Abstract
SecureUML is a security modeling language for formalizing access control requirements in a declarative way. It is equipped with a uml notation in terms of a uml profile, and can be combined with arbitrary design modeling languages. We present a semantics for SecureUML in terms of a model transformation to standard uml/ocl. The transformation scheme is used as part of an implementation of a tool chain ranging from front-end visual modeling tools over code-generators to the interactive theorem proving environment hol-ocl. The methodological consequences for an analysis of the generated ocl formulae are discussed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Basin, D., Doser, J., Lodderstedt, T.: Model driven security: from UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15(1) (2006)
Brucker, A.D., Doser, J., Wolff, B.: A model transformation semantics and analysis methodology for SecureUML. Tech. Rep. 524, ETH Zürich (2006)
Brucker, A.D., Wolff, B.: A verification approach for applied system security. Int. Journal on Software Tools for Technology 7(3), 233–247 (2005)
Brucker, A.D., Wolff, B.: The HOL-OCL book. Tech. Rep. 525, ETH Zürich (2006)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Infor. and System Security 4(3), 224–274 (2001)
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)
Koch, M., Parisi-Presicce, F.: Access control policy specification in UML. In: Critical Systems Development with UML, pp. 63–78 (2001), TUM-I0208
Liskov, B.H., Wing, J.M.: A behavioral notion of subtyping. ACM Trans. Progr. Lang. and Systems 16(6), 1811–1841 (1994)
Mantel, H.: Information flow control and applications – bridging a gap. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 153–172. Springer, Heidelberg (2001)
Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL— A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002)
UML 2.0 OCL specification (2003), Available as ptc/2003-10-14
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brucker, A.D., Doser, J., Wolff, B. (2006). A Model Transformation Semantics and Analysis Methodology for SecureUML. In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds) Model Driven Engineering Languages and Systems. MODELS 2006. Lecture Notes in Computer Science, vol 4199. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11880240_22
Download citation
DOI: https://doi.org/10.1007/11880240_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-45772-5
Online ISBN: 978-3-540-45773-2
eBook Packages: Computer ScienceComputer Science (R0)