Welcome to the InfoSci Platform
Integrating Access Control into UML for Secure Software Modeling and Analysis

Integrating Access Control into UML for Secure Software Modeling and Analysis

Thuong Doan, Steven Demurjian, Laurent Michel, Solomon Berhe
Copyright: © 2012 |Pages: 20
ISBN13: 9781466615809|ISBN10: 146661580X|EISBN13: 9781466615816
DOI: 10.4018/978-1-4666-1580-9.ch005
Cite Chapter Cite Chapter

MLA

Doan, Thuong, et al. "Integrating Access Control into UML for Secure Software Modeling and Analysis." Security-Aware Systems Applications and Software Development Methods, edited by Khaled M. Khan, IGI Global, 2012, pp. 69-88. https://doi.org/10.4018/978-1-4666-1580-9.ch005

APA

Doan, T., Demurjian, S., Michel, L., & Berhe, S. (2012). Integrating Access Control into UML for Secure Software Modeling and Analysis. In K. Khan (Ed.), Security-Aware Systems Applications and Software Development Methods (pp. 69-88). IGI Global. https://doi.org/10.4018/978-1-4666-1580-9.ch005

Chicago

Doan, Thuong, et al. "Integrating Access Control into UML for Secure Software Modeling and Analysis." In Security-Aware Systems Applications and Software Development Methods, edited by Khaled M. Khan, 69-88. Hershey, PA: IGI Global, 2012. https://doi.org/10.4018/978-1-4666-1580-9.ch005

Export Reference

Mendeley
Favorite

Abstract

Access control models are often an orthogonal activity when designing, implementing, and deploying software applications. Role-based access control (RBAC) which targets privileges based on responsibilities within an application and mandatory access control (MAC) that emphasizes the protection of information via security tags are two dominant approaches in this regard. The integration of access control into software modeling and analysis is often loose and significantly lacking, particularly when security is such a high-priority concern in applications. This paper presents an approach to integrate RBAC and MAC into use-case, class, and sequence diagrams of the unified modeling language (UML), providing a cohesive approach to secure software modeling that elevates security to a first-class citizen in the process. To insure that a UML design with security does not violate RBAC or MAC requirements, design-time analysis checks security constraints whenever a new UML element is added or an existing UML element is modified, while post-design analysis checks security constraints across the entire design for conflicts and inconsistencies. These access control extensions and security analyses have been prototyped within a UML tool.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.