC, DAC, and MAC, we are able to design an application with all of its concerns, and not defer security to a later time in the design process that could have significant impact and require potentially wide-ranging changes to a nearly completed design. Through its early inclusion in the software design process, security concerns can be part of the application design process, providing separate abstractions for security via new UML diagrams. From these new UML diagrams, it is then possible to generate security policies and enforcement code for RBAC, DAC, and MAC, which separates security from the application. This modeling and generation allows security changes to have less of an impact on an application. The end result is a secure software engineering approach within a UML context that is capable of modeling an application's functional, collaborative, and information concerns. This is explored in this chapter.
Top1 Introduction
The software development process has had significant improvements of the past forty plus years, from the introduction of the waterfall model (Winston, 1970) to the iterative model (Larman and Basili, 2002) in the late 70s to the spiral model (Boehm, 1986) in the mid-1980s to the unified process model (Scott, 2001) to the agile development lifecycle (Craig, 2003) in the early 21st century. Despite this progress, there remain many challenges when one attempts to design and develop large-scale applications, where there are a myriad of concerns such as user interfaces, server functionality, database support, logging and historical tracking, and secure information modeling, access, and enforcement. Rather than separation, there is often an entanglement of these different concerns, e.g., in an object-oriented application, code to read/write the database can be spread across multiple classes even if the database is abstracted via Hibernate. Also consider that security can be realized across the entire application, with security checks and enforcement at the GUI level, the server level, the database level, the network communications level, etc. All of these different concerns end up being tangled with one another, and spread out across the application’s varied components. As a result, the traceability of security in terms of an application’s functional, collaborative, and information concerns cannot be easily isolated; in such a situation, changes to the security policy often requires code-level alternations which are not acceptable in practice. The intent of this chapter is to elevate security to a primary and early priority in the software development process to provide a secure engineering approach that encompasses functional, collaborative, and information concerns.
Key Terms in this Chapter
Protected Health Information (PHI): Under HIPAA, in clinical care and clinical research, PHI to date refers to a set of sensitive 18 data elements that must be protected or removed for deidentification purposes.
Aspect-Oriented Programming (AOP): A programming paradigm which incorporates an additional modular unit, the aspect, which provides additional code that is automatically woven at specific points in the rest of the program by the compiler.
Continuity of Care Record (CCR): A document standard for health information typically used for Personal Health Records (PHR) with the intended purpose of information exchange. It provides a universal structure to the patient’s information that can be utilized by different personal health records, applications and systems.
Role-Based Access Control (RBAC): An access control model in which permissions are assigned to roles, which in turn are assigned to users, who get all of the permissions of the assigned roles.
eXtensible Access Control Markup Language (XACML): A security policy language designed from XML. Its specifications allow for a uniform policy language that can be enforced in heterogeneous systems. XACML policies can be enforced at a systems level, software level or information level, depending on the policies’ targets and rules.
Extensible Markup Language (XML): A structured language utilized for information exchange, standards and information validation via the use of schemas. Its extensibility allows developers and experts to design and implement common standards for the use across systems and domains.
Health Insurance Portability and Accountability Act (HIPAA): HIPAA provides a US standard to protect the privacy of personal health information, including PHI.