A security policy language designed from XML. Its specifications allow for a uniform policy language that can be enforced in heterogeneous systems. XACML policies can be enforced at a systems level, software level or information level, depending on the policies’ targets and rules.
Published in Chapter:
An Integrated Secure Software Engineering Approach for Functional, Collaborative, and Information Concerns
J. A. Pavlich-Mariscal (Pontificia Universidad Javeriana, Colombia), S. Berhe (University of Connecticut, USA), A. De la Rosa Algarín (University of Connecticut, USA), and S. Demurjian (University of Connecticut, USA)
Copyright: © 2014
|Pages: 39
DOI: 10.4018/978-1-4666-6026-7.ch015
Abstract
This chapter explores a secure software engineering approach that spans functional (object-oriented), collaborative (sharing), and information (Web modeling and exchange) concerns in support of role-based (RBAC), discretionary (DAC), and mandatory (MAC) access control. By extending UML with security diagrams for RBAC, DAC, and MAC, we are able to design an application with all of its concerns, and not defer security to a later time in the design process that could have significant impact and require potentially wide-ranging changes to a nearly completed design. Through its early inclusion in the software design process, security concerns can be part of the application design process, providing separate abstractions for security via new UML diagrams. From these new UML diagrams, it is then possible to generate security policies and enforcement code for RBAC, DAC, and MAC, which separates security from the application. This modeling and generation allows security changes to have less of an impact on an application. The end result is a secure software engineering approach within a UML context that is capable of modeling an application's functional, collaborative, and information concerns. This is explored in this chapter.